r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8925
Expires: Thu, 08 Dec 2022 04:53:30 GMT
Date: Thu, 08 Dec 2022 02:24:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9512
Expires: Thu, 08 Dec 2022 05:03:17 GMT
Date: Thu, 08 Dec 2022 02:24:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4619
Expires: Thu, 08 Dec 2022 03:41:44 GMT
Date: Thu, 08 Dec 2022 02:24:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 02:08:07 GMT
content-type: application/json
age: 998
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JP0R88Jw6/NZm4xuJM6tIOXg/ofn96F0XZCFfK9M7fouzAsNP5nQnVrWDw7wf9Wc4RejTC68Djk=
x-amz-request-id: 14PV33GA5C3STSD3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 01:49:35 GMT
age: 2110
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 02:24:45 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 02:07:58 GMT
age: 1007
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4348
Cache-Control: max-age=114872
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:46 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:19:18 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.210.158.59101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.158.59:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Kdx+fQVDY7ubBTNloBskyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ExXmI9/m15Qf59JI2X3FEZQIgZw=
ocsp.dcocsp.cn/
47.246.44.227200 OK 471 B IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 27c4362835c05b244608a470943792c1
fe63f386d5c88511610b38d415bb5c4cbed8e8e8
9361c4d19dad365304cf30b60cf88234693447bdbe8d6edcc2ee2e08119362c6
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 08 Dec 2022 02:24:46 GMT
Last-Modified: Wed, 07 Dec 2022 14:24:42 GMT
ETag: "6390a22a-1d7"
Expires: Fri, 09 Dec 2022 14:24:42 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670466286
Via: cache21.l2de2[468,467,304-0,M], cache8.l2de2[469,0], cache1.se1[492,491,200-0,H], cache1.se1[493,0]
Age: 0
X-Cache: HIT TCP_REFRESH_HIT dirn:4:235880954
X-Swift-SaveTime: Thu, 08 Dec 2022 02:24:46 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9516704662862104860e
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
163.171.131.129200 OK 18 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 6b4dc0426e7b129f870061d64f999381
389bfebe7c1633443713a8604ddc4951ab5b3eae
cebf6aa99d1d60f789a2425ee593054a20e84623c9c5a3419d0782a01bbe7e17
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET / HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17759
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-8d324804-21df-4243-b504-fce15db226ac' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 21507 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb; Expires=Thu, 08-Dec-2022 02:25:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Thu, 08-Dec-2022 02:25:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:68; Expires=Thu, 08-Dec-2022 02:25:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202212071824462100760270; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 02:24:46 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; path=/; Httponly; Secure
WesdAksn=A5WzjO-EAQAAkU_xvq5HRBh0U41Yew7Y-lea_MrQosyUdOWqzAWAG2OwX6NaAaOrg2CcuDv8wH8AAEB3AAAAAA|1|0|6d743b5894490c20635324664f106f70ca0b0b47; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=GcqbZm3D1DtH5gNLxNYdOPJJrEt26Hdkk2%2f6c9IHHrCLXgcA00Putv+%2fp3Ry7VpZ; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:46 GMT;Httponly; Secure
_abck=93F72E4E4D4F6726E515D1F813D363F0~-1~YAAQJmgRYJi1t8aEAQAAWraM7wlYLBSxgN5n1ZKhtZpNDiZihaSRkgzBd2MXOU07YeWc+UmowSAbPqZmMe3iAU4jQM1WEL3IOQfW//qFaDJ6xPq+ZyFUCwMefJuaQShIioxj4Oh1TJllhfIBSy+SGhjM8h67S5AzsgojpwPSa8wMxv4cwGH3HeN3NneECt9ndjHblje1f7Sp9oGKhLs5rNuqpZ3Db3/dAN/ZcZiLQUwjuaxbIVMmb0f7doHjMFVSdlNnYMg2cDkepPd6OroPh5vkVYofF25nhDL6/mdBbVBh5gld010CPOG5bJHL/7SXh4xpbcP2tMujjo4ipRaFEhir7EMBX1N+I/rDko9AZgVJ21OAoXK1YKjZeZjo688Pgw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:47 GMT; Max-Age=31536000; Secure
bm_sz=F4CE252689C984D2D120989A7947A009~YAAQJmgRYJm1t8aEAQAAWraM7xI4fArkV4D1viPR3afEfOwH+z7rzWtTO/QT2CymYuDsDQHWc7IZtLOjYofp0olagGRz8kIvv83vT3lFAhdAsthKRy37U/C9xTbtH+S6rckvF5aLv1XoeyipaOA9+K6VKAB53aQCneK02cyCwNA3a5ik8w+6/9BSgKS/Llprd/OmvGzmvVZ/oa23u4Gbxwg2MZm3/Y54mNyhym61jXEpE5ApIQQPBc41elqv5+Mo3QXCgPR+Fq1Z25GWRYXYxsTybNUJg8drotoZ4bNhoQZrGNA1QEVg~3618612~3421493; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:46 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aee_bl22_21902-7072
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.131.129200 OK 18 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (31354), with NEL line terminators
Hash 59e9efb0258fa77e22ba60cebadda375
14d20bc503649a3b3275eb229e8a965069d74253
7e28a89f68d98388e4f1b5d76b6770fbc175df1c3545d54ba6c67b1abda5b97b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17883
Connection: keep-alive
Expires: Thu, 08 Dec 2022 00:41:38 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: "63503394-d905"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 bl22:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_22091-35889
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.131.129200 OK 24 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash ab14fc94e9e3eda1147b33096ce78036
d2dc912ef40215c52466a63f55b3fcb274b1a3b9
fbdda4705c51998c24e57f486500422fdf801052b612b7d43272a0895e245207
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: text/css
Content-Length: 23639
Connection: keep-alive
Expires: Thu, 08 Dec 2022 02:54:47 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: "63503394-29ee7"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 bl21:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_22034-29046
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d33e77bc735a42c4569b77df1d3e53d9
5be5bef9347306b7ad0f696b817fd454a935a2b9
96aa8cb49643f5c99308d3075e7f535826c848ece72891daa0ca5a5c2b9e40c1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1203
Cache-Control: max-age=106372
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:47 GMT
Etag: "639042c0-1d7"
Expires: Fri, 09 Dec 2022 07:57:39 GMT
Last-Modified: Wed, 07 Dec 2022 07:37:36 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.131.129200 OK 57 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash bf3200896bd105e86dc947dfa3c7fbf3
f39afea6027114a0d0378fd02736b71ff2f86df8
39472107f9bee2c7bd46249baa5b90c51bef93f866685c418f2a9b7175d5ed64
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57297
Connection: keep-alive
Expires: Wed, 07 Dec 2022 16:00:10 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: W/"63503394-2b951"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 bl21:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_22386-5886
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1315787
expires: Fri, 23 Dec 2022 07:54:34 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1501158
expires: Sun, 25 Dec 2022 11:24:05 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1382213
expires: Sat, 24 Dec 2022 02:21:40 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
104.110.27.78200 OK 52 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 67a063a06589a4e40465cffe34adf460
83bd779eab37f708db097c28d9eb4295c3ebdc13
e037cf255bed27ebd83c682b368532fc925848a9ff0e42d97132ac995e43bbdf
GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a7e46d-172e2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 51474
content-type: image/webp
cache-control: private, no-transform, max-age=1398571
expires: Sat, 24 Dec 2022 06:54:18 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
104.110.27.78200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1398688
expires: Sat, 24 Dec 2022 06:56:15 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d33e77bc735a42c4569b77df1d3e53d9
5be5bef9347306b7ad0f696b817fd454a935a2b9
96aa8cb49643f5c99308d3075e7f535826c848ece72891daa0ca5a5c2b9e40c1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1203
Cache-Control: max-age=106372
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:47 GMT
Etag: "639042c0-1d7"
Expires: Fri, 09 Dec 2022 07:57:39 GMT
Last-Modified: Wed, 07 Dec 2022 07:37:36 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1553845
expires: Mon, 26 Dec 2022 02:02:12 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
104.110.27.78200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=1088299
expires: Tue, 20 Dec 2022 16:43:06 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
95.101.10.152200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Thu, 08 Dec 2022 02:24:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eB5w9CYOibEVfM1br%2fG4qA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
76 kB URL www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP :0
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash 5cf20c2d914939f0d2e7e12fa91f777d
29e375db191026973ca979d46bcaff2b165cef2f
f58e093bc623c37323179d5e6a862898b300479a5a6f56b826ab7b19c123333f
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.131.129200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash ae8715f696d6c00f682aaf005f49feb7
37aef99e9d22f363714f85c4ab533fc4659e7b87
7962d1fa8e10671d70ac4c37dc83f23691ed1fe49a98f9b8c5c07f8110ff5415
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4280
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 02:24:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AzG3jO-EAQAA9GbscY7YpvspcA77RaonTx1JXFsAWBDx7tEBPvcI73sijEATAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|e793fade4d40fd91c5c3bb93078877e52283ed7a; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=7Ica8Ilvv%2fjSijEKbu00V51vO%2f+MKh0Q1EPATmpUAjEGMRY4OWcQE+KQg+QUnrYi; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_21902-7111
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:0
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=7696501
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1837351
expires: Thu, 29 Dec 2022 08:47:18 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1747210
expires: Wed, 28 Dec 2022 07:44:57 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1814145
expires: Thu, 29 Dec 2022 02:20:32 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1746930
expires: Wed, 28 Dec 2022 07:40:17 GMT
date: Thu, 08 Dec 2022 02:24:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7277
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:24:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7277
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:24:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7277
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:24:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7277
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:24:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cbac0c7e45d3f33c38dbf3af4de05ba
e9106fec14ddda290951c61eda64a69ada9a244a
98d3785eb167ea6bbba3782ab3cfd8cc9c7715f493265ac6d59494c00d3b002e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3236488e-3e39-44b6-b864-0f7ede8ee3f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: bf2f33a6-7f13-4f5b-ba9c-da33282135b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctERHFRSoAMFgYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb406-121af6ba1b7b6a3066ffa103;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yTLFIBUWHjudn2h6VKM79RUnXfuUTmQBkYSCFrRuY7_biVW5bEKZfA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 17:39:05 GMT
age: 31542
etag: "e9106fec14ddda290951c61eda64a69ada9a244a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c408efaa98ac2ce63bb1618368d10c15
a51bbb49ebd862d04eaee465d0a35b22dcd21391
077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9596
x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_qH63oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FsbiyZG0110CEANduIIWuLcxFOxfrV0YPvOSy-ScXFIX1qM6qaOdCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:21:22 GMT
age: 14605
etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbdf939d23b987fd36a86b7a1258b10d
2cad45ad8e56699db3457501cf1e488fe85d479a
285a8a3d3ec439f493ca5d586477c3e3ed3b9e5d7a0133da73c426b69e112cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10861
x-amzn-requestid: ad568a35-9eba-4c6d-a09d-97e518fbf503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIFN4oAMFqrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-434ca8281e48538e69e72e05;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4MrxT27cyrFqR70ofprhh4FbJAfVpKb787jT3TsH0l7BxQOf2tWh6g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:51:32 GMT
age: 16395
etag: "2cad45ad8e56699db3457501cf1e488fe85d479a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:33:19 GMT
age: 10288
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 64316
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 14434
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/target/offers/conversations
163.171.131.129200 OK 2.0 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10064), with no line terminators
Hash 87ff70b001f749888567f98fc83b44ed
fb9d66f6f115130985bda619aa4a2a8b5895c5b5
6f3e76f0e9480dcf75c29596e9bd03705845dabf91c746d880ccd250c914eba5
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2020
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-8faf226b-1463-455e-9c7f-8397d25d9539' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:68; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26; Expires=Thu, 08-Dec-2022 02:25:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Thu, 08-Dec-2022 02:25:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:210; Expires=Thu, 08-Dec-2022 02:25:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202212071824471063671231; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 02:24:47 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=1E8FA23EED8167A4052383F75E735142; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=SeYxt7WfFty3A7NhlbgzbUKjGbveDXdD2fpgjGeIPkOnmE+LEaoY7ZN792LrOnSR; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:47 GMT;Httponly; Secure
_abck=8CAE7C303B7D3BE622BD9F5C3588207C~-1~YAAQJmgRYKC1t8aEAQAA+LiM7wnx3dbHldIM1ad9UNmZBs/d7hdypYBI10A+hHy4/lSLqVsE9GNC6yP7wrLwj2pilDGxBqQDf9dNusPenOVVIkL2AUp7T6y4RMmtEiAFfUb6ZSR2IQs4OF2mHdeuSMzG1ZJZ0d5ts0hNeKAupqpzKaEoDAJilzZYaHTlxnng1q8Yw5ijzqzn/Kd3kus4Lol/Bf+qBVD6GB9n9QgU9xeXLnEndLGl3Ppj6joWuWPy1CyfdsRkRoYbBUOr9xDehavVgEsoe49r85NpYZq6xyvrED8bPOW87ZvmbJlKLe9MT1Rr/VdqmBwnhgyb/m6hHiAMdohMpKpINe10tJEcC/kuTEow9rVzJpU2K4d8AXHdGw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:47 GMT; Max-Age=31536000; Secure
bm_sz=C7B326CB7AE83510931D2EBEFDCC28F6~YAAQJmgRYKG1t8aEAQAA+LiM7xIccmn0NgbHHzJbAxpGYFoQY4nQr4LZbn1CsFEhnazh0/GjwRSHmyoQo+y5M4Q5ZDO5J3/RI7U4mkj5MJ7Vt2qg58q1JHYN2j48Br5KcQsK7xoKFjnyA8H05ams5VNucHsiZwNR8dVW3B0lfbCui3Go9auYJb+d1UMgDQP18b3avxhKBnpKJkN+8KyH5EtmvlQGKqGVOr7FHnRtTR0zJzdygjZ4bL3g/SCW6dIjR/QXW5MAX2EtvKZ5qgGC+FfgnQqPBJ+jW/+jJAJ/4suFVmyky+5P~3225656~4601651; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:47 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_22034-29051
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.131.129200 OK 306 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65356)
Size 306 kB (305866 bytes)
Hash 0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 02:24:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=guOl8Vg%2fIkRtNfZGtEbNo1OmL2TTlOG0oTh64YQpdAUQ%2fswXSARSre4HeoCGjlcT; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_22386-5891
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAAFdu-EAQAAPwnJtDDdJu_0EDeWbe7BROzxh-cYrrr0UeEOb3reoC6Wqfcf&X-G2Q3kxs3--z=q
163.171.131.129200 OK 148 kB URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAAFdu-EAQAAPwnJtDDdJu_0EDeWbe7BROzxh-cYrrr0UeEOb3reoC6Wqfcf&X-G2Q3kxs3--z=q
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 148 kB (148302 bytes)
Hash 3d92522be8cbefad9cc5636a370de0db
4f3f669e114dae4b40a37bb68fb7230b7e9b4278
f3c6c79a5e602b9721663b3becbfd77dff4a70654eea0491514d5dae22d942fc
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AAAFdu-EAQAAPwnJtDDdJu_0EDeWbe7BROzxh-cYrrr0UeEOb3reoC6Wqfcf&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; ADRUM_BTa=R:0|g:f5ac43fb-5289-4f0d-a58a-308b4ee679fb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:47 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 148302
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 02:24:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=Awa4jO-EAQAAMuXAQLNWBUjSv2vNhcfpuxvOMLlSwvDi8X4xHnV9qL0us-3vAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|151566e0c907e830af6149691282d4c78c16a824; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=BGGH%2fNxaBfVV+Mv4jPdwum4Yzon+bDUbC+oNexazEPQB7GsJ4VHtGTvId9PHMClk; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914aef_bl22_22057-12277
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
95.101.10.152200 OK 11 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (31790)
Hash 6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Thu, 08 Dec 2022 02:24:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hReggW%2fz8f4cVELHnCGsIQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/hp/utag.js
95.101.10.152200 OK 55 kB URL HTTP/1.1 static.wellsfargo.com/tracking/hp/utag.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (15536), with CRLF line terminators
Hash a2ab4b46ad30f60866211f2fe5de68a3
125c39f1a776161eb319a742ae7ce621f4c38933
11f666b297e903717f7f8fb577dca1beb1db6bff324a2a99b4dc0c639f883452
GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:35 GMT
Vary: Accept-Encoding
ETag: W/"632cc04b-32229"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54746
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7il3To+AveSvCsJvqCNzdA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
163.171.131.129201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2479
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:1$_se:4$_ss:0$_st:1670464226720$ses_id:1670462385672%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Thu, 08 Dec 2022 02:24:48 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=5msQh2VI9BIjk31QCLPFFA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=5msQh2VI9BIjk31QCLPFFA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=5C22C190CD9532322EE4A91148400987~-1~YAAQHWgRYAM8K4qEAQAAebuM7wloGnRye7Eu5jF2KZ6hpHZipfAbFwIRfiyUI2T9W7DrgeogmTeNj7NDTdSkw4IuyZt7Zqh248RJjLDU86PShDi0OHzJcj1hRcbz7e3pc5diykEsCpi0Ytqo0/SV6XWMLOo9OMncYgTvAG1MIOw6yDzd/t7SHI2GNmdbdsrS6p6XSlDfuUHC0V/aPF6ZoFbt1+RdgIZ8BKI1mo93mHAG/Kj37JrGNsskKBKDcpI4/O/oLg8HAiaxxK4NwomX3Q6BpFq1P0Um2QT92G6yfL4dSHQV8z7FQO2YEjj6FCC8akvr/FpNXGjC5AU1a8D7dB+pArJe+KZkKt42icuQpchR7jsjbbrapz1hO164TkyFrA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:48 GMT; Max-Age=31536000; Secure
bm_sz=22A882B863283BD871AB9C94BDE1C845~YAAQHWgRYAQ8K4qEAQAAeruM7xKfszIar3vRCYb40WFXrvpd+HcbL7B7e0NYAk4ODJo6q8b8KYxlZO6OreiqrJDCTbI7tB1X4gGtVoXinLUijH7MMygB7bbY4g5k2DIt2GRCk13g4kgR3k6l9K8T+yPdpPhfLnv2prlOTeZ3yoX+ArRP1j1lAdG7ThwI8Oi3ggZj1D7pNgcZ52DCWNAIMI2UgdNgyaOOD4NvZxTti0UAO8m5yfA4JkcQxpuHUoJFeTjJ+bpf6nzWuqmJ4t1Hafkph16lbpdmUjdFmK4q+ypP/nosPZye~3294276~3490883; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:48 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af0_bl22_22386-5920
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
104.110.27.78200 OK 43 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 026d5377df107a52e76d366d238f2b10
241c742d79515854d2d0212672cc99d966bd6b62
3efec6556ec64ec913730c358c15d68a3a482eb0d07d88d6a05a0b00056256d2
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505829-e2ce"
last-modified: Tue, 01 Nov 2022 15:08:46 GMT
server: Akamai Image Manager
content-length: 42760
content-type: image/webp
cache-control: private, no-transform, max-age=1773726
expires: Wed, 28 Dec 2022 15:06:54 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
104.110.27.78200 OK 55 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f9ab0764029883a1b5fedf81e7a450a1
b1f3593d1bf562f06bff4d9175d7ce10aa294f4f
4d2bd105b932b41bcf770bccfa190341867c5680f95df56ebaf24f6e8d8aefcb
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505818-def7"
last-modified: Tue, 25 Oct 2022 21:17:29 GMT
server: Akamai Image Manager
x-serial: 1018
x-check-cacheable: YES
content-length: 55048
content-type: image/webp
cache-control: private, no-transform, max-age=1191070
expires: Wed, 21 Dec 2022 21:15:58 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/reflect_card_only_hppb_1700x700.jpg
104.110.27.78200 OK 4.4 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/reflect_card_only_hppb_1700x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dc1423f2c7cc45f6f97be3757b8f8b52
93d350e9d1e93dd8c0340e803f675bfa7f59ae6b
b407a56b8cbd9727341490868500a4bcff59fd2e939a8d37a7d176e84634fd53
GET /assets/images/contextual/responsive/hpprimary/reflect_card_only_hppb_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "632c7aa6-1455f"
last-modified: Mon, 26 Sep 2022 21:16:21 GMT
server: Akamai Image Manager
content-length: 4398
content-type: image/webp
cache-control: private, no-transform, max-age=842284
expires: Sat, 17 Dec 2022 20:22:52 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
104.110.27.78200 OK 46 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP 104.110.27.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505819-d82f"
last-modified: Thu, 20 Oct 2022 21:37:57 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 46359
content-type: image/jpeg
cache-control: private, no-transform, max-age=760438
expires: Fri, 16 Dec 2022 21:38:46 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f1bc1104011416dfe46e6a148f6f9515
574980010589cdf51f07081e6c7ee06de1e063f4
eda705920b82d0bef5bf2b041ee4e37537017cabac01cea7c7a3f89a40765e6a
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6318b389-c10"
last-modified: Fri, 16 Sep 2022 20:24:35 GMT
server: Akamai Image Manager
x-serial: 806
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=2307049
expires: Tue, 03 Jan 2023 19:15:37 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_7207608-collegesponsorship_1600x700.jpg
104.110.27.78200 OK 88 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_7207608-collegesponsorship_1600x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 350cba169ee6b0aed0f1a9f271dbf5d6
81d69cf267e2d3b47554e2e0bc3086c8027efe7e
67c34c8a8ad4663689f5daffb491c7e787822ffe9533fc07ab54b9d5426bb777
GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_7207608-collegesponsorship_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6318b325-17db7"
last-modified: Fri, 16 Sep 2022 15:10:39 GMT
server: Akamai Image Manager
content-length: 88338
content-type: image/webp
cache-control: private, no-transform, max-age=2293668
expires: Tue, 03 Jan 2023 15:32:36 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1514793
expires: Sun, 25 Dec 2022 15:11:21 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1365723
expires: Fri, 23 Dec 2022 21:46:51 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1546203
expires: Sun, 25 Dec 2022 23:54:51 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1285266
expires: Thu, 22 Dec 2022 23:25:54 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1614761
expires: Mon, 26 Dec 2022 18:57:29 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1437398
expires: Sat, 24 Dec 2022 17:41:26 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 54a0dd5862244507f56e176ecde59056
2d8f7d7e00316c6811ce2552e608260481303898
749d47078866f2ebe0c2b692de339996ede393b570c7f73418ac0ed9a6882539
GET /assets/images/rwd/h.com_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-23fc"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2286
content-type: image/webp
cache-control: private, no-transform, max-age=1219407
expires: Thu, 22 Dec 2022 05:08:15 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1381931
expires: Sat, 24 Dec 2022 02:16:59 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=2300874
expires: Tue, 03 Jan 2023 17:32:42 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1394080
expires: Sat, 24 Dec 2022 05:39:28 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
104.110.27.78200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1553865
expires: Mon, 26 Dec 2022 02:02:33 GMT
date: Thu, 08 Dec 2022 02:24:48 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/gb/detector-dom.min.js
95.101.10.152200 OK 132 kB URL HTTP/1.1 static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4c5drrzcFj1Ix3RzfvT9Qw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash abfe375096bfad484cdbeca1076184cd
41a864ca85b8798975b0bab4891129ff76f4fd55
6e89ad7525e4268ae0dc2f35741b2b3594f91e3242e576bedf6566d03fd09628
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3927
Cache-Control: max-age=103656
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:48 GMT
Etag: "63902d81-1d7"
Expires: Fri, 09 Dec 2022 07:12:24 GMT
Last-Modified: Wed, 07 Dec 2022 06:06:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash abfe375096bfad484cdbeca1076184cd
41a864ca85b8798975b0bab4891129ff76f4fd55
6e89ad7525e4268ae0dc2f35741b2b3594f91e3242e576bedf6566d03fd09628
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3810
Cache-Control: max-age=103539
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:48 GMT
Etag: "63902d81-1d7"
Expires: Fri, 09 Dec 2022 07:10:27 GMT
Last-Modified: Wed, 07 Dec 2022 06:06:57 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
95.101.10.194200 OK 569 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
Hash 33fbe3a2d69cddef6e4a946096d516c6
5dc02187efd63f59e7747024016774a9ae4046bf
5afe00e1770197f51923e187f09f529db01f0ad8a3f245b2e9b571446e364fe8
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 569
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=6ozqA0gYcr8cobCxdPrUbLibsh%2fIZK0wbAcq9s5SxzTTOImD+DBfZyX+KBDiCj9r; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash abfe375096bfad484cdbeca1076184cd
41a864ca85b8798975b0bab4891129ff76f4fd55
6e89ad7525e4268ae0dc2f35741b2b3594f91e3242e576bedf6566d03fd09628
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3927
Cache-Control: max-age=103656
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:48 GMT
Etag: "63902d81-1d7"
Expires: Fri, 09 Dec 2022 07:12:24 GMT
Last-Modified: Wed, 07 Dec 2022 06:06:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
95.101.10.152200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gsxeVBmHlNXHlw1MMb%2fybQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=05186801091127665252634812635028991945&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202212071824462100760270%011&ts=1670466288074
3.248.49.44200 OK 322 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=05186801091127665252634812635028991945&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202212071824462100760270%011&ts=1670466288074
IP 3.248.49.44:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash baf5862000f1cf2cd30a4760ff940d96
dc00e7e7eca008e41ef438a7f01c94bd0d587677
dc35025f1fa4f856bcb67c0e7d4ec4486ad6ab855ad4361bc0434d7379852292
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=05186801091127665252634812635028991945&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202212071824462100760270%011&ts=1670466288074 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-000256d3c.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26420849162877833382224805291997705108; Max-Age=15552000; Expires=Tue, 06 Jun 2023 02:24:48 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ExpEjP0pTp8=
Content-Length: 322
Connection: keep-alive
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=05186801091127665252634812635028991945&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670466288069
3.248.49.44200 OK 323 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=05186801091127665252634812635028991945&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670466288069
IP 3.248.49.44:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 5c634add48678a4c25d331a5eb584594
4fdf1077ba7d06a2075cfb830a5c828242175609
076b821f3aeaa10cee2baaf506fea110cfd65dad77662e34d5ce69de7c877370
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=05186801091127665252634812635028991945&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670466288069 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-05e780d2b.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=91318323827989712380003662926059209104; Max-Age=15552000; Expires=Tue, 06 Jun 2023 02:24:48 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: VSeb7ZeNTRQ=
Content-Length: 323
Connection: keep-alive
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670466288080
52.31.124.224200 OK 325 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670466288080
IP 52.31.124.224:0
File type JSON data\012- , ASCII text, with very long lines (605), with no line terminators
Hash 79dfa542a6601294cdf941520fbce758
50d9bd2d82ba1d4542e4f8e4db7f3d9798e72c50
215a0b86a44be90ccd5f585a25cf2ecbe81f0b11d331cc735446e430f7fd2152
POST /event?d_dil_ver=9.5&_ts=1670466288080 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 431
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-06cd512cb.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=05223308667686938062638464835760641498; Max-Age=15552000; Expires=Tue, 06 Jun 2023 02:24:48 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 37p7AwteRVc=
Content-Length: 325
Connection: keep-alive
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
95.101.10.152200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=VcdH1Twp9Y6IuhzJQVLgWg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
95.101.10.194200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1524d2feddb5b31daa9fe7c4fcb562b1
45717724083119d92a3e2e5e7b65724ae0333b84
ddb56ac96f135f1dc6eede90348813730b1a2744bdd3e5f20443dbc6010820a0
GET /accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1BSyIV+akwXgKlC9PRGiXQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
95.101.10.194200 OK 23 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1f394d5e622516de8455a0adad3ec3a4
6ea419e3813723cbe7bb8e2b1a55007c27de2cf5
f5e90651778c28c44a8527a67cf1e6ca98e3f444079e453f4005558e66437e2c
GET /accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23136
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-5a60"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 02:24:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UMbxr3y45LpOTYcHP9Mmww%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.131.129200 OK 175 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash b6c6685bc58bfe502d5f9f6a9d8e56e3
ab855a9e3fb020038bc99082a51210d0056169a1
47a66b28147a13df17386aadea0d8db92db2a35e2266559d2f50cb6dea7dd5ce
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------59559937510795705613048711399
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Content-Length: 169
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:1$_ss:1$_st:1670468088006$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22Rht7Uqt%2F8yrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22OElkMXh4bXkzbXFzeE05RQ%3D%3DCELxszEi44APjnfBGctGuxFPrIezJoWbJb8SnlxLtodGSEOeRs0W8IRHDfY8kG6DdGfZyiOuW9UQ_6-xNY6nJdK-VgQYV8HpDhg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671067226%7C6%7CMCAAMB-1671067226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1419649712%7CMCOPTOUT-1670469626s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3R9fWaeTQsYJ2WiE7TawXebbdcMHyN3DmxsQ1LpQH59NQXzDbO4Pen7RnepfqaWE; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:48 GMT;Httponly; Secure
_abck=AB3537218346F411DAE4331D989C988E~-1~YAAQJmgRYKq1t8aEAQAAub2M7wmp9FhHCM0HQQcYc1ALwxmxuwa3pX/haFzI68v5WwhNPo+HtFilXWQnCxEHnPBJvzQuQ9A1bMKNoyrl0vDsYV2eqfYMSkax29DqOuuSKR8x3FfcNIU+kUdVjw9T0ArZ8PvdIDz3hwVdy8Rq5qc43jtYRx4nrlUnTIchi4OTcf6sW1WP62Ae6GI0cnDYZFhBNbaJZLu1llOZ73+3yI7pdvdPE43xctXVHk35AWpi+Zu1kjszjeEcvynP/CtsdGYBeki8JpdYJjotfjUm4VHJO2HiLtC8XwKm9S4hiBSZUC1oIFxWONsRku9u/nUcAbXZdry8oc+UKRr2K3T6TN/TMYD8qegsbUA4KCnwqj0X9g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=00D7980ABAF145CCE9A0FF8BE91BB9B3~YAAQJmgRYKu1t8aEAQAAub2M7xJrpZlNsTOh9SxvUW0iGCnsuxffJoTDsyki7Ab1txQjhLHcIntmRNGbLL66gcGHdLNvPmq3Sb2gPUMQMq6SX9D8jUkhJKqcc0p8d3KrAXEbsWWMpOha1vRAcv0/v7E5GHKJQSmOeoKrwRjukkqz1DwB3SvynPXLFB8EJFjdN5FnaYd5woDWu8paHYv3qX5qQRwc+wsrvAGMtZts8dmqmb0awKJISD6TgshScQXCuSLiZCiR3UX6rs4cPdY1bAxCVPr3xdK0RLGE/vaGTu5R/TaUWd1X~3294276~3490883; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:48 GMT; Max-Age=14399
X-Via: 1.1 bl21:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af0_bl22_22386-5936
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
95.101.10.194200 OK 151 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (151228 bytes)
Hash be79d5a4cd53231c6f9c36fdab701880
0cfbad823d99f3d145f62e8db1b9ad1e8e80ee20
bccce946d65ba70c452b159da71ac0b73d3a8b6e231f9dde307ff3e6d67684d1
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"638eacf6-172f"
Last-Modified: Tue, 06 Dec 2022 02:46:14 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 02:24:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A3K8jO-EAQAAv-7ntMSl3PzDZ6L-ebsX2suC9EVX6TZeO2R63dtFObS7XqP5AVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|0993821a9652f2d20542477b709c074de8fc0517; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=auck57NA%2fUAAE+zdODKAwgwzfWt7WsrriMjES+Fc7a6uJfNPtj+eCvyAylRRIUq0; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50%3A1&_cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb&pv=2&f_cls_s=true
95.101.10.104200 OK 76 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50%3A1&_cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb&pv=2&f_cls_s=true
IP 95.101.10.104:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 0535a425dd73916b7a891a0696a87670
3b9e9f035d63279e094907d24b75de27a692751e
b9357f2ac251f12bdee3fbd0e21049b3fdc3de7a55de66e86b8e949bb87e8c5a
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50%3A1&_cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; Secure; SameSite=None;HttpOnly;Secure
_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!DCxuP8iLR6I1szbNm6glvWWF2ZIYlbrDOY/w3CMxtUl1P/hDvMMgUWcamdkv/8zk90WMpqDfoXDaAg==; path=/; Httponly; Secure
DCID=eREnP5oIVoOcNEqUlbZaooHLmbKPFlmANbRhu%2f%2fl9o+RVAuF61+Ax7%2f1NR98DPwj; Domain=rubicon.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
95.101.10.194200 OK 3.6 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7300), with no line terminators
Hash 529a7c0a23255dcba4b28d93223b1baa
d42dccc998c4ef14ccd29ac23dad922646aff36f
efe09028974baf21caabbc06eceea0e8b01d1efd9102f7985743241f6cc8abb2
GET /accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3646
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=z8qgGuvrism71zboPQqXzlJg5vou++nfffJi5H9OZtpTUyOzP+ihHjwX12W8k4N4; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 6fdb9b8e1963d5f13d91db22e9294f97
f808d36103005c224eb6f7e4543d30271d2957b0
7ca8f99e7a6c7664a782af94d7b833d3a6374601a8a3a5cd382726d5d7fa3030
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:42:55 GMT
Expires: Wed, 14 Dec 2022 13:42:54 GMT
Etag: "f808d36103005c224eb6f7e4543d30271d2957b0"
Cache-Control: max-age=558484,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77620c025ee4fac8-OSL
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
95.101.10.152200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zruvNwI9YS1utel2P5Oqpg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
95.101.10.152200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TUCpCLZ%2fgLEgUVU+WEqHKA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
95.101.10.152200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Hcfs1KzskQFZ%2fHFqWMtC2g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
95.101.10.194200 OK 220 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
Size 220 kB (219989 bytes)
Hash 65eed3d3f0e61c11bb54aa99a98476f1
39199b3bb56d25924c83300dc6f6b38b9c02e6ce
13e73ea55f7a2bdefb45accd4c2579b8948daa6d47ecb7022b29479dc17b0b50
GET /accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365187
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-59283"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=7RUKm8s77SnJAZJuDfJ1%2fdUrzoRQP1lhxRDvDSOZDXDo9fZpTvpGNdgK0r73P1YZ; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
163.171.131.129201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Content-Type: text/plain;charset=UTF-8
Content-Length: 2208
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=HAGo01XahaCjEdsaEm65dw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=HAGo01XahaCjEdsaEm65dw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=6082F0CBE979E18E1514709E8DAF75A8~-1~YAAQHWgRYA08K4qEAQAAHb+M7wm/PdB09OqhJdTqEYB7JN3iC2QaT1QEswDdQrjwQ8S4LZNXaOsQcSYfOus850Z/IEfMEyy6DIh8dSS8O87IaZkx1TzZKl40LYSQsOIDSw1NXRe0fNPZHotmycL3sOhMAC4IiYksf9eqVKoDecSq5QvBYMVAGuV80YkIaQxIhYaal7rSR7nWGz5qBAQueEkZarWzQ835ni2m03SShtorCwVgq7Cm9ZgB09GbqHNoVcNtURYI+VWOKZIDEKZUMOaTLQk2vBieEq2wcP+9wmgQ806Lak5Z2M76yOg/kSmYTwCMsU5J8bzBJ0ok6urFiGCzm/IlL8Gie76SYZ3JJ4nyDEfgr4pAr1zoULiYPnTaWw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=807FA56168BE41DD977C7C7E1C17D16C~YAAQHWgRYA48K4qEAQAAHb+M7xKNYDEuLzsE3q40pqWuPwSqHnIURwp2F3ziEJRnvf7yHmlhKlxAJ5Ni3y4x0QCEf1ILi+81hG6jZS5HnLOkvXuQN7ERmU6nya7xurh6xwfMJdrBywhs5SKyQZ18FkHCXMJQzpslsDhMtvqUCx8wULmMsPhvnl+22IyBtibXF/ovk/TG0oev0Y5REcDZtLdOnk4Xk0Bswypsplf8sRrZiJft7GiT8c0F6E0zNJwilxLyPPkG+je1Z6FnHMOgHRKYTLdF0u4EkGSjqGwxuhk/G+gUuvjR~3420739~3425590; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:49 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22386-5955
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
95.101.10.194200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 02:46:13 GMT
Vary: Accept-Encoding
ETag: W/"638eacf5-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ne1RZa+%2faY%2fZFVkDUepRftoKQrXXSJM8EpMPGJZaiyKZUWFbpFlSt5zejwxhMAyO; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288918&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288918&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288918&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=u4Y21aRwtvbaFyPoeb%2f6B%2fJXIrkEbnH8Kiexjv+TN00%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22057-12387
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
163.171.131.129201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Content-Type: text/plain;charset=UTF-8
Content-Length: 2332
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mIG+Yc8RCzFOfWRQj8vYYA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=mIG+Yc8RCzFOfWRQj8vYYA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=E53DC2B5D9BC80FBEEC45707B121C661~-1~YAAQHWgRYBU8K4qEAQAAEsCM7wnBn6TdBPJ/8SLxEfK1YfYvFnGkxmFFJWRRsBRH8TAJrYjekJ/W7dj06faGRfxkBIQX1iXThOnfQHjlBACE/QIKM2+6VFDqVcJQWhr0as6dH9/hWTDHIFbCiGW0Zk0WvvUUIUCmWBY1JcuoeF96DnKxcRew8P73Ur/+q6rtWARgqe5XC2o23xdQ65NVjdMGgoMMRojeVRtpd8skiGtF7Ku/JqQDU6kO5aW2QGD8TpOsfRwXU3l7d6+3WKLlmdT2P4crdnBUQ2afhaEOZJmj9AG8qWeYLf1V0Q09qufcQCCCPKcfHJA9GzAzKYshQCXuJWaji9GEKZTexQbW3/5dQBsigidbDtxggJaUNzg15A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=BAFF82819401E33996EF119896A44A99~YAAQHWgRYBY8K4qEAQAAEsCM7xKNIaR9JQz2xrpjY4NVucUcHU8ttxGcbdCM5o0wTdeCinJV7PdxM7T52Wu2ITPbScwxfHBsJbeeec7ToBxWkrpJ1RNJxRQFxsaO0CY5KIdsO9gMYDD1+pM+/oJedC2Q+Yha46VOJTav2S15dT8YFfa5FPfgxxAgNcbDB/INP4v3qJHWJ8N2keADG/N1ZREroEE9+xJHMiKjNHDqxn4ieyAHFnR+PSGVplJqc951M5tR0bNPQjyV8u0yFOLf1nhmzrmZX0b5JjQBFG1A8FETU8zFKcwb~3420739~3425590; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:49 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22057-12391
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42bdfac4b74435a3d8add640fc703403
e1a183562d91f7cec147112026b6d9d904533ed1
4366d9c119721babbd7188548e8885917a1c011f1cf828dceef088140e8fe8c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.wellsfargo.com/tracking/ga/ga.js
95.101.10.152200 OK 20 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=2kPy6v25bLK7Efo4FmbAxg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F?
142.250.74.134200 OK 326 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F?
IP 142.250.74.134:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (577), with no line terminators
Hash 4b7870ae4ec510b7b26357e1800bdd5a
fa3d1c0b38559afbb90a3fda98d94d0042721012
ded97f642ad54e3ee7bc89ce7f4ecadb5111cfd9d54deea05756d30d2807c1b8
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:24:49 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 326
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 02:39:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.131.129200 OK 972 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2443), with no line terminators
Hash 5225b599ade557da22cc33097d7908fc
2b2193d2aadf17c22bf7b66324649b88d339b653
0794ec3b7e11f454f729a25554621b7a18ea360fa885d87095c9459400312966
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Content-Length: 268
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 972
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-61f61450-fd0d-4eff-afc5-8ae5142ba2ba' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:210; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b615d1ba-f34e-4091-93e6-dc984e64b6a4; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b615d1ba-f34e-4091-93e6-dc984e64b6a4|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:96; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=58291A8EDEECD25EEE0E24BF9CF3CDD4; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 08-Dec-2023 02:24:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212071824491492336250; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 02:24:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!C+hRHHSTaM7o2L4CM1DtwKm8Wrr899aOZH9lFjPziR6/vRr7lRobcKa2MG1BNeS/Qcc7ZhTl6Wvrf4E=; path=/; Httponly; Secure
DCID=O1vGftIw2725CUAr8YogJupidUxZLQgsitRIbRvlg6XNSahG+GpYPKVyst5b3MVX; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
_abck=7DA804E663E3FC90B1FE5AC832EF349C~-1~YAAQJmgRYKy1t8aEAQAAP8CM7wkiVWrikH45OP/f/I9vEEcb4ngaOXhfvfs6Uqj9FM95oi0bsYsiteZULpycRqRrzlDoqggKElTiFKR2Xg+heElkPVGIcp0UL9DS/hPP1lmo9EgiD9IOTxwBnkgYrfPPfZCgistf+k4kaPifA8v8G9waElGn5Z+bH3ib9SigW4JfbKOodyhCipyrSZi37uMDXYopqVShpWLiIquF6IDuw/kDjxOWpfBNWTltVY6hCq2z5wyA8HLa0v35TuQwqEK0Phabtdud/Eegvl3B2lDOQonbcL3wohAOYq1YRnjJGX6J/NNAi12HAf+C7AekSpXGXPlSd5RgmXgC6nbvx9A1dxaTxvuEBqdC+tj/v3V4tA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=04C68295F08A669436AD2ECB1AFA6389~YAAQJmgRYK21t8aEAQAAP8CM7xIqBenMS4zl0vhXNV8AjmXnZ+CWLeLXtQcplyPS65XuwNFTwngEqv4xvexpW9vlMhUaX/pV9xNmnf6xWQQep3iG1CQw4tKP63FURyydHewMnhOQT44BPoITBk+msoviuPTBA7aiXwc+lFW6vi2jab+thbrX5S5Aa+cEt6/WbU7q9+oJKlG1QO0geIL9EbhAXGTtVld1E/D9wRqd+DpY8iphxf+SMbk2az37+4tdwN9WUjqH6gcQ/ZYi8zHtzdp47hpkPz5tzWsclPArX67bBqVADD4w~3420739~3425590; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22034-29115
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.131.129200 OK 968 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Hash 4e2f295dfb736ca18f0d3d13c54c7f40
0998cb9a3106a48c867b5c7af419ddee5c0b6de1
099e4caf0acd2b6b2a3cde724e73789b7823b6bf74bfae8b835054e5bf10466a
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-f616b8c9-df25-4ee6-b837-5ecd6d5929a2' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:210; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:377588a3-22c5-44e7-a898-576c1cc0b4d7; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:377588a3-22c5-44e7-a898-576c1cc0b4d7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:97; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=D256A3B7B8148D80C8FA844D435AB369; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 08-Dec-2023 02:24:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212071824491154846459; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 02:24:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!6ziRlZ3gtpD5TRMCM1DtwKm8Wrr89y5RFtg//R8WRd+9kOfO+FeMGaLIn2gZI32ru4kZe9kyRYq0vIE=; path=/; Httponly; Secure
DCID=4LcrMYWRgxfyiU9itShzf7n+Hfvj%2fOgCGHZZwX+%2fNYQRAoowj%2f09suIGWa14wn5T; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
_abck=592FE815CF5AE6C26CA074B43B4728F3~-1~YAAQJmgRYK61t8aEAQAATMCM7wnV+rzsY2DuADxB40UG75yMKyaDuHf4YxdzQ0SAl9D0iK75a11ie8m37GY/js89vRs8Iv9oVF9L5p+VmkfK/WNT4VTQI3tgqQYZi0jLAXZ/cOYuY27Gu+/BMZtbshyKp8ZAz/Wqh7fcG5PblFlgnu24VocFbxIsRvXtl9Ru/rzKR+YLbyMu0KpPi4rm0ky8l5QsY6wWpyy30IBi/o8xj8rWlFfdoBCiJN2FTyHWfqFPPZ0zUvK0TfCjXYooy6Ys3NtNs0uXtl5nsDaQFV9ngq9qQS3taowSUe+I8i5JQnbeLhBA6IDUhbJizHtLD2yLFqXeybOGKf83SpGeeGM9uk+ecDKJxAU+ttg/IqUFJw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=3AACCECEF48E8003AA2CDC8FEC5869D7~YAAQJmgRYK+1t8aEAQAATMCM7xJpqtf0c/Kuw0+BcGe8H8xyOFrjwTkEC/M7IJBkXtJOsZf7uzdIhGkX/i9dvUGDfngFNMJgHzFxL9tHPvES9vO3o6D7Dzrl0EX0cYR/k7DYOtMmQG3qV4vC3UqJjTQuqJHlB2UqG1x0fQQXqGuimlLAsYX7V33beUxDPZir2gviwrkCUT9pPHHeq8CguO6NAx3XwhE4G8cwa8jUq9sWtjdcBdcyk08yXx8l5vKsibG+gNaYrNyEBY8mw5FmYaMFW33GH+phxBGmCxKNkHUUuRZapBhn~3420739~3425590; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_21902-7166
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288944&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288944&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288944&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=RDUa882XFdF+Q%2f84ZW59t1EB8UgSiVZLs7h%2fkNnGdYV5JlxwsbZEX5hgGDU0k6ag; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22290-18421
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.131.129200 OK 972 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2441), with no line terminators
Hash d800897bcd8b4fe3ca0a4d16686724ca
a06e7662445119c37d903ac94f1c4043bc483bf1
d296dc38c64c1b765f52eaae27284f155037e2eef4a057328ccf14e787d1e6ce
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Content-Length: 266
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 972
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-93bd581a-0191-4833-abbf-71950794f5e0' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:210; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:69e03fce-a25d-4582-8be1-56cc1df91a07; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:69e03fce-a25d-4582-8be1-56cc1df91a07|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:97; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=C2ADEE951A8436459F2AB8946E09E5E4; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 08-Dec-2023 02:24:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212071824491567687061; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 02:24:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!3vFUuCGNwoi422QCM1DtwKm8Wrr89yHnPXSG7+n7AMBWOL3Lw5y0clPhBSmRUocyaYhrBtilkMsdUQ==; path=/; Httponly; Secure
DCID=Ik6x%2fE2q2IuJhKPp4Uj743fHdYTgTLnO7I2M7qkRKbB%2fopPR7PaATnsmRqbwYo1l; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
_abck=794820668D0C93429DF9D0C938281E9C~-1~YAAQHWgRYBc8K4qEAQAAW8CM7wl1QkLJ3lCm1Nh7HCBx0PGC9X2hEBZEY+y6+ttQ8kKvBLDEGHgdKmj2692kmqQxbimwBkT2lPhwv38B4bvHucSDMnBtto0BEzPVtYuYtpfcCpr6L7a2ZkSdKZV725U71NKS16cf8F7Bt45PQT5X51tXlZxWNSNMUtpFL8/bdqopr0BO4xWYWFlorH6yNB4Wn4zaSA3CfNRCMxjt/+/ZlApl27wiMcNWlCAZUmX+CzqNmwFNsE5PyaJYo8EzuXm6iWECZMxkKP30DfBW7BmXBg2hOzkXVh+cK1zxLw2+Sb14k5YPJHjsT8kHWO6IvI3351irUJxjZYI79RlImDqVorShd4Y39Dk6a6xBa7tDug==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=77326FE36D981C625D61DB10F6F7B2FD~YAAQHWgRYBg8K4qEAQAAW8CM7xLmVeZwPsDglur2w7RrQcSCNvL+vhSzXsxLMIjsh9PdKgOGX+IAhuNZBU47Uvc7i8Ke6613vkguxb0gRCNns70hKb4CjCp1/amp+76G7wJX2cyJvMREX/eRXfqVeBi309JlS3tKTWdU6j6J5fMMwBLcDhjn5XNgFm4BhApvIrg7XE3tAn1i9Cu3L0BG/drj3zLy0LDwOg55z6xEyIBPSC6Uyw/o+KYVspLvQtQMDYt0O7Y1GqfFkaKkyyK6S+9/NcTb/+de1gRfVPm1VJehLz+mAQ33~3420739~3425590; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22091-35986
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42bdfac4b74435a3d8add640fc703403
e1a183562d91f7cec147112026b6d9d904533ed1
4366d9c119721babbd7188548e8885917a1c011f1cf828dceef088140e8fe8c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.131.129200 OK 971 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 78106a1f20476cf5cec6f1b4da172eb3
f1ea8dbe99db235612906be7742cc16dc56eecec
c3cc755b5e871c5f1dc2cefa00b4d5772e96c7ad1df8b75570c939e99583e87c
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-1ba22997-8840-49fc-99ef-5df234f48c3c' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:210; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:71c5bbad-03ea-4a87-9ad7-cd4f2613b85d; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:71c5bbad-03ea-4a87-9ad7-cd4f2613b85d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:100; Expires=Thu, 08-Dec-2022 02:25:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=63403E89F0AEF29D676AA06B34938F47; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 08-Dec-2023 02:24:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212071824491189977477; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 02:24:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!8OpalioRtQADb3YCM1DtwKm8Wrr89zbhDEUYfr3JCem8l/qy/iNOJSYwUIj/tLqhhnxRnwaVSNwlmQ==; path=/; Httponly; Secure
DCID=1IJqGxm0uwUlDZtETsmb1CRKQ2aBJKZcKINspawyTIUEPxiufaigl9A1K6qkXZ8c; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
_abck=11954620A0E0200CC135F407E875531F~-1~YAAQHWgRYBk8K4qEAQAAf8CM7wld5T4TL/i3tNqEGfkqaVDNGDijq/3e5syJkMshgisLaNtibUT47MjD4jBl2T6IXHeSV2rfd75rNcEeFoVHHCihvJmerqG/+P2yjKnu4JacJfC+k9hY/SryyifYGWAsBzU60bPE9LJ9m5DFMsREfo/K8Fva0swNseIkS42+bgpJEQz0xA8N3v7Ly/ay1elE9vB7g4wwxrQFiq9Xw/PVCxFGVPKWhChsSj83JPwZaFt8z0b7vQD5Tqx1Q9HlXCKPDo+/8OTofzwmAhtWNfdLaEcgIeZjLkfnoWm2f1iR1yJ0cCkJbDqIWi6W9Xb9kGAK5O0bpNaGQm52bqTk1rSQGTK8dRul+7hULkAB95VuWQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:49 GMT; Max-Age=31536000; Secure
bm_sz=798A3D9508B7FAAFAB55679900D75DFE~YAAQHWgRYBo8K4qEAQAAf8CM7xLvhbSsJobOKwIjgp8r7AKfqIBjFm1bbSQR9HQB6QuiqESrNYDn3ThxdS9WP+41BODRAYKhllZPeSXp+tsTZkLhxVlJieuP+au3A/X2uxYmJDFjuWcCU4uX0CmxGyyMSov49uemOih8BLCOuWaOV61hid6WZMQHxB/ybrYe6em3iK97323A3koeX70puCMCjjHJR0pNFR3oSHVKyEBkdvRdQMUmksxQSqNunpAKUJKeiQTi+PJzElVXtHpvck5UzWKGoTpfLoJ4RckZM4omTEf0S/K9~3420739~3425590; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22386-5960
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
95.101.10.152200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=c8CDSGAvSIKiyRr4unpRpg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.4429294739195667
95.101.10.194200 OK 56 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.4429294739195667
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9854e8b27638c3a879c37d47a21da8d5
97109bc7383d7fc0e4af0577ae20cb85fca35ae6
602f4658e725b5a94a9c110e586dcdb0f5458002cb64c9a609c6fe74747edb48
GET /AIDO/mint.js?dt=login&r=0.4429294739195667 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55597
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=1JbynEeyRg4H9ndIJg%2fxWPmyizI1BCX532RXjeh1pCIZk0hW15dEY3UC4ZVugXEd; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/glu.js
95.101.10.194200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash d882df0ec797570b3cefb8101ed26f21
b78fa2a4729813ded42f81c317306f0f2c400e12
43db265764ff4bec1f7ce591ba3d656c1e7e3222a5855154fc5e5d9149a5573d
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 36991
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=s87BqH5HFoT8JOYt+5F7OeKBETAN0fodLW5giyYs+BVs2O0+bqaciE+EM3HW0Z7i; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288949&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288949&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288949&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Ft7j+3oBjzmeWPmBjmHvXi+Srm5R1l+ui3GhRxwtD1U%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22057-12392
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
95.101.10.194200 OK 164 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
Size 164 kB (163612 bytes)
Hash 82652a1a802b0db9cce4e6dd2cfaa3de
11f77efade557b929390f782ef47a7a9425987ad
812a64d7b59d4bb8ae0f22749b4eee8cf3949f2a4d4c420da3ea8c3aef79fa92
GET /accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 299256
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-490f8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=8TE6sUDD0DdCM89Nx1r%2fylhUw21aIj8NqqgAT0nDmXfjRyvnAT+PGwQZnVBMyQ2T; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 47ca575e4e17f0d22c64cb660e7a09e7
4dcbee84c5dba4dc2d9e647ff157302b427e869e
5e7f53f02ba783b9bab5cd6670ce0dcd230bd0f9c54fde6c0c1f3ba1523fee63
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: max-age=140128
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:49 GMT
Etag: "6390be71-1d7"
Expires: Fri, 09 Dec 2022 17:20:17 GMT
Last-Modified: Wed, 07 Dec 2022 16:25:21 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288954&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288954&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288954&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=zBSa1tQPX1WXYg22Lnz248SIq7zksNqLphaVhkg%2fM6k%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22034-29132
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1&_cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb&pid=4dc4f830-70da-4e92-92eb-d9523c500143&sn=1&cfg&pv=2&aid=
95.101.10.104200 OK 969 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1&_cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb&pid=4dc4f830-70da-4e92-92eb-d9523c500143&sn=1&cfg&pv=2&aid=
IP 95.101.10.104:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4597), with no line terminators
Hash f3f62861b191c56cac5d3ad0d5f43e0f
95de5c861ffe75480dd901b006e741a9c5c17680
112a55e6868ee09689b2963f15f03e7eb471623b9c3f8947912a785a70ae5ff4
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1&_cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb&pid=4dc4f830-70da-4e92-92eb-d9523c500143&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5355
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 969
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Thu, 08 Dec 2022 02:24:49 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=18d2c6f2; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!zPyj0692n2cKJSHNm6glvWWF2ZIYlfIJE9JulOoEmkqzeXWrThoxHc0kWJc0Hxceo47bmTSjRTVaeA==; path=/; Httponly; Secure
DCID=bGb7m0MzdkXQ59hbSGUiIo15fJQNfBWm9CVN5vEjEFahamPTdsEADAsUkHdRv%2f3u; Domain=rubicon.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288962&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1reflectcardtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-250163-16%7Etcm%3A91-223657-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288962&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1reflectcardtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-250163-16%7Etcm%3A91-223657-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288962&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1reflectcardtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-250163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=EiSjyPJcUMu%2fUNysRfml7+NC9rGo++F3yf54di08IFU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22290-18428
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=695438722&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALBAAAAC~&jid=874894212&gjid=1267132978&cid=526439436.1670462387&tid=UA-107148943-1&_gid=792654241.1670462387&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212071824462100760270&cd12=BROWSER&cd22=hp&cd23=4.48.0>m=2ou8g0&cd35=526439436.1670462387&z=1329658963
142.250.74.14200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=695438722&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALBAAAAC~&jid=874894212&gjid=1267132978&cid=526439436.1670462387&tid=UA-107148943-1&_gid=792654241.1670462387&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212071824462100760270&cd12=BROWSER&cd22=hp&cd23=4.48.0>m=2ou8g0&cd35=526439436.1670462387&z=1329658963
IP 142.250.74.14:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=695438722&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALBAAAAC~&jid=874894212&gjid=1267132978&cid=526439436.1670462387&tid=UA-107148943-1&_gid=792654241.1670462387&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212071824462100760270&cd12=BROWSER&cd22=hp&cd23=4.48.0>m=2ou8g0&cd35=526439436.1670462387&z=1329658963 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
date: Thu, 08 Dec 2022 02:24:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288966&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228971-16%7Etcm%3A91-228643-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288966&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228971-16%7Etcm%3A91-228643-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288966&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228971-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Kgrp67K+iZdZbpIJq0%2fxlw9fYsscS4LtfRBoJeJPvfX5roEvoT9f5dgActlsuRlA; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22091-36009
static.wellsfargo.com/tracking/ga/ec.js
95.101.10.152200 OK 1.3 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ec.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Thu, 08 Dec 2022 02:24:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=FabQup4M6Ai3Yplmjymh1g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288969&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_everydaycheckingrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228971-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288969&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_everydaycheckingrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228971-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288969&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_everydaycheckingrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228971-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=I%2fWH4yCM4Vi6sRoe81WKuGRoFoph3VKpi1VrXn4+1FByJIHUe6gmludU2lox9lS6; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22386-5971
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288979&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288979&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288979&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ipFo7gZptTFqexDxE17ZKFmTrT%2fz26m1mA%2fOostFin2CaxTEAG6EUw2MrxoBgSNL; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22034-29141
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288973&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288973&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288973&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=K85veXokLBsfEhaMhfJo8Yc3RUGuw9UA8dywiJsBnXg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22057-12404
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F
142.250.74.98200 OK 327 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (576), with no line terminators
Hash 93cfe4606029746c1090472bec30f516
54639e4d8471418aa37508aa5ff0678ac66aad64
5a92e266a1c1d7c00ad34076d144e2dfb8cc5b302281a61c36ed28cdf1cf5ae1
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:24:50 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 327
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288976&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288976&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288976&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=dziL0KaXFpTLa4OYI5e%2fsgVh7sFcLHnAqnfi6EKsYUA%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_21902-7185
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&gjid=1267132978&_gid=792654241.1670462387&_u=wCCACUAKBAAAAC~&z=1303475312
108.177.14.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&gjid=1267132978&_gid=792654241.1670462387&_u=wCCACUAKBAAAAC~&z=1303475312
IP 108.177.14.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&gjid=1267132978&_gid=792654241.1670462387&_u=wCCACUAKBAAAAC~&z=1303475312 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Dec 2022 02:24:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288982&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288982&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288982&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4I8uf7E8qGuEJX8SxGc+FlxyibdkS9Q%2f0ZVoLLUIRYkdI7i1G0S+0T3B1sLT%2fCqy; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af1_bl22_22290-18431
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
95.101.10.194200 OK 148 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
Size 148 kB (148547 bytes)
Hash 82c74869b0ffb7ac1727dc7c39f1f1b0
1f456fa1f246890946d442ed8a1d27ee09166769
7d911c69b340fcdbd757fe6f08ef759cc87d22c973aaa56fac8e9501b1884b20
GET /accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310941
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-4be9d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 02:24:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=PzQGLpCEAb1NMJGZGd95zgxHm4NMGOLoOTqw+wT7iJ0%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288985&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.131.129200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288985&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&cb=1670466288985&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; ADRUM_BTa=R:27|g:5ea16cb3-05ab-48f0-aaad-35d245a21b26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:210; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 02:24:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=+cwoY8pBr3vPlFi+OT6TEosWp+EW84Y1g6p9ltDWZgg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af2_bl22_22091-36021
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F
142.250.74.66200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5094131322755;gtm=2od8g0;auiddc=688469271.1670462387;u1=11202212071824462100760270;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.526439436.1670462387;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:24:50 GMT
expires: Thu, 08 Dec 2022 02:24:50 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBSQWExdVdIMWdpYXRCWUFlOTd1UjBIZ0NteE5QMkZzQm9ybUJHbFVSTEp6TDZNYWVleUc5eGEvMVBKc2NPWWJmSFZlSmUzT1dvOW5KKzEyK1h6aFNCdXd2cDZQMWwxbTRYM0hkR1h4U2RtSzl1TjNwVFlsODI1Zm9OSjBYZHlLMWNxZ3JZNS9yTjA4cFpMWmpwa21IeVVSZXhlVkVNT090dDBuaVRPcnhKV2ZPSlNHYnlCSTBFaGNnNW9OYUd6ZjB3UjMwVHJqRlp2VXFIK1NOZlFZSFQ5eDdMQXlMU3cwdmRJN0RMK0lZWER4THJtUWZxQWJmc0ExMkprYi9jMUNpREk5ZUliNGV4dE15V05pQm03amVuZGUyUGsyUUVQWXpqdGE5eEl3PXw5ODQ1NjIzMTk5ZWJlOGJlODVlOTM2ZjViOTJmYWRiMWM5Njg4ZmM2NjBjNTU2MmI3MjJiZDQ1YThlZDA1ZTA0MDI1MmQ0NDFlNTIxMTg0YjZkOWQ0NGZjNTk2MDQ1OWM2NTNkN2I0OTIwNTlmZWY0ZjU3NDY0MTRkNzgwNjVkNTEwOTRkMTcxZDg2MzRlMTMwZDBkYWFlYTcwNDY2NmMxYzAxYTZlODJlNDBmNDE3ZThlOGEzNzczMWYzZGE0OGQ1OTc1NjQ3ZGQ3MjU5YTUxNjBjODY2OTc3NDVlNmY0MTYxNjgyYzI1NGRiM2Q4OTE3NjNmZjM2OGU2YTdjMmYzYmJiZTJmM2MxZjZhY2E0YWZjOGRjMzY0Yzc1YjM5ZDc5ZjliMjAyNTYyYzBlZTQ1YWI4NWIwMGNjYzY2YmI0MWE1MDk0NGYxNGU1ZGZlNzliNDhmMGQwZjcyOGY1NmJjMTFmNjhjMzk1ZTUxNGM5MWQ5Y2VkZjAzZWMzNjhlYTA2Y2NjZmUxMTkwYWY3YTE0Y2YwMzJiNjgxZGEwYjg4MGU1NDcxNzI2NTg2ZjgxYTJlNTk1NmI1ZTlkZmFhYzQ2OTcyZDVmYmM0NzFkNjg2MjhlMGVmYTc2NTM5NWUxOGJkNjA1YzIyNGIwNTM4NWQwMmI4MDg5N2RmYTRiZWU0NXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com&t=jsonp&c=bxqtyrkymdqpkefe&eu=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F
95.101.10.194200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBSQWExdVdIMWdpYXRCWUFlOTd1UjBIZ0NteE5QMkZzQm9ybUJHbFVSTEp6TDZNYWVleUc5eGEvMVBKc2NPWWJmSFZlSmUzT1dvOW5KKzEyK1h6aFNCdXd2cDZQMWwxbTRYM0hkR1h4U2RtSzl1TjNwVFlsODI1Zm9OSjBYZHlLMWNxZ3JZNS9yTjA4cFpMWmpwa21IeVVSZXhlVkVNT090dDBuaVRPcnhKV2ZPSlNHYnlCSTBFaGNnNW9OYUd6ZjB3UjMwVHJqRlp2VXFIK1NOZlFZSFQ5eDdMQXlMU3cwdmRJN0RMK0lZWER4THJtUWZxQWJmc0ExMkprYi9jMUNpREk5ZUliNGV4dE15V05pQm03amVuZGUyUGsyUUVQWXpqdGE5eEl3PXw5ODQ1NjIzMTk5ZWJlOGJlODVlOTM2ZjViOTJmYWRiMWM5Njg4ZmM2NjBjNTU2MmI3MjJiZDQ1YThlZDA1ZTA0MDI1MmQ0NDFlNTIxMTg0YjZkOWQ0NGZjNTk2MDQ1OWM2NTNkN2I0OTIwNTlmZWY0ZjU3NDY0MTRkNzgwNjVkNTEwOTRkMTcxZDg2MzRlMTMwZDBkYWFlYTcwNDY2NmMxYzAxYTZlODJlNDBmNDE3ZThlOGEzNzczMWYzZGE0OGQ1OTc1NjQ3ZGQ3MjU5YTUxNjBjODY2OTc3NDVlNmY0MTYxNjgyYzI1NGRiM2Q4OTE3NjNmZjM2OGU2YTdjMmYzYmJiZTJmM2MxZjZhY2E0YWZjOGRjMzY0Yzc1YjM5ZDc5ZjliMjAyNTYyYzBlZTQ1YWI4NWIwMGNjYzY2YmI0MWE1MDk0NGYxNGU1ZGZlNzliNDhmMGQwZjcyOGY1NmJjMTFmNjhjMzk1ZTUxNGM5MWQ5Y2VkZjAzZWMzNjhlYTA2Y2NjZmUxMTkwYWY3YTE0Y2YwMzJiNjgxZGEwYjg4MGU1NDcxNzI2NTg2ZjgxYTJlNTk1NmI1ZTlkZmFhYzQ2OTcyZDVmYmM0NzFkNjg2MjhlMGVmYTc2NTM5NWUxOGJkNjA1YzIyNGIwNTM4NWQwMmI4MDg5N2RmYTRiZWU0NXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com&t=jsonp&c=bxqtyrkymdqpkefe&eu=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 9d2a94036628c095724e4b3947c02287
f393f279c2dfa015a49c1d80134276549b9d26c8
47c224dbdc2e5c9f9f2c98c81e52437207c9832e0554fcec8bfc357543fe33ce
GET /AIDO/vyHb?d=ZW5jZEBSQWExdVdIMWdpYXRCWUFlOTd1UjBIZ0NteE5QMkZzQm9ybUJHbFVSTEp6TDZNYWVleUc5eGEvMVBKc2NPWWJmSFZlSmUzT1dvOW5KKzEyK1h6aFNCdXd2cDZQMWwxbTRYM0hkR1h4U2RtSzl1TjNwVFlsODI1Zm9OSjBYZHlLMWNxZ3JZNS9yTjA4cFpMWmpwa21IeVVSZXhlVkVNT090dDBuaVRPcnhKV2ZPSlNHYnlCSTBFaGNnNW9OYUd6ZjB3UjMwVHJqRlp2VXFIK1NOZlFZSFQ5eDdMQXlMU3cwdmRJN0RMK0lZWER4THJtUWZxQWJmc0ExMkprYi9jMUNpREk5ZUliNGV4dE15V05pQm03amVuZGUyUGsyUUVQWXpqdGE5eEl3PXw5ODQ1NjIzMTk5ZWJlOGJlODVlOTM2ZjViOTJmYWRiMWM5Njg4ZmM2NjBjNTU2MmI3MjJiZDQ1YThlZDA1ZTA0MDI1MmQ0NDFlNTIxMTg0YjZkOWQ0NGZjNTk2MDQ1OWM2NTNkN2I0OTIwNTlmZWY0ZjU3NDY0MTRkNzgwNjVkNTEwOTRkMTcxZDg2MzRlMTMwZDBkYWFlYTcwNDY2NmMxYzAxYTZlODJlNDBmNDE3ZThlOGEzNzczMWYzZGE0OGQ1OTc1NjQ3ZGQ3MjU5YTUxNjBjODY2OTc3NDVlNmY0MTYxNjgyYzI1NGRiM2Q4OTE3NjNmZjM2OGU2YTdjMmYzYmJiZTJmM2MxZjZhY2E0YWZjOGRjMzY0Yzc1YjM5ZDc5ZjliMjAyNTYyYzBlZTQ1YWI4NWIwMGNjYzY2YmI0MWE1MDk0NGYxNGU1ZGZlNzliNDhmMGQwZjcyOGY1NmJjMTFmNjhjMzk1ZTUxNGM5MWQ5Y2VkZjAzZWMzNjhlYTA2Y2NjZmUxMTkwYWY3YTE0Y2YwMzJiNjgxZGEwYjg4MGU1NDcxNzI2NTg2ZjgxYTJlNTk1NmI1ZTlkZmFhYzQ2OTcyZDVmYmM0NzFkNjg2MjhlMGVmYTc2NTM5NWUxOGJkNjA1YzIyNGIwNTM4NWQwMmI4MDg5N2RmYTRiZWU0NXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com&t=jsonp&c=bxqtyrkymdqpkefe&eu=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Thu, 08 Dec 2022 02:24:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=vTBXgGUMxlFlxAdin9%2fcQK9lh3edQ+CvtCvD1kLyeyy57fMNLQInOeFb8sViQwBr; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
_abck=BE4C860F6F2CC39B957FEB45EA7FB9E5~-1~YAAQvgplX2qPIoyEAQAAvcKM7wn/eyinTlEYDT7O5MNTRnSQ97tQimx+E5dcGGAo/OYwMwammIsXlDphDzUnlqGJd3m32asX7N6ykkeGAu6gm1Tri9a/5cDqnKScgjzjVSYu3xTk4ixT1R7TMtPGXUNjLB/9F7CKwWRjhYy2mB35aBsqwzjyf7qJYFYP54ZvM8hQqks0Yu9TkcHr6pMishB7mQgaIq6qV/vnaj951X9uAn3Sg6AhcZ87jaNCG3Xo9ZTUPyH5ByWyNIWH25nwzUTxSOTmhQjNSWRpx3xrjh6BUPbeQI3Mb38TUSSM3q5/tpt/RpgzTYJOGowmPtaLNpQHZOveIlh99LMVHI9Nvl+DTc78HngcMT7241JH9T9fPQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:50 GMT; Max-Age=31536000; Secure
bm_sz=4C23B2CEB929837CEF6308A7D57F2626~YAAQvgplX2uPIoyEAQAAvcKM7xLOhzl8OrboFMKl0XN8cnEM985t1sxxY5RBNoxFOhSkNZdGe3SlBHornI9iOrd69CLVOPKvTidlf8RGwpNO1H8dJfYi3F3bp7xnl/AmqY+9yddx15g4gXCtjYO3J8iJN03MQ0mtugs9f+iSImjAz7wpYZZ3gkCHE4WFiyByiE730D5f6XtO5vKThk/gKEEepaDo3A/xs/fYDjMK0XJ2Aq+rA5t8H1Yjs86c0BOLJUfc9mC4AtW6AiSxpLlA0rFsL376NWbeYIuOMyhn/sTse/Q8hVXX~3617860~3421237; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.21239988712554336
95.101.10.194200 OK 42 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.21239988712554336
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 722043efaf9119fb4bc60fef0e3e7504
323ee197abace973db4f054537b19d4187ca51cb
284a1ee0feebad2a5874651c367658d7cef96fa506a20d11e5e0d86f5edfba9b
GET /PIDO/pic.js?r=0.21239988712554336 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 42437
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 02:24:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=5QtcnsOdtt2AGAfZhRo88kTP9pHfjEnVRiFMfZkQVCKcnssB4hX49l5iHpOkAGkE; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
95.101.10.194200 OK 17 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 95.101.10.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2285)
Hash 4fda156788e52949fa4d44903dcd99ea
1dd606e616b0386d7c08557bbb57908cdf8610e2
8a49c004bb7de25660cc0668c4d787a0d19a90ce88deea8157da409f201bfe80
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 16950
Date: Thu, 08 Dec 2022 02:24:50 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:18de832a-efd1-4562-a119-9698c6945a80; Expires=Thu, 08-Dec-2022 02:25:20 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:18de832a-efd1-4562-a119-9698c6945a80|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 02:25:20 GMT; Path=/; Secure
SameSite=None; Expires=Thu, 08-Dec-2022 02:25:20 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Thu, 08-Dec-2022 02:25:20 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Thu, 08-Dec-2022 02:25:20 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=aJ4QaUl%2fmDNYENpyGumWBGB7BJZc1w15XnsmIiKBzhrzb5rz52hvQYhxfi09qy%2fF; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:50 GMT;Httponly; Secure
_abck=9B34C37F9AD739A57799F8B2857E3BDB~-1~YAAQvgplX2yPIoyEAQAAhsOM7wnp8WkknoVqZvBsgVmXntJdmLqm0KY0Y7ujxzYt2NWj+FpdeqXhOagxNWL7Sv1KYmsZ+JHHKU9ceEYHaaFZK8L4GUdqh45xsb0P7wuZUYHMABnatAg/2G4dWdzDxzNYbsa1SYb9KCVlAb4QbvZgHtahuuhiG5gGdrIfaCiRMJankiZJlveSVs+wIiqVheX1HA0VAOfPoePBq8aBJ0ipWeRN9jHB/j7Of86xYCXaB8PtzrE+WA0lTwsvSmQgx5h3XaoojyNlp54a0gnE8UbeV6d1o/OvVvTgumEqD/c6dUweY2T7oVaJYQiS2te3UZl30dgHooMAQe/UAkl3xpPxLWrgmFqIVVy+6w5a61ql9A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:50 GMT; Max-Age=31536000; Secure
bm_sz=65F9DD696788E4544DB4277DF104EB64~YAAQvgplX22PIoyEAQAAhsOM7xKHYQUP62wFH3xqHo18NR6kQsD57QkNmTBYashcCn8IhNLyAPgweH+JaTPc0dPgSujXGCggq/8H6MaYPbwTj70CZvyVGvav1URivfVEcoV5NHG+TXdwwtK8H7dmQRcLccgumFlnKMeK28yjzbzs/TrM12h0fIOxSYyfDr7LqwMqAH7NhuczKFlDrSbKeqnxNAT9BbiMHZdf8AZ6dcbq696AzImDe+n/0o3zKMmMaIYFNI4YQLopVvtjbWdtrHRb7X/kMAFO4kVxj0Io8UmB9tih37cs~3617860~3421237; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
54.185.198.128200 OK 1.7 kB URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 54.185.198.128:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash dc0dea3d1bdccde588f1c688175536ec
1d898603f5c9e6a946240a0971ffc5fc999c7774
8d0b93940a05da48c7541d16dbacd0478d8414c45d8c8579b29e9c08be13ea8a
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:24:50 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=41338
expires: Thu, 08 Dec 2022 13:53:48 GMT
date: Thu, 08 Dec 2022 02:24:50 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&_u=wCCACUAKBAAAAC~&z=452214681
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&_u=wCCACUAKBAAAAC~&z=452214681
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&_u=wCCACUAKBAAAAC~&z=452214681 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:24:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3179
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Etag: "63900605-1d7"
Last-Modified: Thu, 08 Dec 2022 01:31:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670466289422&cv=9&fst=1670466289422&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
216.58.211.2302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670466289422&cv=9&fst=1670466289422&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP 216.58.211.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1670466289422&cv=9&fst=1670466289422&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:24:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1670466289422&cv=9&fst=1670464800000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8r49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=3833873607&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 02:39:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&_u=wCCACUAKBAAAAC~&z=452214681
216.58.211.4200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&_u=wCCACUAKBAAAAC~&z=452214681
IP 216.58.211.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=526439436.1670462387&jid=874894212&_u=wCCACUAKBAAAAC~&z=452214681 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:24:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 02:24:50 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4272
Cache-Control: max-age=93891
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:24:50 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:29:42 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.131.129200 OK 164 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 61db064061affda5ba40dba1ac4ae0d1
54380228d86c094cdc012b94a964c3a532087f2c
63c532738ab1963ced34f240eec8c47ccf75e1200db499dff57e139a2dcf192b
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2040
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!8OpalioRtQADb3YCM1DtwKm8Wrr89zbhDEUYfr3JCem8l/qy/iNOJSYwUIj/tLqhhnxRnwaVSNwlmQ==; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:71c5bbad-03ea-4a87-9ad7-cd4f2613b85d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:100; LSESSIONID=eyJpIjoibFAzN1wvaHpTV2h3d0Z2OUVKcE04NHc9PSIsImUiOiJCQ0NwVWZcLzVIRHRCMmVUNEttWWhvZlhlUkt6eFludWtBK21CYnpkMVM2aDhiVjN2YTJFTnJDdDVFU3VUSFlzSzJsd3BnRk5NWXV4d3ZRc1V5czZaVUhCVnVYSjkzTWowY21hZkJCVlwvblM4XC9Pb1ViWStaczBBdGFLdm5ONUZQTzhKazBZOHdsYUd0N1pkRnQreVpcL25BPT0ifQ%3D%3D.cb0c1875e3b865b1.NDcwZDU0ODUwYTMwNWVhMWVmMThhMjY0YjAwNjg3OGI1NDNjYzMyNTk3MDRlZTYxNzRjYmViMjUzMTEwZDI5NA%3D%3D; ndsid=ndsa4wfv7v6k568lbeghyq4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 164
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 26
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=He7xKRkGEXoWY6H%2ftr9tNnZD%2fHDfOndKIBsCij3lAsrgve5uRUoAwei9L35Ah8lK; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:51 GMT;Httponly; Secure
_abck=982405EAA7C7CF2CD4E2D9F598EBD84A~-1~YAAQHWgRYDI8K4qEAQAA0MaM7wkudiKkiVRubX8tkjdwh/TG0TriUE/+ar+g0ejHXDY5ErN9WRiVIRfwdc6sy/pYK4wbbRfsWMmuivXSdm1CUUuhYkNiesoPqRF8MqXIskaAMjHhdgoi71cxiTOdBLsDxZVnTkFHPKC7lF+8Z4Pv0siBZJfMiHN48KJmRW0miTgN20xxHdbmegK41z8tBD1a/jTTl2Ll/6Yb+Wfje584Esd3we1Mf5vb4VJi00fQv1Bqi+5z/0Wl5UXuw5UpBLwbSRs3JFqGVgCFUWj2OLkRDuLZak7AKSNtOXPfmllS3zgkoD2UsKC1TFIoCUi+K/dPU71BlW7wta/kaM0H0SgTaaplp+b8C3w+3svCJFcW8g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:51 GMT; Max-Age=31536000; Secure
bm_sz=FC7D55E2217691FE9B01CF386734E030~YAAQHWgRYDM8K4qEAQAA0MaM7xKiWiIA9rVykznvnCGnuT7NBpYQQRRZHad9/SwnGOOLzaqsfy62VIQDSIPV3wFC4zrVK7ntY6+MFoiVHZzVY5anW7wczj2+NN/pdDd4QEKn0RgYkRKHTsJAAq9jGi2hhGvG0QIomaOisWPRQSMk75qTxJyXjHdi9/13RZKBbhpwBV/ogdmbK16clQg1lkakphppjcrsGIvTXfqpd0jiVZrsht7Fu0t5LSrVXCt9ehnQx0Zx1nllDCDfbzcKVc/zVKOx9WHCFSJ/7sZ43XCkb9p9AnkE~3750196~3487537; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:51 GMT; Max-Age=14400
X-Via: 1.1 bl22:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af3_bl22_22386-6014
www--wellsfargo--com--8r49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.131.129200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--8r49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.131.129:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 60d5f3ea8d7fc60458b35f7003831425
5ff9ecba761fbaeea86c54653659ac9ea32adf83
2da5533216820a5a8fdc5d64a1be1a989304c4637ccad7e11822600e6bad9fb9
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--8r49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Content-Length: 1424
Connection: keep-alive
Cookie: utag_main=v_id:0184ef512e08001c86023db3a15e00050003700900918$_sn:2$_se:2$_ss:0$_st:1670468088442$ses_id:1670466288006%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4Vfo11%2BlzJ8CmqsQP%2F%2F8V2bIe82SqN7mcIp03J9aI%3D%22%2C%22_s%22%3A%22RhsTEtwfzCrPSCPXjAVCmH7%2BF%2BOk6x2j0H8C9AKHr4kZ%22%2C%22c%22%3A%22alYyZ0lPbU85TU80UHRKSg%3D%3DYbQjfLAKejI33c9ZRIc4oWyiJmARTqnuvNsN1TwVsaUpHlPzEk3-xZqxYfyXbVS-xOFCFmshyUCVz4Rz1sBFcoM-GVJ1RP0bNnM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%2C%22fr%22%3A%22PUi5GiNO8TL2v5smWaN5cg%3D%3DLjjSGzJiVqYQxVQ7DzP8U__TaWxo8h6A_hobdVc7h428fX-KX1R3pJreFql7dhihGNYUFWgXrZO-hkNwYjtv1ZNy_DhCGFH-Fdpy6aUUAHblHVLqhs_IzOY4z2kE7d8fasRW7Kw8HEQrcITlO19t4zDYZ75pryUBGAD_UWM1ToER-Z4gKuTwCArO%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Bqj13kL%2FU8%3D%22%7D; _cls_v=2c22c292-0b52-4c11-bfee-11d7d3d8b4eb; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C05186801091127665252634812635028991945%7CMCAAMLH-1671071088%7C6%7CMCAAMB-1671071088%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1082687831%7CMCOPTOUT-1670473488s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.688469271.1670462387; _ga=GA1.2.526439436.1670462387; _gid=GA1.2.792654241.1670462387; _imp_di_pc_=AbQ7kWMAAAAAZDPA%2BMoJqDFDPzXTv54V; SameSite=None; ISD_WWWAF_COOKIE=!/n9Nf7As9Soi24opXMFYjsa6oia5iT7nKQPr1c5g+HeP/xmiY0FbOFap2i4xJLNnfzWLWRyFNiLzaas=; _cls_s=854b1ac5-0788-4070-b62c-e727d40c1c50:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!8OpalioRtQADb3YCM1DtwKm8Wrr89zbhDEUYfr3JCem8l/qy/iNOJSYwUIj/tLqhhnxRnwaVSNwlmQ==; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:71c5bbad-03ea-4a87-9ad7-cd4f2613b85d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:100; LSESSIONID=eyJpIjoibFAzN1wvaHpTV2h3d0Z2OUVKcE04NHc9PSIsImUiOiJCQ0NwVWZcLzVIRHRCMmVUNEttWWhvZlhlUkt6eFludWtBK21CYnpkMVM2aDhiVjN2YTJFTnJDdDVFU3VUSFlzSzJsd3BnRk5NWXV4d3ZRc1V5czZaVUhCVnVYSjkzTWowY21hZkJCVlwvblM4XC9Pb1ViWStaczBBdGFLdm5ONUZQTzhKazBZOHdsYUd0N1pkRnQreVpcL25BPT0ifQ%3D%3D.cb0c1875e3b865b1.NDcwZDU0ODUwYTMwNWVhMWVmMThhMjY0YjAwNjg3OGI1NDNjYzMyNTk3MDRlZTYxNzRjYmViMjUzMTEwZDI5NA%3D%3D; ndsid=ndsa4wfv7v6k568lbeghyq4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:24:51 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bei50WHveuyBNajyCTK16iY5Oeu4zSElnMZfj+g7ugqKwv7%2fQ3%2fuFJ5Y7nRnWZLz; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 02:39:51 GMT;Httponly; Secure
_abck=234D44ABD2DD9B235802600F1372FE6B~-1~YAAQJmgRYLy1t8aEAQAAyciM7wk1O0KgxxPfaz6Qf7xiRDv2ol0wcluKG9EDY1UdttM8x6P0KCS6bl+nbw1jSDRIVS41xl6frI7JL9pUXrwmbEa+GFPZXgMBZNFIN8eYaheQwbIjLtxtMCOO1gvIGtfplhfgunn+0ZCTnGk2qRi1VsKEQQPh198PqEDGhuvNVpYSLmYPuvj07QkKuxZxipq+UEBv9B97FZdrAKD/StwrV+4PyaAO8kySVEeglPJqrodb3HF3DFYvqc0eCewhiG5Ilbjmh4JMryrt6HCHn1wx+Fha3yveGkRzgYLT5RpmrmVCVy0kVTxtGtKUolF21n/DrQVQT1ObCCIHqRB8G1yUPnm1WG6LqW2SDbiSd56svQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 02:24:51 GMT; Max-Age=31536000; Secure
bm_sz=244F8AA96ADE4429C17B46ED7E73D11C~YAAQJmgRYL21t8aEAQAAyciM7xI4yS/F/GCbkfICqf7btyb++S0OKL3dSace0YcnEgrZvRYxcuunhMhr+NPUoa9YrDYJtvLA3gOJnVhBeIijOnwWE5gubryB83hyMfJ9BWXmgzAF+37tLPaq0oDc4nL/GLzugESksPW3DWIhqwDU3D34LQiptaDMFroDE8MSs8VZBJ4nO6ML8LpHeUasoiWE1abykx7rMHF+hNx/QTJFCPF+SNjgZSEcgq873tWJw5ncrVCUyQUgKhamCpA2wV3VQS7BWyGwjmmMGFY2+Cu30KLHoEof~3750196~3487537; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 06:24:51 GMT; Max-Age=14400
X-Via: 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63914af3_bl22_22386-6031
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
54.185.198.128200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 54.185.198.128:0
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:24:50 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
54.185.198.128200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 54.185.198.128:0
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 13285
Origin: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8r49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:24:50 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:bc9a9067-23ff-4a82-a950-f7d958248209;Path=/;Expires=Thu, 08-Dec-2022 02:25:20 GMT;Max-Age=30
ADRUM_BTa=R:55|g:bc9a9067-23ff-4a82-a950-f7d958248209|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e;Path=/;Expires=Thu, 08-Dec-2022 02:25:20 GMT;Max-Age=30
SameSite=None;Path=/;Expires=Thu, 08-Dec-2022 02:25:20 GMT;Max-Age=30;Secure
ADRUM_BT1=R:55|i:559461;Path=/;Expires=Thu, 08-Dec-2022 02:25:20 GMT;Max-Age=30
ADRUM_BT1=R:55|i:559461|e:3;Path=/;Expires=Thu, 08-Dec-2022 02:25:20 GMT;Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2