r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7270
Expires: Sat, 28 Jan 2023 08:11:32 GMT
Date: Sat, 28 Jan 2023 06:10:22 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6006
Expires: Sat, 28 Jan 2023 07:50:28 GMT
Date: Sat, 28 Jan 2023 06:10:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 05:35:28 GMT
content-type: application/json
age: 2094
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5243
Expires: Sat, 28 Jan 2023 07:37:45 GMT
Date: Sat, 28 Jan 2023 06:10:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 80aKhiQWDNKMgay4VSdJ8LeHntnlgX44h/WsQPFjJTNKQ5di5WVTiC7o2FpllZ78ooDVyF7h/60=
x-amz-request-id: CPY9APDD1DR6GPQ9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 05:20:51 GMT
age: 2971
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 06:10:22 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.dcocsp.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3e0d0fc77444f17ec248ef29a0c36e4c
b3301e6e23ac32872d299270d38c4d253b927bad
ceecee4bcf645a029b923032432a0f81cb2b74229a7dacbbe789335b8792eb79
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 28 Jan 2023 06:00:04 GMT
Ali-Swift-Global-Savetime: 1674885604
Via: cache21.l2de2[0,0,200-0,H], cache12.l2de2[0,0], cache8.se1[0,0,200-0,H], cache8.se1[1,0]
Age: 619
X-Cache: HIT TCP_MEM_HIT dirn:11:166296749
X-Swift-SaveTime: Sat, 28 Jan 2023 06:03:45 GMT
X-Swift-CacheTime: 3379
Timing-Allow-Origin: *
EagleId: 2ff62c9c16748862231414178e
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 05:49:03 GMT
age: 1280
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19943
Expires: Sat, 28 Jan 2023 11:42:46 GMT
Date: Sat, 28 Jan 2023 06:10:23 GMT
Connection: keep-alive
www--wellsfargo--com--7649329d48d6c.wsipv6.com/
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/
IP
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash e41fd042cd1cc2381698d68dd01d24f9
fdd46e528099fc24e01292c36a82dc8800b016c2
2a2d272c7c194bbaf22ca77b5db229519f046fbf85854ee3c730acbd405c486b
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET / HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 18755
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-e885ca15-678c-4d19-b8e6-8ccabcdb855c' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 22610 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546; Expires=Sat, 28-Jan-2023 06:10:53 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:53 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:53 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sat, 28-Jan-2023 06:10:53 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:73; Expires=Sat, 28-Jan-2023 06:10:53 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202301272210231972120669; domain=.wellsfargo.com; path=/; expires=25 Jan 2033 06:10:23 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; path=/; Httponly; Secure
WesdAksn=A7iV__aFAQAAr4A26yP5HTScU7fK6NrYNpmC-e3pKLONbpFmqSIlynoDhvROAaOrg2CcuDv8wH8AAEB3AAAAAA|1|0|61ae7f478a3a496e4970424574708cfc005e6453; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=YQRsFAaiNpYxzgRr3LcU+k3H4xIgcRZGR++AD3zf+U8a9Orlc%2fhCUARdGmVItGkd; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:23 GMT;Httponly; Secure
_abck=2F25B2AF898F1D2D33EB184E951C28DB~-1~YAAQJmgRYJSqOdKFAQAA3Zb/9gk2wCPx4O8NQKBLB1TEcoUfOsvR2CNjhlS3hj6G4tk+oEEyhqGSmuxGMD9V1fZthsMAoy55rW1XULM1y1Tz4HH39TRZLG6QU0DGNKXM4skL9dVwQtVgpV6VwdlFiUTL1OZdBgJL4NcNkeLFDF/xlLQqwpGrV110Nk7FIFzAk3BvUfiBK7WVVnhCxWfepvHVv2d71oBFCJfm8zsYupZIPKVLZqIRGH3yIyuQns9hoyz9PE8ZXVuJ8LSJvzFe+aUPZpRqbeBhUWk5kxpl52KPEGwzDX04mrgESCQzOp7mLYaBRUxJjiUo+3rSLcvoHLjPJSupnXEaC4Lh4bwp2Yjpg41xHkbHvwqGFcSkD9XOzQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:23 GMT; Max-Age=31536000; Secure
bm_sz=73234E397DD83D31C653AD7D9A650FEC~YAAQJmgRYJWqOdKFAQAA3Zb/9hImMgV92/rPBmUeSr5nZznjdBFNrDQ0Ackwn+suT60Fio/tlAYeg0tvsXLHhQnhUjupCzhPriQ8VpY2G+A8Ea2xOQ4zIPe6O5QcSpEghHBw9bvIQHOyiPCrTGU4XIBVXC2wRwT9fYqZ4ipDPV+nWkdpjuHmuaR6e3Ho+DcCoJquVCRt8JhxBhv8NmPff+R4933Ytcil09o2V4vKZsI8tnywyDwax0lvT9r+/z0JQKVSE3Y64aaAhf8YUhkdtaXHA5BcikT5UVTs/XB9YJHMYljYk7bB~4408898~4276545; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:23 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20519-7141
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1698537
expires: Thu, 16 Feb 2023 21:59:20 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1627678
expires: Thu, 16 Feb 2023 02:18:21 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1562027
expires: Wed, 15 Feb 2023 08:04:10 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 49ab9a41adae83d91cdf35fe813d02e0
7111ab2a9a779b866ee89e6c549fc32390bfa00b
76d4e44e697dece6245ec68600b5dcd3fc060e840b6cfc78143f3e96a46cf831
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5306
Cache-Control: max-age=96925
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:23 GMT
Etag: "63d37f32-1d7"
Expires: Sun, 29 Jan 2023 09:05:48 GMT
Last-Modified: Fri, 27 Jan 2023 07:37:22 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 49ab9a41adae83d91cdf35fe813d02e0
7111ab2a9a779b866ee89e6c549fc32390bfa00b
76d4e44e697dece6245ec68600b5dcd3fc060e840b6cfc78143f3e96a46cf831
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5306
Cache-Control: max-age=96925
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:23 GMT
Etag: "63d37f32-1d7"
Expires: Sun, 29 Jan 2023 09:05:48 GMT
Last-Modified: Fri, 27 Jan 2023 07:37:22 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sat, 28 Jan 2023 06:10:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MLmnq1KLDkvuSM5P0dyf6g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
200 OK 11 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (31790)
Hash 6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Sat, 28 Jan 2023 06:10:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3oS3Y4kk1fFBgp8I0NABBQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--7649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
200 OK 57 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 55cf5abb917b734f8783436c20210ab0
83005f65ae0fb0cd0bd2576a330c8a4b9ddbb9fa
7e1678f1d42ace98528997082d53caedc0b14848feee15137bd786c3ba1bc012
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:23 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57254
Connection: keep-alive
Expires: Fri, 27 Jan 2023 23:58:35 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-2b63b"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 bl21:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20330-35184
www--wellsfargo--com--7649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
200 OK 18 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (31326), with NEL line terminators
Hash 3c62755a932398b8a5d7d8cde9413fb3
8e0c91ea864ec3f0ff9385d6ddc6eb2c0987f8d4
980ef0d6507b3822543dff672ffcb8f9a51930638d23f417daaea928695881ae
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:23 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17856
Connection: keep-alive
Expires: Fri, 27 Jan 2023 23:58:35 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: W/"6398ae8a-d8e9"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 bl22:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20648-47995
www--wellsfargo--com--7649329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
200 OK 24 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash ab14fc94e9e3eda1147b33096ce78036
d2dc912ef40215c52466a63f55b3fcb274b1a3b9
fbdda4705c51998c24e57f486500422fdf801052b612b7d43272a0895e245207
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:23 GMT
Content-Type: text/css
Content-Length: 23639
Connection: keep-alive
Expires: Fri, 27 Jan 2023 23:58:35 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-29ee7"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 bl21:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20601-41928
www--wellsfargo--com--7649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 490483ee391f3f987d9a200d244dfc91
30a9abf1a1959e0235524aab713946bbc8ef714d
fe8d17957e6116737b0959cee68f26da2d3c66e1c293773ee899f69c87693de3
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:23 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4283
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 28 Jan 2023 06:10:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A5-X__aFAQAAq_ZfCYeiWqQ8OVflPeRVFjliGK3rFuLA2VPDhBmi2zDfg0XsAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|5aa6cbcaa6efedc82af4c9f9d61bc14ac5bf8d16; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=BdWthUP4aCoOYBzkqpKavrGZ7KphZaByp%2fo+bU84PZ7BNo9BqMRpGrYcny4tob03; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:23 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20519-7188
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tNVrZKLNi9xJoq8RHtwcUw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cY1mjE89Eo9wcmgUfmqlKcgAOls=
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=3276565
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10815119
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10815123
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10658296
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10815108
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sat, 28 Jan 2023 06:10:23 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/hp/utag.js
200 OK 55 kB URL HTTP/1.1 static.wellsfargo.com/tracking/hp/utag.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (15181)
Hash 3696ebaee8a4dce7a09695dd80b3aef8
0dabf76fc893ffa3d29ba90d81cc03708b798431
0987f794748b29c49ec899c0d7599f225ce1252f243ab35d168a8d853b1aceae
GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 07:23:58 GMT
Vary: Accept-Encoding
ETag: W/"63cf878e-322c5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54818
Date: Sat, 28 Jan 2023 06:10:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eZOOv0LhHh6S44Nn%2fkx2pg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--7649329d48d6c.wsipv6.com/rqUeGg/fTp/M6N/Wyqq8g/m5amJzpkODOi/M3IGCSk5DQM/dTN/aNi8rZj0
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/rqUeGg/fTp/M6N/Wyqq8g/m5amJzpkODOi/M3IGCSk5DQM/dTN/aNi8rZj0
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /rqUeGg/fTp/M6N/Wyqq8g/m5amJzpkODOi/M3IGCSk5DQM/dTN/aNi8rZj0 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2501
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sat, 28 Jan 2023 06:10:24 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=fwagZp58VZg2LHLv+64B9A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=fwagZp58VZg2LHLv+64B9A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=B13111D446113DCCE21D2D1470084B2E~-1~YAAQHWgRYMPFLdKFAQAAE5n/9gkhCfmoI7RGwCiK9UKO+2J1JdRdJLMuh2L4P4HTQJPF0E/i+hpz3ke8RvVaAoEydSZf3VphRGlRg6DKrqCu1yBOh/ixvfGdfDThjADuNiaKVdwRkn23g89S+zJDoRQEYAdoJxisreBDfitLNIeLeO+vaEBIk2JoHNOCns+ZOfz/mH3y2B1ZUdM62QpLfvxivulqj/7WQ/3trsqadZFBAqBTW7LI44QM3JqQCAcvrtR4I7pTDYXMywsb5aTDs0VpNQCq1tCt0q8C9N1ANkuSYHsz8B8E4ixRc3qodsWrFt7ZZjbX5U5Hxtxjp4gM/bq9hb07YKwx4CUDVRX55RtUoBaMZk/RZP43HYAlyeqvzA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:24 GMT; Max-Age=31536000; Secure
bm_sz=927BBD7C9ADAB60E254C939B96EA1D3A~YAAQHWgRYMTFLdKFAQAAE5n/9hK+4Oj3lijYQ0WHaqaz3c5biL9vk2OJj0EiHMrTgxqEs6k8u8t3O4jeH/573v/ktp7y0KxKl8XJKglq4ha8uNt7GOgdl3hl3M+ZyzpAly4hyXhxoX33nS8niS6tEikJxTgq8fmxfhXpp2T82jyxr9CZxPmY6BRuvcH3umUR3V8VHHiw+dI5aGZJksf2jnXTdfrxlM5T6GdpGQdJNAnsHDYYTh342LhTDokFGhm+Tj9XqSxfcuyl6ayJNGZJdtT6Gi2tsDE5k/PRCfJQWdrQrOkNaBXp~3486770~3551800; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:24 GMT; Max-Age=14400
X-Via: 1.1 bl22:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc50_bl22_20519-7226
www--wellsfargo--com--7649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAAT9vaFAQAADnzW0Q7H_2rMZgAQvbPuRZoqG2Qq_7_9nHUDnA-Yt41KSx72&X-G2Q3kxs3--z=q
200 OK 149 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAAT9vaFAQAADnzW0Q7H_2rMZgAQvbPuRZoqG2Qq_7_9nHUDnA-Yt41KSx72&X-G2Q3kxs3--z=q
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (148943 bytes)
Hash 8f8e60ea9a681a463efb7d0a33d25b4a
0542424b2b4b92676aa0c354b2bdeb1b66604919
d6f31fb1d6a420498a973cfe8dcec3e8c27b881289c40fbec1d869e354064d36
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /auth/login/static/js/general_alt.js?async&seed=AAAT9vaFAQAADnzW0Q7H_2rMZgAQvbPuRZoqG2Qq_7_9nHUDnA-Yt41KSx72&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:24 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 148943
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 28 Jan 2023 06:10:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A16Y__aFAQAAJ46SS883VL7fIPu6jqxsEpG60AP3eZpIQdXWEUVft0k6B_E8AaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|6d5da11d13889c49d4c99f6c7931f6d4e278582d; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=kXruJb0zglRhgc4r7ULYE6hBJo9CRji6CMdI5BbtsHE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:23 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20711-12926
www--wellsfargo--com--7649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
200 OK 9.2 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
ASN #54994 QUANTILNETWORKS
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:24 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 28 Jan 2023 06:10:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=Yri3r4oH6TBh40pK4WthyFnigYlvfnS2eUSdS4aA7dBsx1iXWSw1NlKkqLzGcyjq; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:23 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20330-35190
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1642493
expires: Thu, 16 Feb 2023 06:25:17 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--7649329d48d6c.wsipv6.com/target/offers/conversations
200 OK 2.1 kB URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/target/offers/conversations
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10323), with no line terminators
Hash 299c9deb438c92bde4484eab5f7a6d82
8d7e1c61851b33145bb8dc6fd7b1e5adc9877f9e
a6464c090c90de40e8ad2212d812be4e850c74432215f88c56187edaf09fbddf
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:73; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:24 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2061
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-60c64c5e-bfc4-4239-8620-55c9bc920b15' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:35ad01e9-c666-4ad3-915b-81df4745d546|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:73; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56; Expires=Sat, 28-Jan-2023 06:10:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sat, 28-Jan-2023 06:10:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:211; Expires=Sat, 28-Jan-2023 06:10:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230127221024799916029; domain=.wellsfargo.com; path=/; expires=25 Jan 2033 06:10:24 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=E1033F2595ABA18E6E74A9DCCD54AAF9; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=cFZRJkcNrjJWMwb4V47ZDlBDc7gqZx4EYyUKhzoiYqYgF0VZDgFy4v6WflpTZxGT; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:23 GMT;Httponly; Secure
_abck=113CA12C715A7B2EE8799E59AA55FD07~-1~YAAQJmgRYJyqOdKFAQAA7pn/9gn3ONdY2QVr+HjSC9Sr1Ror71VDJg4wsp7cwAdfWJx0VqMyvz9hz1WKdL4ymANoPRkSBpaVKLMGsHTfCXxxpc8geqGUmb1IRnKkcQNS7w45rnTIKoIct28jAXkd7TdcgDkYNL+ojRnz1t0paZPVawk6vnALIjeyDOUjJs1Lc43yuwU74uMD/+2b81xCSUd0KpJVV53hjEPIxEutQmtKYwiHUn4dWTdHzdADRbAeuvkzzTmu9/YQsGGrgTCmWMxG29FNxHALYK5ozHfKYD/GhMx/gEgcaLC24OmHMZCedfpqfD6MDICKbZHoMU0kq0CP9dLUEIGh9gIcw222EhZD09NiVmx90zrQS/UeQBPJcQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:24 GMT; Max-Age=31536000; Secure
bm_sz=0AC07EA517942C5FE5D61628E9DB6153~YAAQJmgRYJ2qOdKFAQAA7pn/9hKMpelAO7mgFb+WkXs99QJCtqRrnuy/G93DVQfBd2J0xwZPBhr9tLpZDRv1QYGZJoYEtiTm1YLPnZp8EDF2Kh18UmTYc7lKVDavApY6c92VexanFr6/2N7s1MROkzj40XenW86AP29pj8LErLFDYIsdrjbTXGWZQKyFswjGQYGGiqYzF04Ibdo8qBa3RUeVQMZahsTy2W9iEdW9jc0lgX1+JOjMYJ5ADwdizutgKw1A5Nd7YzfUyw7UGPjFXOBbCpuMERZWDAPkalE236gnRUNL9XL3~4408898~4276545; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:23 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc4f_bl22_20601-41938
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
200 OK 24 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cb2701f69033671b5b2f3fec4c80f572
ab6a87369924fa513fa98e04677c2d332d5e25c1
9913aaf46bebf4d41ba3b37f686ba546b41faa33db9dc720a68bebd924121125
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "635162e2-d177"
last-modified: Tue, 01 Nov 2022 22:03:11 GMT
server: Akamai Image Manager
x-serial: 1920
x-check-cacheable: YES
content-length: 24386
content-type: image/webp
cache-control: private, no-transform, max-age=2044362
expires: Mon, 20 Feb 2023 22:03:06 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
200 OK 43 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 026d5377df107a52e76d366d238f2b10
241c742d79515854d2d0212672cc99d966bd6b62
3efec6556ec64ec913730c358c15d68a3a482eb0d07d88d6a05a0b00056256d2
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505829-e2ce"
last-modified: Tue, 01 Nov 2022 15:08:46 GMT
server: Akamai Image Manager
content-length: 42760
content-type: image/webp
cache-control: private, no-transform, max-age=2019462
expires: Mon, 20 Feb 2023 15:08:06 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_LNY23_1700x700.jpg
200 OK 55 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_LNY23_1700x700.jpg
IP
File type ISO Media, AVIF Image\012- data
Hash 4aee1485f111e126ca09a6a6a0504846
df3bd1e1848ea6610c0b973bea4ef693446eb684
150f51d86e56ab433e54e5eda85ca533598357242348366f74906ae2ce970ca7
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_LNY23_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63bdd2ad-2ca5f"
last-modified: Fri, 13 Jan 2023 15:15:52 GMT
server: Akamai Image Manager
content-length: 54577
content-type: image/avif
cache-control: private, no-transform, max-age=1328794
expires: Sun, 12 Feb 2023 15:16:58 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
200 OK 562 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1671509
expires: Thu, 16 Feb 2023 14:28:53 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
200 OK 46 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505819-d82f"
last-modified: Thu, 20 Oct 2022 21:37:57 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 46359
content-type: image/jpeg
cache-control: private, no-transform, max-age=976730
expires: Wed, 08 Feb 2023 13:29:14 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png
200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash f1bc1104011416dfe46e6a148f6f9515
574980010589cdf51f07081e6c7ee06de1e063f4
eda705920b82d0bef5bf2b041ee4e37537017cabac01cea7c7a3f89a40765e6a
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6318b389-c10"
last-modified: Fri, 16 Sep 2022 20:24:35 GMT
server: Akamai Image Manager
x-serial: 806
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=2554138
expires: Sun, 26 Feb 2023 19:39:22 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1644375
expires: Thu, 16 Feb 2023 06:56:39 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg
200 OK 25 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f8f8b797f394dae4b55a85b9f55eea80
d96aada64a87f18da3fbe13e2b9c057a37192ebb
c625c5f31f79968509bb3eb016f3b20a99e44496fb0f691b8ba3bb960e9caef7
GET /assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62d96afb-178fc"
last-modified: Mon, 25 Jul 2022 22:14:15 GMT
server: Akamai Image Manager
x-serial: 1184
x-check-cacheable: YES
content-length: 24782
content-type: image/webp
cache-control: private, no-transform, max-age=345941
expires: Wed, 01 Feb 2023 06:16:05 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1645820
expires: Thu, 16 Feb 2023 07:20:44 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1562742
expires: Wed, 15 Feb 2023 08:16:06 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1677153
expires: Thu, 16 Feb 2023 16:02:57 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1530927
expires: Tue, 14 Feb 2023 23:25:51 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1741305
expires: Fri, 17 Feb 2023 09:52:09 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1627546
expires: Thu, 16 Feb 2023 02:16:10 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1648783
expires: Thu, 16 Feb 2023 08:10:07 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=2546890
expires: Sun, 26 Feb 2023 17:38:34 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1639869
expires: Thu, 16 Feb 2023 05:41:33 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1799484
expires: Sat, 18 Feb 2023 02:01:48 GMT
date: Sat, 28 Jan 2023 06:10:24 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--7649329d48d6c.wsipv6.com/rqUeGg/fTp/M6N/Wyqq8g/m5amJzpkODOi/M3IGCSk5DQM/dTN/aNi8rZj0
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/rqUeGg/fTp/M6N/Wyqq8g/m5amJzpkODOi/M3IGCSk5DQM/dTN/aNi8rZj0
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /rqUeGg/fTp/M6N/Wyqq8g/m5amJzpkODOi/M3IGCSk5DQM/dTN/aNi8rZj0 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2102
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:1$_ss:1$_st:1674888025475$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sat, 28 Jan 2023 06:10:24 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3FtCu+XIen1LE0+66WExrw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=3FtCu+XIen1LE0+66WExrw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=692083C412F5EDF558E7EA3F701E7ECE~-1~YAAQHWgRYNXFLdKFAQAAhZv/9glwfnosAiOfzgrgZ9mZ5ypLw7qrVtS4Z1Qp2rHZwbOSuEvURD7EsszOmLm8R6nbRU7pVxaxnkWIIADNxPWEKxSvI4YwLVySFxaYgLYl/FnlwnEREVOwd0JScjSyB8uKsmNv6nWg9wU2TYnavmAR0SoZ54Lkj65CAV3yZDwjZaGD9kpyAGic2/TzgXbimIp+S+IERBZ5b/hOwDacMKCnjRVk5u7RqjFTsTuPhYKsjQdORhnwNs4qlprOlndu19H83cksD4Jmq40Ke2pwPowSZnw2zv7yqeiIakc16Tpv/0vTi8jrTpvKElQVjecT9lecfHaoszdrcCUdAlJOdK7yyTFVHWCRtSU8KUL+AS6zig==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:24 GMT; Max-Age=31536000; Secure
bm_sz=3249BAA1ABF317661ED1ED03861B089B~YAAQHWgRYNbFLdKFAQAAhZv/9hJ6s/ozZq8BjuW2AzNTbSsgcYj5YfQp2t1zZ25H99mNlP2lcbb5VZhrBOfl+4pMHIVytXDhgHwTJpRjdeFb3qtkEQAnsN+RSdKcQKcjhjYF6uWaynanazXvXYW6jClmwVKy5gC15+hhPIyoU2cQFHTlu6XFDPi6K+OFfQNg3uuiABwL0gt4Fx3n18tLPzoBxRRtjTbgYdfFWsfZzV61yC3kZ4HEDsgiOvwQ2bxLE6v4/l1TuF6vkEMe/pi/s/nkKmr+PWE69wTAOWCNEgZgcF5xE/2S~3486770~3551800; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:24 GMT; Max-Age=14400
X-Via: 1.1 bl22:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc50_bl22_20330-35227
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 28 Jan 2023 06:10:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Ij9jCp+Ytv0fIhdTxqiVfw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
200 OK 471 B IP
Hash 70fea2303b4b3f329b899e8f1a1d2882
caf56910549d074d52149689d502695f9d28c749
5c97af584de9715f90bef870308b4754d3846854a9ebc2a1417b7e8d63041f8e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:24 GMT
Last-Modified: Sat, 28 Jan 2023 05:17:48 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/tracking/gb/detector-dom.min.js
200 OK 132 kB URL HTTP/1.1 static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sat, 28 Jan 2023 06:10:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vT+XteYEcA843DFTCknK3A%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1674886226098
200 OK 318 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1674886226098
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 58b2642ba4c315e5841fd7cac8dd0d15
a062ca5ca2deb42f8ae4d30782c935f72d748420
ccae8a2da5d0f23c106fa0a7cd85dfff8580505a51554b4cec87d4108978a0f4
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1674886226098 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-040129606.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=10701315276586518430660001734049835478; Max-Age=15552000; Expires=Thu, 27 Jul 2023 06:10:24 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: jfggX/fRTMM=
Content-Length: 318
Connection: keep-alive
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=JlXa5lYkqprfQWY0Sh6oVw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sat, 28 Jan 2023 06:10:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ZUE7FE3e7xbqEQOXyILwaw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Ks7Zu3yEroR60VXNydYtZw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=5ivY2Asy7MQ+++zMOPvF2w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15667
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15667
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash b139ef842e1ece23a2fb6810cbb79f0b
75eb76995244c2e1841e0f3283f126cf13a77b04
7287866e126fff5e98015a2750cfe2889271f4f7e4084668e69e939a951243be
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:42:55 GMT
Expires: Wed, 01 Feb 2023 13:42:54 GMT
Etag: "75eb76995244c2e1841e0f3283f126cf13a77b04"
Cache-Control: max-age=372148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790790996d790b02-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15667
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 29619
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7df68b7-44d9-4227-aedc-8e03fd23edd9.jpeg
200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7df68b7-44d9-4227-aedc-8e03fd23edd9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 01d78e0bafdf4cbe227afc503124bc55
e2d21a694342773ccbace4742c4b047e7ce92e1c
3e9027f35134d811a50144a9b70c6de2dc97cbade941a5364717b403bcaf3eb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7df68b7-44d9-4227-aedc-8e03fd23edd9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4641
x-amzn-requestid: b2e2ba60-21e7-4304-a354-2b49b8162cf2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5FJGoAMFwlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-4b292f801433239340edab33;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: irkZKPRcil7YVMxVJXNkIn18zBSt2JWyxo9ZFMfz6aZer4_lnqG8oA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:38 GMT
age: 29627
etag: "e2d21a694342773ccbace4742c4b047e7ce92e1c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=10687155276291918880659150609863988165&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202301272210231972120669%011&ts=1674886226366
200 OK 317 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=10687155276291918880659150609863988165&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202301272210231972120669%011&ts=1674886226366
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 4ad02675710b205fb51e78e10e53094e
d49606de157031b47224fa0eca398b3111a51bca
59ac0424d291053de1d35c0b7c15cf14e7ddfa7e986b6c4537ce9f37288a5ab9
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=10687155276291918880659150609863988165&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202301272210231972120669%011&ts=1674886226366 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcscanary-prod-irl1-1-v052-0f73f706c.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=74953856614594818853583101432359017030; Max-Age=15552000; Expires=Thu, 27 Jul 2023 06:10:25 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: pvi1Qh09Sn0=
Content-Length: 317
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fb39717-4b7d-45c4-b211-c2990bf99811.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fb39717-4b7d-45c4-b211-c2990bf99811.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b5b797e164d0f2c91200829d1ec90f8
15a55176d8e55b6816acabae5c7cc3e4528648c9
16eb29148856512f556b22b86a153e54032caaf98dbf141119f8c126e009591f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fb39717-4b7d-45c4-b211-c2990bf99811.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7395
x-amzn-requestid: 166e5623-fc91-4b12-80c8-f5e1a762b387
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-ELH3eIAMF56w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b4-439b5d2b67b9347d4d634d9d;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L1BWTWAPsW5tfkJO0UBR4dKoW3_0Le7QhZLjBxtsY0fmf7cwEYWrMQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:01:09 GMT
age: 29356
etag: "15a55176d8e55b6816acabae5c7cc3e4528648c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 28465
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 05:20:03 GMT
age: 3022
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97118e74a8f60620950e42a11c11d71b
d144bbb82392a6103810ac9baa5346ddbefb5c16
2ce0c9696cf9842243186e86bae28c22896a9f51837f4961b6c7e3cfdfb24bd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3774
x-amzn-requestid: deae2f1e-baec-408c-92a7-4859d4afed47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EgFAgoAMFXRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b6-32a2ff1a369e7b5f41ecbabd;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LFuIX1sQJzdq-wPvVXpX7vMspwXlYhj81foALxnjCQJITtIpPS8qdQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:57:22 GMT
age: 29583
etag: "d144bbb82392a6103810ac9baa5346ddbefb5c16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.rlcdn.com/api/identity/idl?pid=1317
451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sat, 28 Jan 2023 06:10:25 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--7649329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
200 OK 179 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 057865ac617d8a98acf9dcf0c2b65540
3db0a0c21edeea05948b23655c1b3169d6e58fab
c452921bf42da15e6a4cabf88737c12b9e865fa352bc3fe724dd148d21a81e4c
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------237131321438681735422014490419
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:1$_ss:1$_st:1674888025475$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 179
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
X-Akamai-Transformed: 9 175 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=kZyCCJtlTKrUMaw%2fiTcaN9DlhF97H0dEU68JVOL2nCCR%2fBALlS4jv+XI0DCzD34x; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:24 GMT;Httponly; Secure
_abck=F62F3D26FDAE6B3E02C172A5A411DFFF~-1~YAAQJmgRYKSqOdKFAQAA6Jz/9glPeESsBfvIDlBmJAbVFB5FDr1cqW4RuG9BPr2kPACrhwL87lLrszLJ09fo1Qjf3Ihs/qdOHJb0qX/BfeVny8pvUHl+IyW9TseJmaJB0pvADDpuNsutJe3VlLO6duWYmXNNz6jSvPJOcQA6xj+3NDzS+vhGMPdoWkLEvdbOKmICg0vflT4fNmQnFEnwhuOH3ZJscCYM9a/Sxz+R3SNS9nE6e8sMZUjiYO4XpgWq/hIrxm/qzsEHtsTF//GLrVuBBkcGVVLunfGQqDXcxY9SQr3Rc9KMg48UeRPaV+y5MLp7f/dD1jSE9hYniQO7RN6Yn3zJJ2ycMTprhCO1poTcOeA9nDuBhO3fD6eUy/gQSQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:25 GMT; Max-Age=31536000; Secure
bm_sz=6A6CF4FD7E77B9A2F8981A6FDF249921~YAAQJmgRYKWqOdKFAQAA6Jz/9hKyKkeZvkS+BWlEHGIR5dsFWtAzhPkUYSIVjxKoi+z0BPvbpJ63wYtOSF6oIfv679cwkXAZE2YQ/j+8PQNImSnMTfcHnHtoq/7aOEhlQBJG1BaBlsdB1ktqFYWCRmi+N7GMkIP1RPUcxT/IeyplGu+4rcNE5988jNNd4D3go3JJ7Lbul8g7+MeNCi0WmKoWM2+BZNkGWK5hydIouxYZDQUmFd4WU8KjIQbxtCl3J70hWdM3w4h3L+ajRQLa8xWLRSYqSTldgE0XKfAp8hy8jc0Izasj~3486770~3551800; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:24 GMT; Max-Age=14399
X-Via: 1.1 bl21:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc50_bl22_20330-35231
static.wellsfargo.com/tracking/ga/ga.js
200 OK 20 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YlsD9jIbEcPrgnLNjK%2fEHA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.sectigo.com/
200 OK 471 B IP
Hash b139ef842e1ece23a2fb6810cbb79f0b
75eb76995244c2e1841e0f3283f126cf13a77b04
7287866e126fff5e98015a2750cfe2889271f4f7e4084668e69e939a951243be
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:42:55 GMT
Expires: Wed, 01 Feb 2023 13:42:54 GMT
Etag: "75eb76995244c2e1841e0f3283f126cf13a77b04"
Cache-Control: max-age=372148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7907909b1e2e0b02-OSL
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TaeTrTRf1wNWHwZtbfD+EQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1674886226103
200 OK 321 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1674886226103
IP
File type JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Hash bc4a148b673b5c07f40d4f0170577f4d
24750e189f64dc50125bfaf2bf6e50b2cf01ddac
151c3657adac090bdd8ca452fb2fadd15fdcfadc493860ba27c9bc3bafb4d60e
POST /event?d_dil_ver=9.5&_ts=1674886226103 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 424
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-09f6df340.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=10701315276586518430660001734049835478; Max-Age=15552000; Expires=Thu, 27 Jul 2023 06:10:25 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: fnbCsaP/SU4=
Content-Length: 321
Connection: keep-alive
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
200 OK 569 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
ASN #20940 Akamai International B.V.
Hash 33fbe3a2d69cddef6e4a946096d516c6
5dc02187efd63f59e7747024016774a9ae4046bf
5afe00e1770197f51923e187f09f529db01f0ad8a3f245b2e9b571446e364fe8
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 569
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Us8sLTgYwjP9LfEOdZF14HKXFjcP%2fOBxbxZzPqsagK4%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=af22d636-0a4d-49cb-9095-629275e60f34%3A0&_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0&pv=2&f_cls_s=true
200 OK 76 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=af22d636-0a4d-49cb-9095-629275e60f34%3A0&_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0&pv=2&f_cls_s=true
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 45535b52aa6e7779690e6b8d771c2d98
d04f5e6a23fd96ae3542194c9b425534c3197ffb
5a18e8dbee985b554788cd11204adf83ae7a22de46ef03cad96f146f7d4a4065
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=af22d636-0a4d-49cb-9095-629275e60f34%3A0&_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!xB2qwhXrgAW0AsnNm6glvWWF2ZIYla7hcCVfd1+v6O2hfmgOrhynL3ga4gFqGIi93QiVbUH8/qE//w==; path=/; Httponly; Secure
DCID=TlOV4wqftqUV1RAWHra65MtQ0Msvzm%2fdTclsO+AzrogsHy1+psWbuT0NTc2QG%2fpe; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F?
200 OK 310 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (546), with no line terminators
Hash 41bad4bb9ab3e9e74e5b6198aa89f241
63c70f58c26f39a891165bf4501c5173a33aa51b
d97e4830a5b3b99a24b89e16c999060671ce14e0c81e46bfc932e2ab74d8d539
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 06:10:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 310
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 06:25:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
200 OK 23 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1f394d5e622516de8455a0adad3ec3a4
6ea419e3813723cbe7bb8e2b1a55007c27de2cf5
f5e90651778c28c44a8527a67cf1e6ca98e3f444079e453f4005558e66437e2c
GET /accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23136
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-5a60"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mkmHL1fyOauFeBjaCTGw4A%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/ec.js
200 OK 1.3 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ec.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+bq64OOJE8yC0mTzHT4eYw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1524d2feddb5b31daa9fe7c4fcb562b1
45717724083119d92a3e2e5e7b65724ae0333b84
ddb56ac96f135f1dc6eede90348813730b1a2744bdd3e5f20443dbc6010820a0
GET /accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=crjEscoZX6NTa2rVtYBxcw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1215421065&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=1618629940&gjid=988202049&cid=1295962857.1674886227&tid=UA-107148943-1&_gid=2004414258.1674886227&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202301272210231972120669&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1295962857.1674886227&z=318700640
200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1215421065&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=1618629940&gjid=988202049&cid=1295962857.1674886227&tid=UA-107148943-1&_gid=2004414258.1674886227&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202301272210231972120669&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1295962857.1674886227&z=318700640
IP
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=1215421065&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=1618629940&gjid=988202049&cid=1295962857.1674886227&tid=UA-107148943-1&_gid=2004414258.1674886227&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202301272210231972120669&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1295962857.1674886227&z=318700640 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
date: Sat, 28 Jan 2023 06:10:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
200 OK 149 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (149068 bytes)
Hash d767895e7e20ff2b2cf6ab95102c5b3e
202ff22f0578a7a5db6d1bdb78b501456a088d4c
d81d161e17950f7d599b3ec5c7f1733e76f0fca7b066315bbdfd90439d06ab2c
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63d032c4-172f"
Last-Modified: Tue, 24 Jan 2023 19:34:28 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 28 Jan 2023 06:10:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A3-b__aFAQAAvWkyzdiMles2CMdzsvFMT5j2Z49yPWunArwZ5RLsYPIpZBvvAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|e91f159b68a44a6f28a79dd3790d498adb358dce; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=e1yVrfErvPHfhXaI%2fKZEnatYCaUPVkka2p%2fmE30eP%2fwZUq2re6lTx0tonRkH8fc%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:24 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
200 OK 3.6 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7300), with no line terminators
Hash 529a7c0a23255dcba4b28d93223b1baa
d42dccc998c4ef14ccd29ac23dad922646aff36f
efe09028974baf21caabbc06eceea0e8b01d1efd9102f7985743241f6cc8abb2
GET /accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3646
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=%2f1GZuk2XX2oTf4JMcaMxBUYNBlGncANOJpxLAuAEvcM%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&gjid=988202049&_gid=2004414258.1674886227&_u=4GBACUAKBAAAAC~&z=1065554515
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&gjid=988202049&_gid=2004414258.1674886227&_u=4GBACUAKBAAAAC~&z=1065554515
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&gjid=988202049&_gid=2004414258.1674886227&_u=4GBACUAKBAAAAC~&z=1065554515 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 28 Jan 2023 06:10:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
200 OK 261 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
IP
ASN #20940 Akamai International B.V.
Size 261 kB (261217 bytes)
Hash 55686de69878e7205a264737c36c1254
01e74adefdd25cb8903aba85e6085678982f09e9
1fa14ad4b1de93ae502564eddde25f722f5aa58038b31750ed3e65732f5eafd5
GET /accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310941
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-4be9d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=zujmlBEpvRET%2f8GlWcn%2fRt1M7kaZSsV9nLHkeN0MOsA%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DQoNEXDt5Skg2W0lTxu2xg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0&_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0&pid=21e7f33b-c432-40d7-a1a1-fed7a221c21b&sn=1&cfg&pv=2&aid=
200 OK 969 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0&_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0&pid=21e7f33b-c432-40d7-a1a1-fed7a221c21b&sn=1&cfg&pv=2&aid=
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4597), with no line terminators
Hash f3f62861b191c56cac5d3ad0d5f43e0f
95de5c861ffe75480dd901b006e741a9c5c17680
112a55e6868ee09689b2963f15f03e7eb471623b9c3f8947912a785a70ae5ff4
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0&_cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0&pid=21e7f33b-c432-40d7-a1a1-fed7a221c21b&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2838
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 969
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=18d2c6f2; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!6OZTLMC4wWED26zNm6glvWWF2ZIYlZNg9xGSPCJ6bXBjM7qpr8WfJEdIQdrgEqAtWdxJWYvje6N2Uw==; path=/; Httponly; Secure
DCID=IJAm%2fmzEoAbwo4jn23V0+uCajWPsLGS6YfQ9q7t1qGJjtuquI97UWC4Yc8D5KitC; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F
200 OK 308 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (545), with no line terminators
Hash f333875c299e4d05f70812aa92d6af41
9100a8003f20ef2e7321a00c2f3da548b245dc20
9ab5509e1752fad64561875d23195be30461b765631ec9f7357f0b5c6760f54a
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 06:10:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 308
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 19:34:25 GMT
Vary: Accept-Encoding
ETag: W/"63d032c1-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=otpwfnpK8QHgHGag9XoQekcBI7v264O+hgoccDP+xcE%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash c76fddbd645fa7720ccc4ad2f5d318df
29c27badbff155ceee1f7cffb85cbce6cdd4dd4a
c251831bb1f10a5364747b7cf0404a8c61464a97ede6465afd5691e63fa494f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5055
Cache-Control: max-age=128357
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Etag: "63d3faf7-1d7"
Expires: Sun, 29 Jan 2023 17:49:42 GMT
Last-Modified: Fri, 27 Jan 2023 16:25:27 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/AIDO/glu.js
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2ff087d7270a76a2b4cb814cd10372bb
d81849f1785bd45d488a19dfd3f09dfc2677a8bb
24759b32358fda504dc11d77a0d5da31b08b649eca1b2027bd043817b6e02ada
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37005
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=t3Lkfen%2fRYzs8s9rJaKRlGhx0ASQbJDZx21oxZDkbtcZCwSnb3+YxIvHCr8Zbjup; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227004&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227004&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227004&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:25 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=h4l67xiT1N9PyF5izIsOgCp6FqP3%2f90TA3l3f3bbjczVGuoczbwH%2foUVE6rjKLan; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20330-35263
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227040&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227040&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227040&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:25 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=XBj4ZQBg4C+e1IARym3sc0EAxP9BaIzMJNfobbSiLB7qZNA2fWjeMyfYl6e3WF+J; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20790-34514
www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 968 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Hash 95dce3e0ba8563b7523e6b107a20b2a6
89df6dff90a61b4754dade16cf44589cb58c5f94
26143c1845ead04830c92bb472b7e3c7b8d70e101bb794de6e4e79b4a54fceb1
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-89185fa3-15b2-4c1d-bbb4-b5bf34dbbf91' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:211; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:4f7ce948-90ff-4790-a0b1-05f1269dc43d; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:4f7ce948-90ff-4790-a0b1-05f1269dc43d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:60; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=874CEB2319333100A170516B45ADD677; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 28-Jan-2024 06:10:25 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202301272210252058148216; domain=.wellsfargo.com; path=/; expires=25 Jan 2033 06:10:25 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!5QO2abaBWgne2dylRSgBVljp+3g9lawV+ArHvjWUJy0XomlCBSnnD1x0RaWmOp+QJuGJmhaChpf8Z6U=; path=/; Httponly; Secure
DCID=jFwuOigYaCqGoWnux0RvCaACtXNII2TNKrormcWFybo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
_abck=55E3F899F8EE8D2643F85E2034366E83~-1~YAAQHWgRYAPGLdKFAQAAGaD/9gkGV/nQEH14DIPiimZqgeBoFTeUXnTTzZNM6Bkis7ssay4OB+s3nf8F8HHaN3NM4JEN9BgnfrnxMdisInpfNTs/adTypchaWmO3hZw3yRvEHItAxGRl4SvjhdhaGr0RgyC64Z/Jf/iaa+ZXAfPmUQPofRR0pUX0Xhfpbv8jxtmEB1nD0nF9qZQM8k+FkuSVf1YqKC2FzAF4ovADb54Xj0gyWW2hSl+IyFecv1wSvCQGLzzlrKqDMQjRuqEM2O/G50YoXVCZfDwT7UX2eMOrk99NY7r2/UwLk+GrdxOg2YHg1Z4OK6AB874/HKdEiA+1LFGrOGuanSNRId9N1daOmR0EglPO2YK4bBsgkrpjbw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:25 GMT; Max-Age=31536000; Secure
bm_sz=8BA70522355F7CAC07F2251BC8A92078~YAAQHWgRYATGLdKFAQAAGaD/9hK5iIQl7omfbMnRCg2AM/JHvJtvnlWKg8mYNYFDJAhW14VxZosRghyWwhX4uAlIPQHDMK0I2r6g8zMaXXh3KKdQVbO/1NWDu8fFFySbM3MFwdkSM9II66/lNEsu62lC2/vtZJ5kGksTEm/NBckR2Ldo6uC7Mp8k/DQvEPOXj0+XdSDnulDQMeIfprNrRFcWu8olo9gXfxnPTcCF1lli2vJzPqjMON/yTYPVA3qLekzBA4/++e3I8CGZa0XvZ093Qor3DyUBhJ2vYEBs3pjOi+8CBIgH~4605238~3159602; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:25 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20519-7315
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 971 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 87f4323e410e4b4e87703df456eb37e4
591b4480955dafbd797ee929b29db1f9df344dc6
1fb47ddf03dcf777e4f4d827d02052a07383ad5fc73dad947c9490f46561d08e
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-07a877f3-ff19-4d4c-a41c-589c88b9adab' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:211; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:12014fee-4806-4185-8742-6cc760a5c80f; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:12014fee-4806-4185-8742-6cc760a5c80f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:95; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=E8D6B4BB09BF24AD910954B4C68B78C9; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 28-Jan-2024 06:10:25 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202301272210251949985403; domain=.wellsfargo.com; path=/; expires=25 Jan 2033 06:10:25 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!dM25QTCQp1qYIg9M7jMSAF8jYk3iBgRZZv6h6u/wTTJdFaH29Eu9Zrr2J5UmgEzSK8RYXK8FOdQRG4A=; path=/; Httponly; Secure
DCID=p4tW0OZz3nMCxiR%2fn3W51wuyxWxeP1T1zJmd5ML5t6mY4qUmvXSyLqAcalpA%2fdsP; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
_abck=0620995180BE07B7A77E5776E4B80DC3~-1~YAAQJmgRYKyqOdKFAQAAL6D/9gn17Hyy/cOOzrG2DJw3fgjcQP50YRphAFQP2uYdlX52vHW337XkRQioFV4Z4PmOvU7T2CuAuEGweY0OGw+y6ctFAyMVHbE6zPvYGy2Z6F3wg5WAraWq+Kk0EA2S2QPKou++p1cgsVwWcBMJhYeuouxFuioMFvyzOIUWFCLeW0alXfbDglJ3Rj6VnU9uv9iB1mNkiTTXdu+H8HRkzjoL2wgLVFm91L5NqO2ovFDkYguH7KnbRWNqgS5D8kFkca8v9KFdhCsgte0Pd72igr5ZJlYwN5PXDCaMvj5ac0A7QSUt5QcYugjINUAwZ+DSRXLbcgaNAJSe7XRxsEtQFWeAQ7+bcJBTBwnO5HaOvLYrpQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:25 GMT; Max-Age=31536000; Secure
bm_sz=4D0F938CE47B0AE917963E8E7A416962~YAAQJmgRYK2qOdKFAQAAL6D/9hLNMiu9SzwzWozNcSKxvTNPDrnqK2AWIvpNF/YuA2wGFwsB3xXcV7Y++K85/T4znk5c+S7PM84wgJqxl9mk+yEecVxTFH885F69ri4sZeDN4AMr9ezDaXQVUB5piEZRMqNNnFvTOwiw2dAS/fNAe2wdHVXAAc5ohQLOwCO4P1oVpUcWF24d9xK13WaPW1Pu9dykgIXjqtSEQPZM+/W/eJ/B3NKZKR76CMno49UCr1sDE9DeqaME9KXOkKkujzGszm6FZP9dtl7jWSBQOMFxBdBCVgoY~4605238~3159602; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:25 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20648-48151
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F
200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7077653443005;gtm=2od8g0;auiddc=429308496.1674886227;u1=11202301272210231972120669;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 06:10:25 GMT
expires: Sat, 28 Jan 2023 06:10:25 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 967 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2436), with no line terminators
Hash ba701a50d0f94ec717f295093dda0b08
7a20ddd65789e1b9c1682837125714e3184156d7
8a2fa5684bd2f4edf9ffaf52a3fd4748917c9ecefe929de87ad4b04c5dadd314
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Content-Length: 261
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:25 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-180c99b2-f262-4328-9963-2b02a8ba580c' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:211; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:bc486e3c-7ac9-4c8a-9f05-ed926cdbba3a; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:bc486e3c-7ac9-4c8a-9f05-ed926cdbba3a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:111; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=969EB6E498B192BBDE2147D40163DAC3; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 28-Jan-2024 06:10:25 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202301272210252101897569; domain=.wellsfargo.com; path=/; expires=25 Jan 2033 06:10:25 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!WMUHosd2+xkZwvoCM1DtwKm8Wrr892d7pEluKvXF/PtcXwLhMj8/2VBSiL3dhR6AWEAF3a/05sWIP/0=; path=/; Httponly; Secure
DCID=PnYftkx4RHnZOTkjkcDyBO2vkNLw2e7TmU%2f2+vImBM6Ifro6nC+cAXoQfvP%2fczHz; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
_abck=38DC62ED525074FA304A861E92544314~-1~YAAQJmgRYK6qOdKFAQAASKD/9gl2y9cQMD5TmdAlExOg7BZVe9dQtdAzCXB9SxQN61hHcG+hEtBoz+HbEZjhgEZ6gxxNkDddNVm3Vv1XRlkUXUtDRdXCJ6XtGIjUc8LYbz8ME+oVjg4MusF2In0H8G8J3qRwRftlYotCBM2t1iWpYxODLr8zZw9ZkQ4l/I05Iba5RL/yTpV9MpF6DNVkzSzq9u0bIM6hFH5K1Y9+EbDYE56VHayOn6BsmZuUFuBQpmc154gANOB9bIHdxEm/5D94Q4DfjJT7wRUBi92K9xqxyEq0r8ud5KFpKbSGd/MGAx8Cs6w9b+0xqKsjbRuLU1LzacTX62Zg6sXe3WJycCJxf8dSc1zba+KwzqAZZFUB+w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:25 GMT; Max-Age=31536000; Secure
bm_sz=2DA8F11C0AB68DB8A224EA93BF41AC57~YAAQJmgRYK+qOdKFAQAASKD/9hKHC8TnorT9rKx+CY3GisgK30PdIbMOT9p9i0bPIw2fzr1dRuWYnhqSdsdBBGdmK+MOOKwOn+qfjbHzZ4rrb/OrilLjAtpxwKIUcvcCfl4SyGOk4O8ZfdGqwKdQxKmQHN3fyOu74zPYRDBZp8aiFoyLtSv7Fuc6a1+ck0/m+FwrhF8zv+T/OCDafO0CiY7Lg6vJ9POIGiqObQJo7S1KFvqCy/vuuQtLNHXwXnNMb7ChBv6viGACBG0VSlpYaBEdlfYvGXw0TMKHAbxrcaf8YBM7zt9g~4605238~3159602; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:25 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20711-13018
www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 972 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 286854c2d80bb026cf222bd1d5a1a7ae
30b83bf292c6e5a2aa4c47a380d8398ae073f452
c6c228a945628faf35e13b6b8493abc21aa3e97a399cbb16048f9ece66443677
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Content-Length: 264
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 972
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-67e7ee6f-521a-41db-8b4a-ef4f1fc4a0ca' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:211; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5b52b39a-0442-42fb-8868-450e243ee12b; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5b52b39a-0442-42fb-8868-450e243ee12b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:95; Expires=Sat, 28-Jan-2023 06:10:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=C391D702D32A0F1BF1C19A27F5AB5E35; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 28-Jan-2024 06:10:25 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202301272210251977004324; domain=.wellsfargo.com; path=/; expires=25 Jan 2033 06:10:25 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!0CHayRMqR1RyxktM7jMSAF8jYk3iBqTO4oh0qbY9X8ueGBotLjmUTdqC70lywpAwujk4n/+pvGhnYMc=; path=/; Httponly; Secure
DCID=n0hht1+joJPI3dsFdmrWwXdr1vgRMYbkIdycMQVaC8ErrUu1o5pyUct%2fuzwe7SVC; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
_abck=9994D92CDE04350071EE1402FFA092E1~-1~YAAQHWgRYAfGLdKFAQAAcqD/9gl4PzgsRcDmInBvtvItbvMD1TFFMSFddr1yPmKxSS14wT8F6Rd8JZnQIG8pZJFxs3qKiSaTn+uurRMZsxjUsavEmWBrPTfH2BYGUFO1ANumA/8CmesAIdgzCE8ktPHOzXvaKIGVknwTXAKdNBqxtY/ZuhtsqEMMUj6FKxs35c+G1ZRxV/8XmnwN5q/mDADK2aUsvPLXTPqwBFuzLDEeUogbe9r6viu6lDRsgUEqt07G/B9rqBJiVhhiTkvar+cQ1Q2QgBvfDEGxDFEloOPzNlJuZni1Ga4DUnk3M25x+pTJCMHv+Gn0pS6AKS6a8VbWJnmGuFF/BXGBvNv6paGKIZgVjXNRb9XIliNl1gARxw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:26 GMT; Max-Age=31536000; Secure
bm_sz=D2A241E70CA01A74B69C1F37D8CB23D1~YAAQHWgRYAjGLdKFAQAAcqD/9hJxzHGUGOECXN8sVDZyFAYZ5/qkcFzScMwKS8jZtYUGtQj4+IqyfWR9xhVw/Tdvya4X351kJW3BDDesI7Z8FFYvR0/7ru5FnJnaKOVPZeAKAS/1FegBXF6KzDASBoPngpj0CGrAiHKXmxIlN4aPztkCEUHpKKi2wNE0DSbPtZ2q887eOL/nD0hnoR++uk2FX7uk3YQbQAys5bHo3JEWnyEIg1gVyVZKx06HIsVlzT1mp/3qlC95bJM5A8nAY7yiasOqJF9ywJ8nhc3HPoecisctoqQa~4605238~3159602; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:25 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20601-42135
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5453902682108906
200 OK 56 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5453902682108906
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 36429768e97b29b7d464099aadcb33da
de59899369fcd28870fe8aaf14917f588adbbba1
405c522af1cac145b45d3f8a763c45ff37a7324024b0db060ec3b467efe4f35a
GET /AIDO/mint.js?dt=login&r=0.5453902682108906 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55637
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 28 Jan 2023 06:10:26 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=gMbeBEyVVJzQsMHU9UY0aNPeKzlXg2uFb0eCRv89TWU%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227044&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227044&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227044&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=aEVekcZAGtWwwQBPmp47+P2XGteP%2fHep9+oWHbstj3Sw51r3BrH%2fw8ZJUeYZmQRt; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20330-35275
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227048&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227048&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227048&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Vtw+odeeVfQXplyMw%2f9D+NocJT0mEfPD+bpCiJswpHNHh1K0i7UksxHM0nQR23QF; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20790-34526
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227052&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-261787-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227052&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-261787-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227052&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-261787-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=YFS2NQHvvtp16z%2fTNVeuARxe+tHrzhpi8gpDGHfX8B3KsNSN%2fwG44NzS67tJlEFe; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc51_bl22_20519-7339
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227055&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_dcc_lunarnewyearrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-261787-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227055&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_dcc_lunarnewyearrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-261787-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227055&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_dcc_lunarnewyearrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-261787-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=WY5UKsD75WfVybPXpzeBeufG4EeGzKzl3JS1BcQUOifUrvidR%2fNSsFg0UxwsFyKU; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20648-48171
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227058&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227058&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227058&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=21w+D+pQ3g6NiZN3qW8d1FrB1MzoLN4+vS3w2Zd7Ft%2f6KTx799PL+CYY+QWSTE8V; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20711-13039
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227063&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227063&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227063&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Ov%2fPzHfDMAF69Ut863MZ3mAY9DtLV%2fwPD+DrcFyCTiOnpbyZQduGhCujiLmg9ThY; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20601-42163
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBDVFlBb1l0TFRJUU5KQnErQ2lDY2VrR2hCb1NSZWplOWZOQ2lHM2pDZWRaQ1NRNFpWTEZQM2ZtOFg2RldNODZXc29CYkhEcDNYeDNpaXBxL1VRYjVrSEcvcm45QWdSYU5neE1Lck5Wc2tZdWFXV1d0enVIQ29WZ29zS1ZsNURid2xSbEJ2QmJpNkkzc2N0Z2xKMThXVk8ya1c3UktOQlUyblI1OVg0TGdnU0UrdURTVjY2UVNhalJsamtXelpXQXVoR29DYmZFMWJCRkNaVVJTeWNjVzA0REFTWTBRalNkOXVNb2lBVlpJVlBiSHNUN25NTHRWZ3JKVjU1aGNNUXFNSkVRRVNjWUpDeGNsb0NKQ1E5SlBQazJtRVRyVXByYkZjY0R6d2FjPXxlNzZhZjAwNGJkY2QxNmU4YTBkN2MxM2JhZjEyMjI5MjY4MjZhYmI2M2E2OGEzODdlNjI3OWJiMDY2NGIyMjI4NTg3ZTc2ZTNjYTdmYjNjNDZhMDRiYWI0OTc5Y2EwODhiMWE2NmZiOThkNDhiNDYxZjA2MmE0ZTkxOWUyYzhjZGQyYTNmZmI5YmYwNTFlMGQ0N2Y2OWZlYjBiZjkxMGI0NTlkN2JjMjIxYzljZmNiYTM1MTYzZjY5NjEzN2UyNThiMjFlODY4MjM5ZjkzYWUwM2VlMjlkZWMyYjllNzZmMmZkMGY4ZWRkOGMzMzA3MWNmMWEzMzRkYTA0OTA3YjJmOTQwYzBiNjJlODdlMGQ5MmRhMzk0M2I4YTRkMjI3YTRlMmQyY2VlNTgxOTM1ZTJiNjYyNjE1MTRjYjEwMTc0MjNjZmVmYjA4MTNkMTU1YWZmM2ZhNzMyYmRkNTQ5Njg3MDBlNmY1YmQwYTc5NjcwM2Y0MTc2NmYyYzY3ZWU4ZDRhM2JlMDEzMTMyYzQ0MWYxMTVlOTg4NzE4OTZkMzBiOGQ1MzRjOWRiMDkzMWFiYzhlYmEzMzI5ZjliZjljNzRmYTM3MzVkMzAwMGNjMGNkYjMxNDYzYzQ5NDRkYmZjMzI2NjA0NjA2ZDE1ZTlkYmQwOTQ0NjUwOTZmMzY4Yzk4MXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com&t=jsonp&c=vqmatzaqikgimdbg&eu=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F
200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBDVFlBb1l0TFRJUU5KQnErQ2lDY2VrR2hCb1NSZWplOWZOQ2lHM2pDZWRaQ1NRNFpWTEZQM2ZtOFg2RldNODZXc29CYkhEcDNYeDNpaXBxL1VRYjVrSEcvcm45QWdSYU5neE1Lck5Wc2tZdWFXV1d0enVIQ29WZ29zS1ZsNURid2xSbEJ2QmJpNkkzc2N0Z2xKMThXVk8ya1c3UktOQlUyblI1OVg0TGdnU0UrdURTVjY2UVNhalJsamtXelpXQXVoR29DYmZFMWJCRkNaVVJTeWNjVzA0REFTWTBRalNkOXVNb2lBVlpJVlBiSHNUN25NTHRWZ3JKVjU1aGNNUXFNSkVRRVNjWUpDeGNsb0NKQ1E5SlBQazJtRVRyVXByYkZjY0R6d2FjPXxlNzZhZjAwNGJkY2QxNmU4YTBkN2MxM2JhZjEyMjI5MjY4MjZhYmI2M2E2OGEzODdlNjI3OWJiMDY2NGIyMjI4NTg3ZTc2ZTNjYTdmYjNjNDZhMDRiYWI0OTc5Y2EwODhiMWE2NmZiOThkNDhiNDYxZjA2MmE0ZTkxOWUyYzhjZGQyYTNmZmI5YmYwNTFlMGQ0N2Y2OWZlYjBiZjkxMGI0NTlkN2JjMjIxYzljZmNiYTM1MTYzZjY5NjEzN2UyNThiMjFlODY4MjM5ZjkzYWUwM2VlMjlkZWMyYjllNzZmMmZkMGY4ZWRkOGMzMzA3MWNmMWEzMzRkYTA0OTA3YjJmOTQwYzBiNjJlODdlMGQ5MmRhMzk0M2I4YTRkMjI3YTRlMmQyY2VlNTgxOTM1ZTJiNjYyNjE1MTRjYjEwMTc0MjNjZmVmYjA4MTNkMTU1YWZmM2ZhNzMyYmRkNTQ5Njg3MDBlNmY1YmQwYTc5NjcwM2Y0MTc2NmYyYzY3ZWU4ZDRhM2JlMDEzMTMyYzQ0MWYxMTVlOTg4NzE4OTZkMzBiOGQ1MzRjOWRiMDkzMWFiYzhlYmEzMzI5ZjliZjljNzRmYTM3MzVkMzAwMGNjMGNkYjMxNDYzYzQ5NDRkYmZjMzI2NjA0NjA2ZDE1ZTlkYmQwOTQ0NjUwOTZmMzY4Yzk4MXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com&t=jsonp&c=vqmatzaqikgimdbg&eu=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 017fc16a1f807d2426d85995b1217f9c
e6802119a9d47234b460f91858736748255c9e52
943e0d5b2d7a2178e75fb12fadd4f9bfa32f9f35c4cb15fedfc2d482e5ccfb60
GET /AIDO/vyHb?d=ZW5jZEBDVFlBb1l0TFRJUU5KQnErQ2lDY2VrR2hCb1NSZWplOWZOQ2lHM2pDZWRaQ1NRNFpWTEZQM2ZtOFg2RldNODZXc29CYkhEcDNYeDNpaXBxL1VRYjVrSEcvcm45QWdSYU5neE1Lck5Wc2tZdWFXV1d0enVIQ29WZ29zS1ZsNURid2xSbEJ2QmJpNkkzc2N0Z2xKMThXVk8ya1c3UktOQlUyblI1OVg0TGdnU0UrdURTVjY2UVNhalJsamtXelpXQXVoR29DYmZFMWJCRkNaVVJTeWNjVzA0REFTWTBRalNkOXVNb2lBVlpJVlBiSHNUN25NTHRWZ3JKVjU1aGNNUXFNSkVRRVNjWUpDeGNsb0NKQ1E5SlBQazJtRVRyVXByYkZjY0R6d2FjPXxlNzZhZjAwNGJkY2QxNmU4YTBkN2MxM2JhZjEyMjI5MjY4MjZhYmI2M2E2OGEzODdlNjI3OWJiMDY2NGIyMjI4NTg3ZTc2ZTNjYTdmYjNjNDZhMDRiYWI0OTc5Y2EwODhiMWE2NmZiOThkNDhiNDYxZjA2MmE0ZTkxOWUyYzhjZGQyYTNmZmI5YmYwNTFlMGQ0N2Y2OWZlYjBiZjkxMGI0NTlkN2JjMjIxYzljZmNiYTM1MTYzZjY5NjEzN2UyNThiMjFlODY4MjM5ZjkzYWUwM2VlMjlkZWMyYjllNzZmMmZkMGY4ZWRkOGMzMzA3MWNmMWEzMzRkYTA0OTA3YjJmOTQwYzBiNjJlODdlMGQ5MmRhMzk0M2I4YTRkMjI3YTRlMmQyY2VlNTgxOTM1ZTJiNjYyNjE1MTRjYjEwMTc0MjNjZmVmYjA4MTNkMTU1YWZmM2ZhNzMyYmRkNTQ5Njg3MDBlNmY1YmQwYTc5NjcwM2Y0MTc2NmYyYzY3ZWU4ZDRhM2JlMDEzMTMyYzQ0MWYxMTVlOTg4NzE4OTZkMzBiOGQ1MzRjOWRiMDkzMWFiYzhlYmEzMzI5ZjliZjljNzRmYTM3MzVkMzAwMGNjMGNkYjMxNDYzYzQ5NDRkYmZjMzI2NjA0NjA2ZDE1ZTlkYmQwOTQ0NjUwOTZmMzY4Yzk4MXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com&t=jsonp&c=vqmatzaqikgimdbg&eu=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Sat, 28 Jan 2023 06:10:26 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Z89LLIvS1iO7ndVb+WRNvnZqi2aRv3schHyNO8100EY%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
_abck=53070E6AE6CC81C5BDCE7C32A192CA72~-1~YAAQFE8kF5eqDdGFAQAAiKH/9gmPYMkRHrHmhDPP9BPRjFuWhWFBUJpcYPbF93t522Jho3gpky8bEVmpTRBsZsJAj9gthGydqcc1UVWXr57TssIv9YSzRVGAcyWy7XrUE9tEAyC16HW1iJwsmxpdtGoeRtQOBi9N3bd7zly/hO0rfP6FTnvgVGc4tdTLzurXCgwBSLUOPDK+6Kas279rY2yGcWec1nK2PJ+2Erf+orHQEh0RR11FFc6kbLKZxseaKOlWgmZ7K/1co4bh51e6t/TD4EBZBVg3bvm7YEWhvUSvWvMy5puX2SoGP2hsSAHWoCJokM3/8b9xSAojXqOu0C/wSOjl1bcLpUGGXGQnJEJOCVG6LikuJn1WBeXotzMB9g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:26 GMT; Max-Age=31536000; Secure
bm_sz=C9DB6500E7A0E03502057CDA638D3746~YAAQFE8kF5iqDdGFAQAAiKH/9hJ0mtfze5pniqmTesqpWDjBOpVozdABKzyQ+nZsADIBbb0pPK5r8Lp5sqqzqCJ+hHzvxCpXutIE75Bb6AAa9ySXZlc/IhYXxXbbaYtb7PyDWpfVzxAa8W3Cwh9H91pXozNC+lBANhF5PV6BsXWU0gkt67IIY+qS48iRdAtcJECa9x2zYBc64xSdiHyS/Hx3+hRxUhr1b9cERqVHS2rC1PddOxPdSqt3/pswEY/yXyBzhoRT+e3T3llEWKLiHSFp+iWLI6SDcjoAnFooXSesMMn03b/f~3159093~4339010; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:26 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227065&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227065&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227065&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=RfCF8IsYJY9C1KQo4FMAfJwdJYg7zHsokilql72OED5E037oMpQkUqH31eAf9crq; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20330-35284
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227072&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227072&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227072&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=hJbvm6egntb6aJpeDUE55TCjDSTOnpsVcPiPccpWL4uorrNpCIbTIQtfRU%2fsNzCk; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20519-7351
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227069&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227069&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227069&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=++KjAsjMFI83mqHfGMHsPQT9HF0fnYXxssx2Wn2Pcd66fehH2jLe8NbfiRw2RoCd; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20790-34534
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227074&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227074&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227074&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4WeWrwar0p5SWdw%2fyPlQIExjPYrPpKBvFQgI85jXUXpaFZfLq1oGWhVzp0TosRRv; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20648-48187
connect.secure.wellsfargo.com/jenny/nd
200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash a804b8b3b922ead436d02600eff396e3
61b64aca5d624096da69a0184f7e07f8787594d8
1ffabe03d1cce7a0b4d6f3a40284c20d5f5d6e681dba3db06c97a4ba90a6b357
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17854
Date: Sat, 28 Jan 2023 06:10:26 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:33e73172-2a0f-4a76-8091-d081edb677ad; Expires=Sat, 28-Jan-2023 06:10:56 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:33e73172-2a0f-4a76-8091-d081edb677ad|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 28-Jan-2023 06:10:56 GMT; Path=/; Secure
SameSite=None; Expires=Sat, 28-Jan-2023 06:10:56 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sat, 28-Jan-2023 06:10:56 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Sat, 28-Jan-2023 06:10:56 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=K1DFuZsL4w88IUEf4L1XA6XPk31XC7ZPiJQCvA0oSMWyQ4gBaCQ8eVFB4vT5HJQh; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
_abck=94082BB0869A2EF39980C3247ABABB70~-1~YAAQFE8kF56qDdGFAQAACKL/9gkEsbkNKx3bJaA9Xj2lbYFjgNELBZamdM4aCxjsVN71Bu/9TU6yUNBHZsiKP8hdsKf4G8gRODGtWhgQoGj4apLVUCZXpQclTtQ1RKHc+hGS8BkybcgdlrkokNa//po2R8mxQ0GN0JgG9vr2BlJkq6s5eoL6NPxk6O2k4RH4XBbmUrXthOY0xXJ7VZJK88FSiK+gXvZRR6nTExTJy4OA8wOyoyWxo3j/OhvpkaOfZ6NMIzPXpu70HVuMR8asi6DsWiyky+217AiJ0zcTyV66gu8gGHgPi9HhQHRxoYmmln4WShQATAc7fKl6iqNkqP+jeagBwz5Xxbko1hliFUE0UwyBuOPFqslzltP8iF1U4A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:26 GMT; Max-Age=31536000; Secure
bm_sz=21525AF1C9DC77EA36D314BA2F21F29D~YAAQFE8kF5+qDdGFAQAACKL/9hLqghadSn6bJPuyfCD9qVGT+H1KEDcJAdE3K9gnrlosF6Dq6EXJg0OTctG2s9U8UlFy4lak6cH8CxxDlEhykYu4KHbgpxv/OpEa4t579+vex1MDYzpsSfPMjVdMLX+YShJw3YEuJzsOZMY3URSyXb2fMP+ONthEfHy0NkojiSpxPswlCxYnHpITKVa3uf1juV/nR4Nu7qLG1TbQSQ4xBSilNG9/e57zLpOIZYP8qso7MUfzCcJ4RvWgFMAopMi/JvIhz3UKJSzTgNeQ+UPCwwybnZl8~3159093~4339010; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:26 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227078&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227078&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&cb=1674886227078&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:97cb4d2f-7577-46b2-8eda-3c4855391a56|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:211; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 27 Jan 2023 06:10:26 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=T5rcQyEwVdX0ZM3CD%2fDx6FVIa+XZ1AGYYbzmPxiV4WkiTywByT5kL%2fVJgPrb7Kr%2f; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20711-13050
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.65443143183301
200 OK 50 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.65443143183301
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7479276c3b9e1eaa966963835a9a38a9
d727f5efcc755c07a395bec109dc903ac8ffe7e4
7ec77b18fb88a44d983b616fd041bfae476ac2360573b1b4311b14f014ac02ad
GET /PIDO/pic.js?r=0.65443143183301 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 50010
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 28 Jan 2023 06:10:26 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=2F40Q7YaLCIE0S2R82Xb5fVGan%2fv99Y0de34c7lRPns%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
200 OK 471 B IP
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2292
Cache-Control: max-age=98548
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:26 GMT
Etag: "63d39152-1d7"
Expires: Sun, 29 Jan 2023 09:32:54 GMT
Last-Modified: Fri, 27 Jan 2023 08:54:42 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1674886226618&cv=9&fst=1674886226618&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1674886226618&cv=9&fst=1674886226618&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1674886226618&cv=9&fst=1674886226618&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 06:10:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1674886226618&cv=9&fst=1674885600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--7649329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1879031604&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 06:25:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&_u=4GBACUAKBAAAAC~&z=1684256415
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&_u=4GBACUAKBAAAAC~&z=1684256415
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&_u=4GBACUAKBAAAAC~&z=1684256415 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 06:10:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Jan 2023 06:10:26 GMT
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&_u=4GBACUAKBAAAAC~&z=1684256415
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&_u=4GBACUAKBAAAAC~&z=1684256415
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1295962857.1674886227&jid=1618629940&_u=4GBACUAKBAAAAC~&z=1684256415 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 06:10:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2292
Cache-Control: max-age=98548
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 06:10:26 GMT
Etag: "63d39152-1d7"
Expires: Sun, 29 Jan 2023 09:32:54 GMT
Last-Modified: Fri, 27 Jan 2023 08:54:42 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--7649329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
200 OK 134 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash cdbc0eb0e452ba2b952359bf51a0c6e9
b5aaf4f38acc85252c97a14a6a3206295013c940
ab4bd62ba21b6f0c7372ae1de19839efe00ad2e849473070e178f6946bae3237
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2010
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!0CHayRMqR1RyxktM7jMSAF8jYk3iBqTO4oh0qbY9X8ueGBotLjmUTdqC70lywpAwujk4n/+pvGhnYMc=; LSESSIONID=eyJpIjoiaUIyN1ZwR2pGMG9aQVAxMWwwXC9DcHc9PSIsImUiOiJuT1pMdTdxN2FvQTgwVWRKZDYwVkxGY0tZQTBnOExsUUVjYXpTWlVZXC9ia0NYMUpTVVJFbng2dlVzSFdhclZcLzVsVmtkb09PNTFIMFVcL0ZWeElQRXNETXZSeTNtTjc5OWprZHZ0eHRcL3A1WExsQzl1TTQyQU9vRUpWdUQ0bTZIWWFMU0tqaXdFbGZCXC9ZdUZuV1F3SFVLZz09In0%3D.f5b0b0da4a451ca7.YjA4Y2FmOThlYWQ3MmEzNTlhZmRiYWFmNTA1ZDk1MzNiNDFmNWJiZmY3M2E0ZTBlNjRlZjI0N2QxOWEzNjg3Nw%3D%3D; ADRUM_BTa=R:27|g:5b52b39a-0442-42fb-8868-450e243ee12b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:95; ndsid=ndsa7fxjmr0b7ncldfk0kgl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 10
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2foThtpQW7EzcI07eEe6S4bWH2cPWwbEgH0YO2IDQG57VHRokr5NGdRxEBawtRoyE; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:26 GMT;Httponly; Secure
_abck=F150CC5AE32ECDDF7C273F2105CD51CF~-1~YAAQHWgRYD7GLdKFAQAAnaT/9gma2u1QYjh+erXl4HyNW+AShDamdwgBBYISabZ+lYRYNgo9uW1A4mHVqoEt7IzoKWcKzoeP7+i1FnyYCOM+PmS5hMY2XZ8XcTixnmJgute2dm2Cpc6Sh0XJ7PeeAqNKR/Q5Xi78tNoKV5/jQefD+Ltxv1xHIKFXY8lZcCLxG8scwqS61BZ0hFcI/zhjPl3bIlZGaacKab4bPG8sZ8LPrkZmUuq0px4tYQLUKpV+IyvgPkFpZTukiGMzKi1tT1ej8EjIUbTFa0RKk/mcI10/beA5hWUZgnhj7RpeZFESEAguY7BrS8iLgUs9GKANjUm6ozvcIxjxYNErUxZIkIGhrTZKFM5TaRrn1kxctPnyrg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:27 GMT; Max-Age=31536000; Secure
bm_sz=E130DCFE2AE58EC8D46F3BB0942BD7E7~YAAQHWgRYD/GLdKFAQAAnqT/9hIoDZYjIJSMjFITN+016psQosACNv0r4AhFL/CFIxSg7l8lqnZKvLHUxUFyxgWTKKUTWT7QE1hyygSxOrMxGaStacHlOGORCz+rl2EkuPkQnosNCyfw3/07kmuDtynpuaaegwe7pBBiRQ3MecX7qbDnGYjIibVNpZkmh80dF++leO3QFCL3xkI4I4lNDZfj7zJ/+SqoURUqpR9f9V/jqq+F2KnliqZPZpODrJQ3purLXOS/Jw0VPyqHBSJd0Ut92P0LefL2dqDlA7IZXWjeDT3DMPkP~3619141~3552817; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:26 GMT; Max-Age=14399
X-Via: 1.1 bl22:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc52_bl22_20330-35320
www--wellsfargo--com--7649329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--7649329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash bd590d2ca2d10bd396d7d753a2ef456c
4ea477cd9bf1517f9d4413b2580f0369e747daa2
071f16242bad64b3735432f657c57711c1773ad4896c87ff246a8eb63da14387
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--7649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Content-Length: 648
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!GV17vck5mvqmSwMpXMFYjsa6oia5iVVMF/vVWhtqRHeaIJpM7KLLYuQuvsoBhH8sMs707Qd1kRggiVU=; utag_main=v_id:0185f6ff9e4300161fa280bc02c300050003700900918$_sn:1$_se:2$_ss:0$_st:1674888026286$ses_id:1674886225475%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTI3cOdF%2BhXK8CmqmD3twcR3Ov%2BB0yWv619q8XS8po0%3D%22%2C%22_s%22%3A%22RhtWf7F9%22%2C%22c%22%3A%22b05TWVRuUWxEYWdNS0N1Sg%3D%3DaSM1AsVEmuea_FE1-ePqXqgW5Fsr0wG-oGuGvaFTzYv7hlzD_RG3f2_zMGochn6fwun26QEP9RlWjOFN6-tpn_hH472Y6a64_3U%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AVK81GMAAAAALfeF5dee9hq%2FCRz%2F1yjv%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C10687155276291918880659150609863988165%7CMCAAMLH-1675491026%7C6%7CMCAAMB-1675491026%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1187680847%7CMCOPTOUT-1674893426s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=26137e00-3dde-41ac-9c5b-21c585b301e0; _cls_s=af22d636-0a4d-49cb-9095-629275e60f34:0; _gcl_au=1.1.429308496.1674886227; _ga=GA1.2.1295962857.1674886227; _gid=GA1.2.2004414258.1674886227; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!0CHayRMqR1RyxktM7jMSAF8jYk3iBqTO4oh0qbY9X8ueGBotLjmUTdqC70lywpAwujk4n/+pvGhnYMc=; LSESSIONID=eyJpIjoiaUIyN1ZwR2pGMG9aQVAxMWwwXC9DcHc9PSIsImUiOiJuT1pMdTdxN2FvQTgwVWRKZDYwVkxGY0tZQTBnOExsUUVjYXpTWlVZXC9ia0NYMUpTVVJFbng2dlVzSFdhclZcLzVsVmtkb09PNTFIMFVcL0ZWeElQRXNETXZSeTNtTjc5OWprZHZ0eHRcL3A1WExsQzl1TTQyQU9vRUpWdUQ0bTZIWWFMU0tqaXdFbGZCXC9ZdUZuV1F3SFVLZz09In0%3D.f5b0b0da4a451ca7.YjA4Y2FmOThlYWQ3MmEzNTlhZmRiYWFmNTA1ZDk1MzNiNDFmNWJiZmY3M2E0ZTBlNjRlZjI0N2QxOWEzNjg3Nw%3D%3D; ADRUM_BTa=R:27|g:5b52b39a-0442-42fb-8868-450e243ee12b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:95; ndsid=ndsa7fxjmr0b7ncldfk0kgl; _imp_di_pc_=AVK81GMAAAAALfeF5dee9hq%2FCRz%2F1yjv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 06:10:28 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Hac0lJK%2f7vY444sHGDxx8+qErHt1NAZ1LvuIYUSKxDg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:27 GMT;Httponly; Secure
_abck=07E9B36A1C61F01CA5FAB3C3AF5A970F~-1~YAAQHWgRYHHGLdKFAQAAQan/9gkaCDeIh1fs9plylwgn7jE5XQg+Gu9ybAeLZfWAj4Z4jlqj5qvm8f/mxrP6vn+VYGptXVxqt7oly5/nE2Lku5ux+DU73GU6f9LbT30Q5UqOYJN7e5i6wX5WfgLtAxQ7jCh0FdKm5SCdQy8O6geFT8GVlNJ1KOphGW+2rQFOyxBEQsCOOX5H1tjbuptmtQnYuyc6TYjpD5wM8Cq8kqJ8w5f0ghywJHOVJ1wPG5/3E6GM6Rcqgu4NpICylw46nuJQYL5tbTAvUiGSKwJjmARgd1EiAaacHXxB3VljYBWBHrLHUasLj74zmBHcMzgvrRDumE8d10hbXXPdTBHybq26i/4oiu5xLvKDqHTv+o+PBg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 28 Jan 2024 06:10:28 GMT; Max-Age=31536000; Secure
bm_sz=1B37B0BF63C96073F631D2F4A78C3DA9~YAAQHWgRYHLGLdKFAQAAQan/9hL9BSR+H9/6hsVyIKYG15I7bNcjFCWhbm/fS3SscUhSswGeLRQbiQ1gbPYnb8rWLZxicrRNyP9t+xjmiVHKPXQ3UPRduy7k+2X1H6B4UNawXeBM1vqoi7vFmThSaBQvK0UDLm0ImrzBdGsfdWE8CKar32qnEvSdPG6o6r8E2NiLgcyCvhliWW3Ko2bBfyCG27VRI5UT0YqvD+LV1bghPWCHAkeD6G8E9xx8lolgXiKBkeC/I9MMAUVQ3yuOn6i/mpYYQb3xdBlyzXJGEFCKsVa5No4a~4405041~4604484; Domain=.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 10:10:27 GMT; Max-Age=14399
X-Via: 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d4bc53_bl22_20330-35361
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
200 OK 6.7 kB URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856916fa7de25bdb308c04d0ae58180
72abe5101dc03c35399e6e5aab02328c206f480a
9b8c3380c842aa6de358def0d56263bafec61e37bc951a06c06e6953419e2804
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 16004
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 06:10:27 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:ac52a429-2811-404e-a1b0-c1b2fa6dc05e; Path=/; Expires=Sat, 28-Jan-2023 06:10:57 GMT; Max-Age=30
ADRUM_BTa=R:55|g:ac52a429-2811-404e-a1b0-c1b2fa6dc05e|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sat, 28-Jan-2023 06:10:57 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sat, 28-Jan-2023 06:10:57 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sat, 28-Jan-2023 06:10:57 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:5; Path=/; Expires=Sat, 28-Jan-2023 06:10:57 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 299256
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-490f8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=xMMau1zSoaKVQQFJS6k9%2fiYJ18+QzQUp%2fB8P4TFnIGQ%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365187
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-59283"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 28 Jan 2023 06:10:25 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=oOHHp1YfyrYNWS%2fG96+2dizdTu+mtBCZMsD0NsSkNvw%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 28 Jan 2023 06:25:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--7649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 06:10:26 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
163.171.131.129
47.246.44.224
23.36.79.24
142.250.74.134
157.240.200.35
54.217.75.251
93.184.220.29