r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9a5b75c678163e98a8a12a50995ceebe
1af89997cf67706a43a6a823ff7b47e1ea77b7b6
4219fcc781123da3638b2864f1335b080d96a5bab99c547c846fa171b9378017
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4219FCC781123DA3638B2864F1335B080D96A5BAB99C547C846FA171B9378017"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20176
Expires: Sun, 02 Apr 2023 18:49:15 GMT
Date: Sun, 02 Apr 2023 13:12:59 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b3c6ad41618caef9613685a8f786def7
ce6e1256460e0d28da63f797e14a77c1477d0779
ce87c093a66e4a2adfba7794f5db0428a0986b7e74690b773cbd7708ccca3f0e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE87C093A66E4A2ADFBA7794F5DB0428A0986B7E74690B773CBD7708CCCA3F0E"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13677
Expires: Sun, 02 Apr 2023 17:00:56 GMT
Date: Sun, 02 Apr 2023 13:12:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 02 Apr 2023 12:16:22 GMT
content-type: application/json
age: 3397
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 484e8c2f97ad9cb22d208f5bfb435dd5
8822d1e9e41ab733b79a2eec9fc46c3d6405237e
d1bf9ac03389cbc2b111c8d6d46b0d7bab8c8d5574db3400a0e63b81be29b5a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1BF9AC03389CBC2B111C8D6D46B0D7BAB8C8D5574DB3400A0E63B81BE29B5A3"
Last-Modified: Sat, 01 Apr 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3692
Expires: Sun, 02 Apr 2023 14:14:31 GMT
Date: Sun, 02 Apr 2023 13:12:59 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7AYRuI2fcHFeB4pIZDq6VTon+4uN1HJqRSZOizbpkVpjt0ass9lJpIBUgseN8OE/f8PWkFSVFi4OMXEDUjDVrA==
x-amz-request-id: FGBZ6RMFG4DVCDWD
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 02 Apr 2023 12:52:21 GMT
age: 1238
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Apr 2023 13:12:59 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Backoff, Last-Modified, Alert, Content-Length, Pragma, Cache-Control, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 02 Apr 2023 12:17:28 GMT
age: 3332
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6fa0c0763a28dec230b96d4248edf345
b706ac54bb44a20b70f92857bc59af4063e7c09c
fa53224d11289a05229412401b747b3fe0e4323df51fbe0dafc634198617a115
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FA53224D11289A05229412401B747B3FE0E4323DF51FBE0DAFC634198617A115"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11585
Expires: Sun, 02 Apr 2023 16:26:05 GMT
Date: Sun, 02 Apr 2023 13:13:00 GMT
Connection: keep-alive
ocsp.dcocsp.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 85679f000951d7dce22946535f0c7883
6e89d875d1aec1c665dc1872f5b228d9bc0f502e
7c3a01751d55d8c1792ae5e069532d49a9f189c500264ba50e3c6c733279ada5
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sun, 02 Apr 2023 13:13:00 GMT
Last-Modified: Sat, 01 Apr 2023 13:24:44 GMT
ETag: "6428309c-1d7"
Expires: Mon, 03 Apr 2023 13:24:44 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1680441180
Via: cache21.l2de2[7,7,200-0,M], cache1.l2de2[8,0], cache2.se1[29,29,200-0,M], cache2.se1[30,0]
X-Cache: MISS TCP_REFRESH_MISS dirn:3:391716332
X-Swift-SaveTime: Sun, 02 Apr 2023 13:13:00 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9616804411807776774e
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: t+qmWcyJErECu8wBjeoIvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: c5312PG396yeQNzoUMkmyGsHa6s=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19957
Expires: Sun, 02 Apr 2023 18:45:38 GMT
Date: Sun, 02 Apr 2023 13:13:01 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19957
Expires: Sun, 02 Apr 2023 18:45:38 GMT
Date: Sun, 02 Apr 2023 13:13:01 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19957
Expires: Sun, 02 Apr 2023 18:45:38 GMT
Date: Sun, 02 Apr 2023 13:13:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: wlc65ytdELa_faMSddEDHZNsbtF1_CgMOho3W3BvkaOSrFyAkKUagg==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Apr 2023 10:47:10 GMT
age: 8751
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b924892-23c7-4c52-926b-994803adb280.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b924892-23c7-4c52-926b-994803adb280.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 52ef54c1ccca6126744dae71bc87487d
5ddda1fd757a86863f8212474956b4ada5947f12
453110f44b2cef2ffd057361333ad1eaff0e3e7aadbfcccd6dd51341ef09dd7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b924892-23c7-4c52-926b-994803adb280.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8583
x-amzn-requestid: 73e9d791-8ea6-4a25-b1e2-c5b80254ae90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ct63wEEnoAMFivg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6428a4fe-701496a9386e62df4223aa82;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 21:41:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: _X8yL88gFlLzZ7iMjOjrL0B0TfVJnjHDcGDlj2VMxNUmpj06iyLv8w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:50:40 GMT
age: 55341
etag: "5ddda1fd757a86863f8212474956b4ada5947f12"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7478ccc8-5b40-4566-90fd-929865655158.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7478ccc8-5b40-4566-90fd-929865655158.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6aa3d7a585697c5ebe22528bc229afe1
d3b7b727fa0ef6a09562a268a65648ef8e5d4b92
afe0260b04bb6da2aed005a55eff848d1483878050821d475728a148c5eb05fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7478ccc8-5b40-4566-90fd-929865655158.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5675
x-amzn-requestid: d43373d3-fa33-4df0-b4a7-8815484e2508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ct6l5F9BoAMFlGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6428a48b-64b9a307125d97c03f1f9ce4;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 21:39:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: YBQe3Y442z6NcssYv9CUpHG9JEt8eltvdfXcdZGnwTXhbtXqlDs4sA==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 22:47:00 GMT
age: 51961
etag: "d3b7b727fa0ef6a09562a268a65648ef8e5d4b92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47fd3671-846b-41b7-ae64-e6b64f82f7d8.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47fd3671-846b-41b7-ae64-e6b64f82f7d8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c336ed2e672fe0edcb712e592929b95
89a751e033d9301f43e055316f48eefe3b35d3d0
8db54300bf1738af35a23222068ed212566ed15f499207e4ac3f4f37c357a87a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47fd3671-846b-41b7-ae64-e6b64f82f7d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10050
x-amzn-requestid: 83a2e3cd-74d3-4aed-9088-19e8063e9b21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ct6liHj_IAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6428a489-3dd275df7bec7a2c75eefd0c;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 21:39:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: VoijySB-GVwnyK3i43cQPVPenabxB4QyZ9gLNpJTjoWDOs73CHBZnQ==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 22:23:10 GMT
age: 53391
etag: "89a751e033d9301f43e055316f48eefe3b35d3d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa97449f1-c4c9-4dc7-a1c7-2a3af87c6a37.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa97449f1-c4c9-4dc7-a1c7-2a3af87c6a37.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1351fb460f750890b52f9b8e640b01f9
3576f8acb1afa3095cd32352ea34ea969a583163
bc5c49b067f93c4b8523c83739687ae3b9a87f2523221ec8f43b98add65e5598
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa97449f1-c4c9-4dc7-a1c7-2a3af87c6a37.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10419
x-amzn-requestid: d2ac10d5-5911-4dbd-bbd4-ddeea8fa7f65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ct6l4H6mIAMFSIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6428a48b-341881ba3d6181ee1d9759b6;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 21:39:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: B-HLYjXOHriTNiGhlILzUsPTw5uNsdSwqwOOApDJ-KMmjLdO050U-A==
via: 1.1 626ad4a6bf529166d2aad94a2957694c.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 22:05:52 GMT
age: 54429
etag: "3576f8acb1afa3095cd32352ea34ea969a583163"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63f65b3207378879c6e794007b8a11ee
f0ee85f6acc45822ca5dc638bedefb21618d9127
dadd45018a3f500653176e5d585284fa28ca8140ec71c666feb4ab1b93f54c54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8479
x-amzn-requestid: 918a80ec-9fed-420b-b213-3c7e34e007ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9WEw_IAMF53g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-7cdad9533b2617c0043823f2;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: XdEgW3c4XWi4nPXejJHusbQV_sJECsInjs_nxqku4yVuxLc5TxcOgA==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 23:48:55 GMT
age: 48246
etag: "f0ee85f6acc45822ca5dc638bedefb21618d9127"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--9049329d48d6c.wsipv6.com/
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/
IP
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 8903c81a4190124274cb60a5eadf2f1b
e2e04c91162bd834e05fde2ddd3ff1a4ef539430
2f38387ebddfe0362c6aaca2a9132977c010758fd4518beaedb9864022ffe9e6
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET / HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18735
Connection: keep-alive
Content-Security-Policy: default-src 'none'; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-c9f45d60-2d7a-4d69-ac37-ccfaad8b1015' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18678 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486; Expires=Sun, 02-Apr-2023 13:13:31 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02-Apr-2023 13:13:31 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 02-Apr-2023 13:13:31 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sun, 02-Apr-2023 13:13:31 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:85; Expires=Sun, 02-Apr-2023 13:13:31 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230402061301603680723; domain=.wellsfargo.com; path=/; expires=30 Mar 2033 13:13:01 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; path=/; Httponly; Secure
DCID=LfWmshzZ0hrY9v1bHGukByff2J7NyhBUWB3EFOCcaBc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:01 GMT;Httponly; Secure
_abck=5BE646D579E07D6328CC5450C6CE5108~-1~YAAQlNAXAvv2BROHAQAA9IcZQgnted3WsLmt9F/Kgc/qAIRXJUXkiCpc1pbJmxEGuO8XnO3lKN90+9W1w9taQnnNrE9WxsLXl/RcBXPBbt03C7iSrnoL4/8z2Rz0PTR+SKNovcX73AQO+3ZjBUmCOLxCcVkitP4iETBSNfxJq56gI50b1IhKfk8jLoUmbR9NedV8ZqVaiCl4WdMpDC8BtZxRNmewJsSlEAgJli5hio/0Mx161z4MdBXeIdM3ueO4ZR4r0+1rR9AwxBZRD7tg5jshVnQgH6F45rwv6Pjfs2CEaHIqzt/Z3ZAAyQhrkelW7GFDJhpqBJjonSEjcIu6xN6gYJF+AwaY1xRn4R1H0p4Gdt/2uN26XE2zEygTlRDT8Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:02 GMT; Max-Age=31536000; Secure
bm_sz=BBF7E64BFCDC3D40204CA9D90DAF1DFC~YAAQlNAXAvz2BROHAQAA9IcZQhPLpXh6G/0UGjAtPoS8Qd39hy2ID9hFUpiOm7frYn2V7Fp9ISz9iu6KipMxmWcI7wsL9TwrabkaaTz2kere3B2DvKbWmv+9C9DI2L7GZSBmcphwPYKbfxrG+rQ+/IPhUvAQHAJhvp3f2n3PDlA2QCg+ZeBk+d6y4TOtUFaH0XZOOgJ1NLGDKrXk7DbOOzgLnOIQ0Fy7GYlONhWHiTVv8Gk0WoiaJiFqlGUQHrI4j8cKv4NZajR8MYEe5EeYg+J/Ub3ciRlw6E9sN298SA5aG2uuYqWC~3293746~3294517; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:00 GMT; Max-Age=14398
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5c_kf173_28402-9887
www--wellsfargo--com--9049329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 3f9cbf08987857328ddeecd5c0841c98
6529bc4031ffe8c23feef79dcead7d3790c52b02
b6b40f8adb3910e658c5f61de4b636c0dbefafc4ce761e3544a9b38fb41cc7aa
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19118
Connection: keep-alive
Expires: Sun, 02 Apr 2023 12:00:33 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-e71d"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28421-3959
www--wellsfargo--com--9049329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
200 OK 24 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash 54b9cb09a12ca550998d724cf1f9c352
e56c79cae2cdde87dab4e7db2692166fb8a24791
1438a78458affd5e7adf22ceeda674f752e7ddae0a1b24d248fd89ba043b44aa
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: text/css
Content-Length: 23675
Connection: keep-alive
Expires: Sun, 02 Apr 2023 12:00:33 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: "63f9460a-2a25f"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28223-19414
www--wellsfargo--com--9049329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
200 OK 58 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash f6df70690f6b9bcff57603ca344468eb
4404009b69b7cadd1b753e360dfc46d3fb770f0e
07ad2c821ccd2067ec6de1e162f3749d7c5c5a65d8117e65bf8ea65a9d1c0446
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58342
Connection: keep-alive
Expires: Sun, 02 Apr 2023 12:01:06 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-2c7e2"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28341-40221
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=666688
expires: Mon, 10 Apr 2023 06:24:30 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=666641
expires: Mon, 10 Apr 2023 06:23:43 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
200 OK 83 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
IP
ASN #54994 QUANTILNETWORKS
Hash 10c5fdc38839865b020b32785110e222
27bfdfc5541be345c066793bdf9eed83603dec92
91e1f35b43ad5e0e3c95600d430b1d42fb8f09eff4d3fdcb931d2925915942a1
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: application/javascript
Content-Length: 83266
Connection: keep-alive
Stored-Attribute-Sha-Checksum: a606a4b52257c68ea8ca4bf4d3668b7964596f986dd44b276e0a617024f9f342
Last-Modified: Wed, 01 Mar 2023 16:38:17 GMT
ETag: "fc287303009f39ef5c3a1e7c46b35ddf43c29e70e01403e9f40c97a5eff227a5"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=N4Zc3YMiWsxaN9AOBfoWpA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=2EA3597B38CEC8437B7BE7B52AC9E0C4~-1~YAAQlNAXAiz3BROHAQAAm4gZQgnNMhnYk8WVztshk60V0adpilY+3NF8yUH1Yd3Bc9Uq8kKA8ZbC+CFYTks7xDtMbLdtgx+xUt40lCkzXl41iu0TpayqjvgVndDvoLShJj6qXUrVFvh4FK/FWo9NiKNt/QABUsZuI5cj0cgPu2MJPhvVX3iPKK2WAOH8esiSbhB5JdbnehPYRWn863P190QdyFqOz07DR8JT6MBUcxQw+y0CA3Dy88uqz1QKXJEpahM4SWl5K5A5QYjAb15agr2vKFVJMkQM9AaXvlSwS/VAIduo+VoR53SkVKrWlUUO5GnEmhPz6JOqAntfa6FNPP0OmJR8KC/p2IMtPLIsrG/wl3sH9IVO+siupVKNFFoTig==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:02 GMT; Max-Age=31536000; Secure
bm_sz=8805F2548A4D69C07912D96F30F401A0~YAAQlNAXAi33BROHAQAAm4gZQhOsk/PD9B2DpY7KCdAIMr9fmR07VZX3vFL2ozkzZ7mZy+Wtw0OAAf1srJPQM90jAHO4koL1eJAieJ119bwA3OHI6/n9M7NOBXsIF5ubDQ17M0cbHM2JmZ2PkT7cFfd8VLMZ//lUoRK+Xl85Ned98GF0/Y8l5QpbuZQoCuelpFpw6Bscd3ObRMymoIT3mCOWgAciL20pJ51UIurzA3pJ6rWHD0/WJEKvzyBxjxsAlpBVHOhUDhUNxrNFyAbgz3sqZHL6WaGtjPNYYXzEoKyPto21P6t/~4276804~4600112; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:02 GMT; Max-Age=14400
X-Via: 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28341-40222
ocsp.digicert.com/
200 OK 471 B IP
Hash ab22a9afa0ad2172705e2d7ac71226ae
aaaaddbbe5e9ea513297533f347483a7226fd983
e0b654bf41ec4e42d218ca70e357d7208b1520fbf65a40023ca8e5bd3abb7bcb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6433
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:02 GMT
Last-Modified: Sun, 02 Apr 2023 11:25:49 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sun, 02 Apr 2023 13:13:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=QFyr8UagB7knOkTow6kMsg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--9049329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 38452c739bae3059647d2dba8c4c96ce
9399c2fa7d0c5a977d7cd9cef353d890142f1366
6192488b9561650ea6ffdf539c1c4fe36140567c66ed9292562b6ea36f81ecd9
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4285
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 02 Apr 2023 13:13:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A-uIGUKHAQAAEyUEi3LdjnvtgWbz3Id0oSRl3z8lBx_kYqq1eqIee6rV1rrHAaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|cd3fa0c8d4ee1b0b33d293a8fd581711b87a2681; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=ymcj5InHPU1RyLJLdaoX3ufcB3ZNPmNqSjC4WkJkArA%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28402-9907
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash c5c30c6f4bfffa360cea9e4596911099
74fd08d2536e249015a63df76527663937211369
29279bc4b9c6fae6f797bec6ab1cbef61b08cfe23b27741175f546c1eaa8c9a5
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Sun, 02 Apr 2023 13:13:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3q5+Hmw5zAmLBEqdqbuOxg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=11719491
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5260160
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5260164
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5103337
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5260149
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sun, 02 Apr 2023 13:13:02 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www--wellsfargo--com--9049329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
200 OK 42 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 18480d5097c38aba6cf12a918668eb3f
8eb7c8bb72f5a51445be373e197997c47e0aded4
0da1fbc04108c130773a5716de91a9fee2f74e1756888073b463e47238df60a0
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /_bm/get_params?type=get-akid HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:02 GMT
Content-Type: application/json
Content-Length: 42
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=tiurycdZrpAWCD67DIIvjA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=673B9F2DA3E9C0F31D359889B43EE5C9~-1~YAAQlNAXAo73BROHAQAAFooZQgnfu+sn59GVUUAm5T1ietU3yWkDJFlXMEfVfFGozJyuYmCEyGYvR2S9WxWj3ibWk7BiwpAZRbw0aVgOX0seGTD8VbDZzpB00x9EK+POGDhDmGuJSXOl7zwXZcdUi+WvNd7prNbF5Iyz1t/wKe0h7QR+fFWtaAlvwIcGZFd/I7CZPwBuU+azrDzHAOiTW2yrLC4tMltrdjmHbLDR9k8+IHABhBHYKWcvj5AD0zBt2PsThR8yXnTAOCSRymdsbUgDSjezb6nfNcIMzJRoWUgbUmkZo74YX6gu9ha0JqvZ0fr6r5jrTCSJzkKQ9mU6pM/Cx01VOWXlngO9HADse3cEfRCeXKLpNfVeDTaSX+/XUw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:02 GMT; Max-Age=31536000; Secure
bm_sz=D674D9DC346D31BEFC21E3F665A2A4E6~YAAQlNAXAo/3BROHAQAAFooZQhNNmMJ2vzIZc+bl5BdE5zftyWGdXwX/hmE8U3n1g5zVIen4sY9f5Y7hF9U7CyV7He3eNg0sG6dppWiAoVuEoLdHm2IpQTgije4CfwfnZcKtou1q2uvUTRckGrtnSeSLXhpZn80L1ajDrO5WPUPh6J1KygiL+ow5svq9DSRwQ0FgK1OlM/pUvhPJvVzsnBKzwFITpy9iC15eAAAIYjKnAl/9j00nzhujwXPjKfBG3FmK1mrTAd5JaRN6fJjlooBZFNMIbXAPNMfgSn/R6IBi15NJJChQ~4276804~4600112; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:02 GMT; Max-Age=14400
X-Via: 1.1 kf182:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28421-3962
c1.wfinterface.com/tracking/hp/utag.js
200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash b38ba2c4ccac82517091f028eaea3f50
7669376caf58f44819ec5f076ba7c84f5d078ea8
39d84ba25cf019ef01d88316e2a93e4ba36595f9e93cdbbe781a30aafcb64a99
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Sun, 02 Apr 2023 13:13:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Lzc2awP%2fkG1EazzuRyJXFA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2715
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 02 Apr 2023 13:13:03 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8qiC3PfxkEBwKf8ssxdvUg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=8qiC3PfxkEBwKf8ssxdvUg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=C56207858293C3C3FBEC54B4B03E93E0~-1~YAAQlNAXAtP3BROHAQAAJIsZQgknAxk0MdvpyidzW+1KlOnZH5R9eIa/XaUgDG90LoPBEQHFHYUm9W8UN4gcx2JufYBO1EW5BulfHOUjNOkDR5j/ZV6ifRtXyfW+vIs8Ccxr6Nr/ESOBYVZIP7gcH6mEiz3J5F1SEuy4iATgRpET/Tb+HJ7SPKjtcKFwEEKJsevYfT3GfFPFtJF/Pmw41wxgn3r0pp+TS/y3rgjqRSQuwVTzMgH43XafQfG1oCjp288rTf50zlhIvCN2uikuzxr4Ako862z/3bYFVU22YRcyj0KoCmj1oW7hbchRZjrTfZ2RUnooKimvg1TvD3TBz9wrX6GLppCKFI1+uOa1J4WkHs0l7zyDfM895CIDHiJOGQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:03 GMT; Max-Age=31536000; Secure
bm_sz=81647A1DDB1DA9C406BF85E9E1415591~YAAQlNAXAtT3BROHAQAAJIsZQhMRAEj2gzer1BFLJEk5qANWDMOViApZnhjdR7tcFLLbe79hed3yhrmmrhOwr4BfY2PIdN4SB11thY8EFz4M22wX+tLkL+/ZScXeFrRyssZUersnkETE+i7HyhWI2eGg2Rbc4yW2zcIB3EIfa7ywOw3AQdD490EX0bLdLPK5rZFerfR2OVlFFtxHyCbnyYTxZMprJJ8eYat2vdHJGK89YrkPg7rpYxWefhOwDxRfOV+Plt4TBiW0cWoraFMMNk3uqtEJkTbuBPSTCts5GuH4vd5wkGF7~4276804~4600112; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:02 GMT; Max-Age=14399
X-Via: 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28402-9948
www--wellsfargo--com--9049329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICYDUKHAQAA2QzJGJnybeTbuOjUQ08bZzGDm59priN4HGp-c-DcpLGf4xdr&X-G2Q3kxs3--z=q
200 OK 148 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICYDUKHAQAA2QzJGJnybeTbuOjUQ08bZzGDm59priN4HGp-c-DcpLGf4xdr&X-G2Q3kxs3--z=q
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 148 kB (148203 bytes)
Hash 87a63371d3943c64edbb4d4c95b0f271
497f2197828933022a56e094b174541e476012a4
9c65bc52d1601103120892ad6eb72a4fb66a8081cceb7ac02e666fe48e085a8c
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AICYDUKHAQAA2QzJGJnybeTbuOjUQ08bZzGDm59priN4HGp-c-DcpLGf4xdr&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:03 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 148203
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 02 Apr 2023 13:13:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AwSKGUKHAQAAt_HM7Bvnov90j5J8KMAhJ7kWvCnK6Yi91wdsZGWT5uLJ9DlxAaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|b47a51d2423d236a1b08115f3da3486786bc6bff; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=x6HFNaS2%2f3yX2t%2fcRqioKX%2feC6Szn9ws3l4lMs+ftDY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28341-40233
www--wellsfargo--com--9049329d48d6c.wsipv6.com/target/offers/conversations
200 OK 2.2 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/target/offers/conversations
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10645), with no line terminators
Hash 3f9b5d914d8efb493eadc6754adfaba5
865a4513aed8d9571021517c9ec999a68418b80d
d2741f727eb25b3d5eeb769584ed8a216d10ea92b357da01d5e869019577e3e2
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:03 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2187
Connection: keep-alive
Content-Security-Policy: default-src 'none'; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-06a95ead-ad28-4ab8-af5d-8ebf7568f20f' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:85; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c; Expires=Sun, 02-Apr-2023 13:13:32 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02-Apr-2023 13:13:32 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 02-Apr-2023 13:13:32 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sun, 02-Apr-2023 13:13:32 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:127; Expires=Sun, 02-Apr-2023 13:13:32 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230402061302384392655; domain=.wellsfargo.com; path=/; expires=30 Mar 2033 13:13:02 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=5E0F2B81C831DBBE317A04D67E9D5F93; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=ilKAzWesWTHr7l8u72KiGrGv8DEemjrJqsMO2gG1ynX3xwmr1XbiAv6V%2fGo3vk5v; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:02 GMT;Httponly; Secure
_abck=F79BEB495BFF6177DAB9477F9F116DF6~-1~YAAQjtAXAuSubzmHAQAA+IsZQglU50wYu7fuzRIFjhxymlrLB2oDjTp+Vww8CynEuiOY8ivHzJ5QnsZM/m5lLoRgc7YvnKevNvbQXXRzbvTFupGcldTyr/bLZ2pryQzHUeeLaawscInrf4uQHvh8JeyT+qw+Sly+caHcFCuyp+1TeVsUWoE/NlSGPX6K1Aq0qoNMAsWUGzfFd6fEe7sp2p/VBmWY2UABEMEQZ2Kk6ZIBhHzBzrVTbxT7E4mj9qBYQWALlRXpwypMwaCV52+rfYVFzQpEZRdbeeD17zGL2qL7X6oe9pFLYM06H1pTNuy6IMFGccDLI2E7OsiGIQVD6LTWqi4rxtRf7/Z7pS+5AwvWrUxKAJgC1JomERt8tbheEQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:03 GMT; Max-Age=31536000; Secure
bm_sz=F3A5A23AE783F578CF4908EE70FC0FA1~YAAQjtAXAuWubzmHAQAA+IsZQhOP7YHJP+Pq4OiQe4q1ggy2CrSDEB/LsueXcBbxsZ3B739RGXtu/cnadbHJQjfLfwzbX7C+AjD6VO4ek6mJJRwbnasiE4shSHXT5n0SnkNdY1ogFXRjCORavQPHw6rRQmRRSDuiD4X2gWFTrqnAKZQ3OSb2ckI1hOp0OSJddfLmNKP0ww4lizwXNWePXEWw0RJB4voG5+E/dw5SzrhukLt3tY+g4aRCssajo087hTIz8IR303f7AFHxBdRMDL18T2wAQProaydbtcjg67+UcWE4c/Wq~4276804~4600112; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:02 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28223-19420
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=72733
expires: Mon, 03 Apr 2023 09:25:16 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=756441
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--9049329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
200 OK 308 kB URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65357)
Size 308 kB (308145 bytes)
Hash 09692edc541783c3d9e1fffdd645c70e
a0dc9751050cc567a7f7f7732116e16a1117989f
1fded794298268e8997cff93efa597bb60d71528d3e8ca4af840a7dd38a64e11
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6ed5c469-55e1-4084-a317-06aec262d486|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:85; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:03 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 02 Apr 2023 13:13:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=ylX4YhfchhIARtMAUTe4PFqCASexy6yeoWxgGXAfmsw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5e_kf173_28341-40234
www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2875
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:1$_ss:1$_st:1680442982952$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 02 Apr 2023 13:13:03 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GPT3UmjPFEVGTAO10ooFlQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=GPT3UmjPFEVGTAO10ooFlQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=87373E0B6231F7316E3F1571E8A3A445~-1~YAAQlNAXAmb4BROHAQAAHI0ZQglBibREVTWy7ZHkwLv/cywJR9lYd/wy9kFSHKdDi7J7D+g8Jx6lwc2K+f8+CWNR/rCkDFz1G6PVFZBbDV4Kv4bOhA0+WMkNlZ3S4+mh0xwILjU+Q2IsBldNSKZTwNbPkYV6EV0DZIb0CPCWBdYoE3CES+cw9hD0HnJXJoazpYYk5+yN/PoPypl0FXl3szXQKko6FxqW3V79Uub2za+YUv4LoJynef/6yTLOPeIY11trdvEZWBGqiyYfEME6UtpB/KsYYLQgFaGmVmLogSgeYUCEnl5cTMIu+stMHpsNaM4o3bTtHeBc8KEpEEYZA4EtK+e7TA0n7oGevp0N7vchf0y0gT9pCh9hHJOspBwEYA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:03 GMT; Max-Age=31536000; Secure
bm_sz=194B03DBDDB7643C78A8DA849677C788~YAAQlNAXAmf4BROHAQAAHI0ZQhPgYgWa7csexCO2w8E89q+vAXRMFxApNN/3Z/5oi0GzEVaRGO78mdgfJQcTYm3qeb4ZgudUqo4yp+B2EF4EAgvQbA7nZ0c8ynmOmC4cwVfG1+BCfAynRvnvo7WmJsaExsj8PVnnipLSa2D0wbZPnUuiC8xps64ULmGo2MkgVh7MbsCwFMLXF+E8l2rZBSKw9idX6z+K5edCb2pCaibzcQGmgc/1RXtgcYp7vTQXwiv8fYwiXyCvc0kkZYZ5p5a+m3ZXcCfJzfOFs09YYsaMG6SBgpnd~4403253~3552582; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:03 GMT; Max-Age=14400
X-Via: 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5f_kf173_28341-40242
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg
200 OK 4.8 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0867726241a09f5c4f8881c0b0a8bfc2
e0822cf1a6d39dbfac1c1d908a3fadf6f113554f
406498a4f546d06603699d7290a4b5c2492b7c8e7c949d16fd8e87f946aedac1
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a7e46d-e1c7"
last-modified: Thu, 14 Jul 2022 02:10:45 GMT
server: Akamai Image Manager
content-length: 4750
content-type: image/webp
cache-control: private, no-transform, max-age=795879
expires: Tue, 11 Apr 2023 18:17:42 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
200 OK 24 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cb2701f69033671b5b2f3fec4c80f572
ab6a87369924fa513fa98e04677c2d332d5e25c1
9913aaf46bebf4d41ba3b37f686ba546b41faa33db9dc720a68bebd924121125
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "635162e2-d177"
last-modified: Tue, 01 Nov 2022 22:03:11 GMT
server: Akamai Image Manager
x-serial: 1920
x-check-cacheable: YES
content-length: 24386
content-type: image/webp
cache-control: private, no-transform, max-age=1154892
expires: Sat, 15 Apr 2023 22:01:15 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
200 OK 55 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f9ab0764029883a1b5fedf81e7a450a1
b1f3593d1bf562f06bff4d9175d7ce10aa294f4f
4d2bd105b932b41bcf770bccfa190341867c5680f95df56ebaf24f6e8d8aefcb
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505818-def7"
last-modified: Tue, 25 Oct 2022 21:17:29 GMT
server: Akamai Image Manager
x-serial: 1018
x-check-cacheable: YES
content-length: 55048
content-type: image/webp
cache-control: private, no-transform, max-age=514039
expires: Sat, 08 Apr 2023 12:00:22 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 14bdc46d81ae4b5283a8b12041900b3b
34ea3265a77e2cf08f22a15468b87480fac323b3
37527b7868fd7bd8b735222ca64276dd942ed8fab9a3c1d5a42383b22c6e2c04
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63617b69-da1"
last-modified: Mon, 07 Nov 2022 20:42:41 GMT
server: Akamai Image Manager
x-serial: 553
x-check-cacheable: YES
content-length: 1264
content-type: image/webp
cache-control: private, no-transform, max-age=1638009
expires: Fri, 21 Apr 2023 12:13:12 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
200 OK 46 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505819-d82f"
last-modified: Thu, 20 Oct 2022 21:37:57 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 46359
content-type: image/jpeg
cache-control: private, no-transform, max-age=2267872
expires: Fri, 28 Apr 2023 19:10:55 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
200 OK 1.6 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9bab6d4f56255c3eb509223b9e20a4e4
9dab7ff41b34eb5a3ac57e0b09e6215b549b7136
e68a77a05fe5ce16c4f6aa3590d99909ddb57e180a0741736debbe26fd98233b
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "633eedca-e69"
last-modified: Tue, 25 Oct 2022 20:39:05 GMT
server: Akamai Image Manager
content-length: 1570
content-type: image/webp
cache-control: private, no-transform, max-age=361378
expires: Thu, 06 Apr 2023 17:36:01 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_greencarddesign_eng_1600x700.jpg
200 OK 42 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_greencarddesign_eng_1600x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 119a7ea5f92c8c808dd5966a61dfae14
541b1f9dda57e965da73ea16c9ffca15f557fc0e
ecda6caaf2e4d61e9cde793eaba31325a139e9c9d712825cef14a7504fe58b4c
GET /assets/images/contextual/responsive/lpromo/wfi_ph_hplp_greencarddesign_eng_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6286a22b-18ae6"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 794
x-check-cacheable: YES
content-length: 41940
content-type: image/webp
cache-control: private, no-transform, max-age=603028
expires: Sun, 09 Apr 2023 12:43:31 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=565535
expires: Sun, 09 Apr 2023 02:18:38 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
200 OK 951 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
File type ISO Media, AVIF Image\012- data
Hash 83a33d51d4aa35f54f2f6c2199c150b2
07f73b41675e50d9966b314f2b80c0f19b72d87d
a85551eb8605dc8c8a4cfdbdecce7c9a91bfca0fe5b63d23d59aff1f1a96cf94
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "636fb758-81c"
last-modified: Thu, 19 Jan 2023 19:32:59 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 951
content-type: image/avif
cache-control: private, no-transform, max-age=790188
expires: Tue, 11 Apr 2023 16:42:51 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=669888
expires: Mon, 10 Apr 2023 07:17:51 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=738258
expires: Tue, 11 Apr 2023 02:17:21 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=771825
expires: Tue, 11 Apr 2023 11:36:48 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=1514992
expires: Thu, 20 Apr 2023 02:02:55 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=756462
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=673475
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=750369
expires: Tue, 11 Apr 2023 05:39:12 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=756711
expires: Tue, 11 Apr 2023 07:24:54 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=757048
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Sun, 02 Apr 2023 13:13:03 GMT
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/gb/detector-dom.min.js
200 OK 138 kB URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash 82da93da2b382c358a35dca5b5ce75f5
714b4bd59331cc355e3cba801897e87cc4dc7a3d
805085445497b5250d37e5236515811dc5179bbd1fd48d6131d084796e150393
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Sun, 02 Apr 2023 13:13:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Dv1jsv%2fgNY1cKg+livmk1A%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 02 Apr 2023 13:13:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Kq851%2fVVR80z65Deru0qLw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sun, 02 Apr 2023 13:13:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pGb06sssOsQoCxcpoOTCug%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
200 OK 570 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
ASN #20940 Akamai International B.V.
Hash 7af42886cbcf150f5f025fe73d898a46
9c1750811a061fb0b294bf2161fba564b3c536c7
1e06e8784cc014d631eb50c253ec3c6d7c1bdba9db7b91eb58cd693f4df65591
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 570
Date: Sun, 02 Apr 2023 13:13:03 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=B; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=U3J7xNuihrnqBTInpLpYPoE%2f+8ZONYNNJmtkFXMRXT5w3TLmm%2fPrbphd3gKeLvWH; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:03 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
200 OK 151 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (150630 bytes)
Hash 3d0b278a31dcd83bd80d8ba43a5bf38b
d3d4542982f4854738e65324a6772040c9a43acc
9c57a28a32ace6f7452b9d890e441fd10d14fc3782278d9e304babf5d9fffde5
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6410ff94-1854"
Last-Modified: Tue, 14 Mar 2023 23:13:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 02 Apr 2023 13:13:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A1qOGUKHAQAAysqfCEOWuDLOK5llGh0Cqy-dqICynaI62EhV2qM16NKJ1YIkAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|ab69461d29456266f62fc5dbcb7b05e234c93407; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=wOl3AlvZg67FccJs2mkVaIjZ1UrLwnmhrqLMzJRHVrLekA2l5tBNrD3Qq7CspQGD; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:03 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
200 OK 471 B IP
Hash 58f49e3f2ad30b51f3461a4eac2c91c5
bd6e07a7918b5e9cc325efbce51bc59c39c998c4
1729a86c47b49bcb37f90f5408e3f7bce8b319bd911724bebb392e8a309d7521
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4075
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:03 GMT
Last-Modified: Sun, 02 Apr 2023 12:05:08 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash c3c017b87a0650cce9b3ba14ebe9fe26
6a8c971574ee34c91ad388f8469cfc4619560cb6
2d541428fa8686262d64321e29e5961d5cd0be372b3d3274e5affdabf113b9ae
GET /accounts/static/7M/accounts/public/stylesheets/wfui.18915ef50d53df2cce93.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37149
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-911d"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UW8SYCBwvvoJHH9kLnfZSQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.1c37f30deebd44acd482.chunk.css
200 OK 24 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.1c37f30deebd44acd482.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3c846ba351b441f348c13882fd36e641
01fb30d1626af65789aabbd40e4a9c1ed2f1445f
7a1706de813aa470a5acb83fa389523a1a1c44c2c3135e3e38396d69c58cd780
GET /accounts/static/7M/accounts/public/stylesheets/main.1c37f30deebd44acd482.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23480
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-5bb8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=OVgVdS0qnBA+3nULe5iSjA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1680441183834
200 OK 322 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1680441183834
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash c2fe9215fcea4a92070e8ec8644f5d24
7358ec43aa7f0a396654a9c7956f476d524e522c
5899aeef8174e5155a98b4ee58f26e5c2bdd41577a22dc0a069acb427c94c38d
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1680441183834 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-05b75a697.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=32582716554772644350748525991517877643; Max-Age=15552000; Expires=Fri, 29 Sep 2023 13:13:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: uC2RNM4mSCA=
Content-Length: 322
Connection: keep-alive
www--wellsfargo--com--9049329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
200 OK 175 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash f8ec78d3538101322d4098c8d023600c
a7feb38f8c8d4f6a04127d9ed522133ad9f34162
46275404c1b92f2e3d31eec359a6578dd4a1f92a9d2dc744ad4d3002a02f7a3e
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------192396780824472120372257414668
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:1$_ss:1$_st:1680442982952$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8IeVmZPcP1KiHvdg9liqsDektO6WgCGEVaW%2fity+COE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:03 GMT;Httponly; Secure
_abck=6E4490B114F747B179FF9A14F046235E~-1~YAAQlNAXAv/4BROHAQAAUY8ZQgn3g5Mzt8KFcbCj4299fK07N+IDZhWuNbCGVky/JAJieSftj0acNgPmdmuMd12uAdlOwsKoj/RvS1ANI4qJ0+h0w4gaV/m1R8Qb+CG2vdduEMdVnO1WBXotYpuOdnGmSqTWXzObx/xjphB8vKqD6na/ypKkhcDHhVf4gmadHXm3MccMwJetR721w9NGVm7wr+2okUqXKHW2JHn+8nLGIomJqDo5NfeLL6sJsAvXU+Bcxm+JpXFo690iYUPqYkzvcN4fCcXD/TeT1el6smF4K56iJhboKplDWcA5C15MAhAfkHXnWvnX7FcMHFzt9dxTxdDFjeoAHbQc2AbP0dWLCnrUUczJq8q0ZIPq6fCFUQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=650A02259299981F90B4B94B870D4550~YAAQlNAXAgD5BROHAQAAUY8ZQhMZtafKqoNldT4xbr9nukdeI6TUJjXNqjZgV9k+W0QRgfseCPvQDZEt3/HQ5NuZoF+kW5ZY5EORiA2wTivoC45mpiGbIWuFqa3+cE2K8x7hzCqpL7OAHK6GxMz5K7QuERMQTKzQMhGrzKdYMVDuj7GQdzSWkPr1S+gPOMUUxhVd38ilM6QNorInoSS6reuAxSSSv/ws4TVpiDYNNw87C1HvLhL3KzoGfNjURfJfBtfbYm75KexrHf937rDp7LTmGyWAKFJ4RUcfYex2a8qi4IIWhY21~4403253~3552582; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:03 GMT; Max-Age=14399
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5f_kf173_28341-40246
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=32591252553088517440751614621773959064&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230402061301603680723%011&ts=1680441184078
200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=32591252553088517440751614621773959064&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230402061301603680723%011&ts=1680441184078
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 1d5285f87f5b812c3cfcb15b0986f009
094bdfbe400b2c7baecc4a6b25844fda3586b613
7335309b4fadb1a42bd44076c7787967c3b5eecdc905e895afdd119e68c23453
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=32591252553088517440751614621773959064&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230402061301603680723%011&ts=1680441184078 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-09eff2095.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=38537817624522434971869851624607930711; Max-Age=15552000; Expires=Fri, 29 Sep 2023 13:13:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: RyogZm4cR1o=
Content-Length: 320
Connection: keep-alive
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.05a69a13044cc6fc4087.js
200 OK 3.8 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.05a69a13044cc6fc4087.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7626), with no line terminators
Hash 07636f1f7a52879fd80a441998850183
b91dba2e5fcb00fdc9182c7d024a5e77af9c2c23
2a55e3bf41e5649d171e018cc6843d39e0926eba587dff857fc889c6929f1526
GET /accounts/static/7M/accounts/public/js/runtime.05a69a13044cc6fc4087.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=71TcPF85xfgdVRv7hkML46t1esLRQMPbV37yy8D5Cu7y8BlpCJIHhjyh7jp9ur19; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.3950f3b92beb9b7e513c.chunk.js
200 OK 282 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.3950f3b92beb9b7e513c.chunk.js
IP
ASN #20940 Akamai International B.V.
Size 282 kB (281926 bytes)
Hash 0980a8c5b93af79d66cc52b023de9509
2b27a05fbe0e9b3222f62ba27e195df275b02f29
b200c10a82349d45f1875ba0a0a4fe2ab65e227347610fdb9b49f3a169d0f32b
GET /accounts/static/7M/accounts/public/js/vendor.3950f3b92beb9b7e513c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366396
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-5973c"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=68U9xy00yiJnJrRCrrUpjf%2fC0v+yYKUjNEw7iM%2fez0%2f8jRn3HQNi0Tyi62nEcqyN; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=AKR%2ftMIWIQczS1fTCRk+bg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /sxHPFp/w/6/MGAhBTpEhQ/w3OLhD8wD93u/RVhAAg/Nx/0Ye2ooKm8 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2761
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:1$_ss:1$_st:1680442982952$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=oD4nm5BLp%2fqGWmv3Mq5oQw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=oD4nm5BLp%2fqGWmv3Mq5oQw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=FB6EBE5CB92128EC2988230FE5CA9DFD~-1~YAAQlNAXAiP5BROHAQAAw48ZQglsHihRt2JDQBPgP8OyQrsIiMGMOc4pa2IQ1idaTnUv1/nJ2+5GjUGjsBysJlcDeXo7DXl68n4eGYAAM3FV4eG/61fGCi8nobkAEfa0uEHHxZZFoEneufsH4GA8krGteC7YBtMxV0AdvIAipKG13MNd2na2zge/PZo/Q9LUjSXRQs3Ga4nWWf2mW1c8X3Cp7wW8KIuoIKTKJlaisfkUBrTcMupE5HVYrJQqWZATnUOeUd6s3vZoJqKtTw3ckhXltbCDbNO6RSwUBlzRGbJE11iBgaMy7hFGKrg18Ndr2QN4R0iLDIngcNSlxY60W5eRDPr+TqMc0l5YDYtYrP+YHxZkiYem6zW9CjV4VDCMGw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=91EB114AD19300FFE33E755D730DE09A~YAAQlNAXAiT5BROHAQAAw48ZQhNjqABQYsz087muElpO1i5zxvjYfHlNkVFoBR8ykItHeYU02nlEot16wPMU7hUC/E64xuR8bYMOuPe6WJZXPHEI2voh5tBYOODZXtRvD1vRQ88zKQ/ayd+vXcnH/OZPHlDh+sqoDh6M6x/UmwcbaMzifN0qNieTG9+zM6ut2R8bNlYVXwrjduJfumBY2wfkyjPizlo9X6ZaOEg4shyQQS27VRG85L5Ru+A2hCDNopTKLA612kV+GZnwjlqZVxgtdbsmxHzI5dqDsJUdH2rULciZ233C~4470073~3490114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14400
X-Via: 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f5f_kf173_28341-40247
ocsp.sectigo.com/
200 OK 472 B IP
Hash b555c2cddbf32e286d54645e99eaee24
9bdcb58ec9f0c7bb7a55a7c9e8fbe4c2cc7cf336
8fc4e701c47d0709fc2c5a40323665d41afd384a50590bdf46b42f99acfa11f0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 30 Mar 2023 08:38:03 GMT
Expires: Thu, 06 Apr 2023 08:38:02 GMT
Etag: "9bdcb58ec9f0c7bb7a55a7c9e8fbe4c2cc7cf336"
Cache-Control: max-age=328497,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b1953b80943b509-OSL
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=QupndN0XLFapXmu%2f9zqPFA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=AKuH7hVRaiUj6fCbDkS+Hg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1680441183846
200 OK 315 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1680441183846
IP
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash ad2d5403ac7557f09c51b24a663853e9
8fb1a74a00ca4ff6c4fe4abb002317e1d68a1dd0
78bb96c7ffa2da9c42f8b13182c7f74421062e3bd78d90e7417e6c0413aae1fb
POST /event?d_dil_ver=9.5&_ts=1680441183846 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 428
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0bf7d8264.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=32582716554772644350748525991517877643; Max-Age=15552000; Expires=Fri, 29 Sep 2023 13:13:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: UOusd0T/QgM=
Content-Length: 315
Connection: keep-alive
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Dec 2022 17:56:35 GMT
Vary: Accept-Encoding
ETag: W/"639b5fd3-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=JRIKcP+yWBSx0lpD60aT1kIurmIJv3SWYYhkQbtHqxz4HHTHr6e%2f9cwSPo13vjfY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/glu.js
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0a486b11d67a4fbcaf78f99ff0a60ae7
901fd44c02bf30a6289971cfd903f620143b1e19
7b819346b2d9529a832c2ea07340b7482d6697a9368ba358927e2fd2669295a9
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37204
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=YnhFL3BTDPDrA949+WOjM2JEXVD8G8r1kdbxmivs4Pv+ToqrRzanFX6Ax9s3W0Dx; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ga.js
200 OK 20 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SRGmQLTDHExlCRqQRU6FWw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040%3A0&_cls_v=c52c988c-695f-49fe-8444-b38853040cd1&pv=2&f_cls_s=true
200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040%3A0&_cls_v=c52c988c-695f-49fe-8444-b38853040cd1&pv=2&f_cls_s=true
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 71dcf1410e94a496ae1d0f3368d38d06
a272081fede9868b41fb67e7a33228426a999541
12b3c605be372cf8155366e7d51e1a1ce140c9a0d8ad462ea6e616f876e9934e
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040%3A0&_cls_v=c52c988c-695f-49fe-8444-b38853040cd1&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1188
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=c52c988c-695f-49fe-8444-b38853040cd1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!ECNUEbIzBTGZqsd54TfMmyz5FQ342dXvzbG0hJXOXHVcW3TcGU7Nxhbbn2wvOoOilMoYurx8PrADURU=; path=/; Httponly; Secure
DCID=%2frkA+9fiy7ChtQSuSYBEFpUqiMCEWi1JcQT7YQdrLHU%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
200 OK 14 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=uAb81XGmKfHd6Zt4JlKhxg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 968 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash f3ab64d6d118038177609cb7f74254e9
ee7874a5acaa934884f306789847511d02631a74
66fedf38749c7c0f42361e7d57910ae9db9a0fd2f803412de03bc5a8df9a21c8
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Content-Length: 266
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-da806abf-fa52-4a9e-b277-c67851fff046' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:127; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:ac4b0256-7bbe-433e-87f3-b2ef92cf39dc; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:ac4b0256-7bbe-433e-87f3-b2ef92cf39dc|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:24; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=710807C1FD0777B495F0B92B110C60A3; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 01-Apr-2024 13:13:04 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202304020613042111710402; domain=.wellsfargo.com; path=/; expires=30 Mar 2033 13:13:04 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!mSbFW5goaY8IMxAGl7IZxfIs0wroUf/3HvBrHAJDhb2h4zg1ykzfgQ4mE7QKjfD/WrdunfLad85fxb8=; path=/; Httponly; Secure
DCID=6vuczfhDBl2jkm5OnGyBtBHfjFrrint7N4c%2fmKN8Yv0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
_abck=E275C7E45A76538E5F770F388623E3B5~-1~YAAQlNAXAnf5BROHAQAARJEZQglvijG2ms+9IYLLbA+zAxM81N3Nc9avoJQlIylBgIMNRm4Yu45mNwBQ96vLtOt1U9TgSlDwb2AG8u2Un412RmRopKCpma5xaCbj59lPVw7uR9/jRaIXSIqOGg7QO5GFHjXVoth5shVeEA4JmoNZoyUlPiR3NxSre8WGOeSvZSdtG6lecqXi54Aozj1Ucg8nBe7zEy4g0+SiBdeYL+69KpnO+/9n3AV1O48eQ3zw4sE8T7Oq6E0oHsgR/NQc0rMm2M+Z4H11m5vjKAp0qSmW4O9ieYaZph/6YYMI4uNs8F7HVhg9m0BHvQwaGp6xLT5G1vf2OAIm+JidHHLhVaaU+kKWsI3GfBHQt+T3dXPIFg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=6368C50878F05C30F53681BCB89401FB~YAAQlNAXAnj5BROHAQAARZEZQhN7Z+Gno5BotHxn8Wdg+SVB90ub93U926DGPtKC1YLGS9glOp3nJMeIoI64cjcI+U/Fv8mD3cp323jsOrtXST1Oybrq284WwXOmF8hEWlLHrYquuAjxR1ujC6pPgJy1nE59BmYMtRejK0YQZuu7Mws8u0FXC+8zyNcpj6/EA5Dyc7wW0MQPeKjjDcEejFPYsXdxNhkkUuwSUuKHSTHqbxfcxhlCQydNgxHBjjyd/Q0kTWdmlsT31k6ggiDUUJYYfQlKJpPsg1vZCM15/ZCA4ZVp08tk~4470073~3490114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28223-19432
www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 968 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 7ac600018fed3337f828d644cb759a62
1c64b68f7b9eaafee5f64f552bc2fe6ab7ce0977
2ce8419798915cf1d5cace04f911d26176d81cc8f3d90b19f1b9d71c4c710aca
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-2371a9a6-0299-418c-8416-3a9bc1e92850' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:127; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0503617d-45c8-4cf5-9b9d-2695e3edcf82; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0503617d-45c8-4cf5-9b9d-2695e3edcf82|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:65; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=DB01202551354F965DDDB9F376745B03; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 01-Apr-2024 13:13:04 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230402061304289203165; domain=.wellsfargo.com; path=/; expires=30 Mar 2033 13:13:04 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!5O4s4O4WAkJ2UvHz2xKqB3cO2dndHl+lMUXIImh0WP+G4eL+QyZgf9wMbZ82GQUneXFIqDVnAOmUCn0=; path=/; Httponly; Secure
DCID=NnJ2Nh+eOQHIMUWgGGQCnnCTyvLHM78J%2fgvflQoKqY+%2f3jMH8QosNufAb0H3gqob; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
_abck=B612CE896111B251D83B7BFB56C38643~-1~YAAQjtAXAj6vbzmHAQAARZEZQglF2+wl4Au4UoWgvGvLMQpWk2JZXPP60PqYQJwOA4LGJd31dOBMHy3AiDevWXmwzJxNR1FwDDXz4ppgCBUIGMU7M3E8QAIl9WgUEEV5JsBSqT0+OKvVeuT9CWjwW8+iPkTl7cOTPIorFOCN0oDl0VL3c7gSIP9PrLaFxsi8sI23RpykBjx1eS4pOPZwseXDLV25iV7y3fYrfnmWSuo6P1THZYxAFotUsPcZuW4YsxR9dHUap2Ts9z4vvtVECXpCDzPStQ+sgfTdeFdTPib6EGonJL5NyIX3D/t1L26wejOiQ2vnuvH7RCVEJKIEgAt4L2/u380R9msb4+bggkm+DWchylR9uxlXT/IbeMWjeA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=2D9BB3A783C23DAEE40C7F44DFB2B000~YAAQjtAXAj+vbzmHAQAARZEZQhOQPvUFf9NUlV6K7Xjw17Qe4lzwsU0WKOzmbirHf/wjcyhFj52FpOhmuujZpmeDp69NtiEm6au5JlC8cry5zrqUHwluqF8XzO9ptfZIC1Zv5Efc/NOth9meCAUNKnUFFBWcVKyPoFKGj6MygEsYv6WHlOXW0BjrCyYie4dK8e0vUYWhpkN8LPWR9j7RmrJFTOahkWnrelq4DgFGsBd49BzSgYUIEnH3u5mbZSXjT6r0/D+jhl/ODeHBRCuz3T8FleqeE/z05+hZY1faKUMDUg109b2l~4470073~3490114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28341-40250
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184289&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184289&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184289&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=xIEVRGbH8TONsTpoQ2L7z7Qlo9f4pJWVbWgs0EbFyVU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28341-40249
ocsp.digicert.com/
200 OK 471 B IP
Hash 9021775a7063e70fc9b12904ae111efe
6bb111b3b5fc047c71cc8053be6f36f9bf2fea92
7154b1d1a2ac83e64e9059f63605d6f712586195042545f1fbd04dc04b131f95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 383
Cache-Control: max-age=94728
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Etag: "64284ce9-1d7"
Expires: Mon, 03 Apr 2023 15:31:52 GMT
Last-Modified: Sat, 01 Apr 2023 15:25:29 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184355&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184355&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184355&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=NvxoN3lxWpwtdNbWwLu70g%2fLqhhcV8kyCeAiweeDTm0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28107-20106
ocsp.digicert.com/
200 OK 471 B IP
Hash 9021775a7063e70fc9b12904ae111efe
6bb111b3b5fc047c71cc8053be6f36f9bf2fea92
7154b1d1a2ac83e64e9059f63605d6f712586195042545f1fbd04dc04b131f95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2323
Cache-Control: max-age=96668
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Etag: "64284ce9-1d7"
Expires: Mon, 03 Apr 2023 16:04:12 GMT
Last-Modified: Sat, 01 Apr 2023 15:25:29 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 965 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2434), with no line terminators
Hash ba12313fa4671f346e90925910967598
5e352d078735e7e5923f43fb2583f518e667e305
a14691cf56e46c136cc9f5ac8677bcbe255be0b64201d6eaee24f1a30a3e7ee7
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Content-Length: 262
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 965
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-c9f3510b-1ca8-48fe-bb55-6e911e62f8bc' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:127; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:31d86eff-f7af-4701-9482-d3f7d613b01c; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:31d86eff-f7af-4701-9482-d3f7d613b01c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:25; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=A21B1DE67287E82CF3D7C2B109EE8BB6; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 01-Apr-2024 13:13:04 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230402061304434354652; domain=.wellsfargo.com; path=/; expires=30 Mar 2033 13:13:04 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!M1KqhcF53Oc3KhQGl7IZxfIs0wroUckrjKgBrGmsLYMwREVkhQ4LsjBVSXWMrnBtx3b20+kHCga3rV8=; path=/; Httponly; Secure
DCID=Owat%2fSTXEBKZrvV37GTpcEyX3Rpn8+uzsH5kz7apZaw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
_abck=2D81D6DB99EE66FA7C31E9338707456A~-1~YAAQlNAXAoX5BROHAQAAaJEZQgkTLfQCGzuQsWGaybu2azLP5aqIXA8WXmd4vMdPGaRfnPqWRVBIpVHDRh62TT7ODULi5qMAihhbkysIULcKiO/1/sNurHKo7y/tu/S2llst5D2b8sTRUeYNu3AbFZM6oyCuMGvfMAZi6pJtg2m9ap43mcSttYOxUzveWhcDzdq4yNPkVzjGcKdTCzQz3dbwpqS0ItzUoSjc3ykK8R95dK/215MVRaq8CvCwKBiS5Vjp9HgGMs419Vf2J5Wyu1NC1BcmuZj+GOYIB69EcjyPHauJL/HJjxOFiOM/IWZF118FmzGdh1Q5BF5zg/+F13mX4uiJ6tMUB5Nnsyz9rrrEahuSGBWZSEDDxh9OMod+bw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=40093275AABCDB8B3DDB31E064DA43E2~YAAQlNAXAob5BROHAQAAaJEZQhMBmJj+eGN9UvWKhh1PTZEUUfZnxnytR/zoCEZpg4uflQVCTy5ETZnjYvkwI/wwyBG11GVsnvXmW8n2J3B+vbpwrYXusk6JEnBfVuPTA8bZCQKwJfKLkWMVYNM8RMzfjObIB8vRYQv26LplnF1ntYrHjPVcnd7VJ9WcB+xMjiN/vlbDcsqbOeIuIuyE1V+cO6yYzbTCUhkwoIXi1LrljRsCJ4rvcJWzeR/cL87WoFKtAxOUa0QbiR8Q0CpwKDDwQgxFzAO7cOKhvB16k7RKyRoCdfTT~4470073~3490114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28402-9980
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 76a65b0f376bb82846831db20aa3bb78
0bc33c8341e81c9f8e9f274374edb0784d3e4247
e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F?
200 OK 309 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (546), with no line terminators
Hash 64053bfaef6548fcdea57c086db06804
c9c7e02508a479687596a794fe7309445deac217
5d412dbc354d0c3bc602bb4372bfe627c348beb04035d4ff8a957a33dee881c7
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Apr 2023 13:13:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 309
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 02-Apr-2023 13:28:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/ga/ec.js
200 OK 1.3 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=J5aSZc%2fZshJFILps1eu0EA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 76a65b0f376bb82846831db20aa3bb78
0bc33c8341e81c9f8e9f274374edb0784d3e4247
e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 952513ca42adae3d5d739d3fdb9bf121
ae098b91f1a9bb5f99398e76ac5512550b822093
93b1f9965338820e21ec3694037f6f599863f3d8a0faa7f1492ac64077161ddb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1616642675&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=429700429&gjid=1908766649&cid=2118397830.1680441185&tid=UA-107148943-1&_gid=722392009.1680441185&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230402061301603680723&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=2118397830.1680441185&z=504547441
200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1616642675&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=429700429&gjid=1908766649&cid=2118397830.1680441185&tid=UA-107148943-1&_gid=722392009.1680441185&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230402061301603680723&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=2118397830.1680441185&z=504547441
IP
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=1616642675&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=429700429&gjid=1908766649&cid=2118397830.1680441185&tid=UA-107148943-1&_gid=722392009.1680441185&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230402061301603680723&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=2118397830.1680441185&z=504547441 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
date: Sun, 02 Apr 2023 13:13:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 952513ca42adae3d5d739d3fdb9bf121
ae098b91f1a9bb5f99398e76ac5512550b822093
93b1f9965338820e21ec3694037f6f599863f3d8a0faa7f1492ac64077161ddb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 966 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 0c363a11e295fd0747b5aabeeb3d18f1
db92e54c12a5c6900a33b1e667d619de23d63bf0
c6f4477e3bd2941ecab3b8ca14f44927d117ed1388ac2aa7c7c18710cbc41f9f
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 966
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-00f31c1d-6c6a-4b80-b6a4-a92ef678b329' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:127; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0eb292fc-5e73-41d8-8e55-cdd214772b97; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0eb292fc-5e73-41d8-8e55-cdd214772b97|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:89; Expires=Sun, 02-Apr-2023 13:13:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=DD46B7A9632F280823669CFF45316E92; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 01-Apr-2024 13:13:04 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202304020613041307429118; domain=.wellsfargo.com; path=/; expires=30 Mar 2033 13:13:04 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!4Fx+JdH2i+EjiBjC7cC95KsSl62XUZNsvLBAwAvpcIRuCDPd8W2TbOkFwMOINNOgu3jVZLy5wcOOfGo=; path=/; Httponly; Secure
DCID=ZnvSupILGApzVQGdjstcLXAbe3EOK9WeOpZehClHod+uNILeYTEUXDbV5oRWtMAG; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
_abck=32691C7A21E2AE0A1EE86BEE59E7522D~-1~YAAQjtAXAl2vbzmHAQAACJIZQglC7doKs+97MzD1L5ZtqlsFvRgmMORIdV4cwarrkTy1w9XR97dZiLZoVpDK8aKiFlRRB/fdZhhFe85ml9vRartyAPcsheZgQev/OZWCPksti+gAf2MuG5lsoBc8hK7oCEXqPQlzIEHOzUIG2ho5qLX9we6oVgu51qB5NQOLtsdPtDMgWvmkov4ECVz0ko/cSlkkrx8CqQmNL3z15ZLvCOuCU6zZGh896oFHWo90NK2Rv6CljmMQPucerOVyGtcQNgE612LWKZFe/ix+w6jaKrKJqAWAZ27lDGzayqsMMjEfN52ZO6R+T/pe4eLG12vwsxkIY4buwkok292Fw4zNN2IKPldYH8y6wvnxJSLo2A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=2ED9F3B1D7C4E11EF8F8027C032945E9~YAAQjtAXAl6vbzmHAQAACJIZQhP91h8FlGgQmM60drgYrsMNS/w86wG5yq1rYqEKak2JOkUsiyR3IyOMQFrE3WiA6h1JXK+9+m6BTKeFU/A9b7OyHxqzH8g8lRynWWzSR88lIuKBoIXNocgbxWjOYJGn26AuqzM3eLmrDmOcPJRj0oB4JOG1D47xnSr8MV/EmL/AJAK0Owg9W2UKAoOiltAsy0tWbyh4Y27G7ffiRXbVli2d/9HuvvGvr2Z7sWWGpmjFa/ffzZ5qRIptEvlbHuKJuEAUGxxQz7bx6GNhYzn9X3DP49+8~4470073~3490114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28421-3973
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184359&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184359&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184359&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=430rlLmqBb5XrrPagi0+FShphrS5esqIgSdkBhiAdc5LViXZp8C1mrRW9SoWM9mw; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28223-19435
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0&_cls_v=c52c988c-695f-49fe-8444-b38853040cd1&pid=cd53e815-3f92-49fa-aee1-c332caec1363&sn=1&cfg&pv=2&aid=
200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0&_cls_v=c52c988c-695f-49fe-8444-b38853040cd1&pid=cd53e815-3f92-49fa-aee1-c332caec1363&sn=1&cfg&pv=2&aid=
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 71dcf1410e94a496ae1d0f3368d38d06
a272081fede9868b41fb67e7a33228426a999541
12b3c605be372cf8155366e7d51e1a1ce140c9a0d8ad462ea6e616f876e9934e
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0&_cls_v=c52c988c-695f-49fe-8444-b38853040cd1&pid=cd53e815-3f92-49fa-aee1-c332caec1363&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2800
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=de760e43; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1188
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!lLp7MmwAK86uRELpnNE5eVRfS7HzYwrzf8A8VsO42rnUQlfsmrUH2BOx9u4giNe4qAlbbeHvEWRLJw==; path=/; Httponly; Secure
DCID=IveHmmId1N94ePK8Vj8kJZSTP5krG4mXaJ8VP7Dd3WqoPdp7Ar1jF7O4PWoib0ol; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash d57d22f79ab4e46dc15323e8b83d5cef
2e70587f2ffef6a8ffc5115ece7967467f333b0d
128157848b3f03d8131cc54c6de4541e6d328f167b516fc5670a9b46455291a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184366&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184366&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184366&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=VmXjJBZIXrBcORVBAA%2fHuVsLcmuwwB5XYAAhWB3ayr0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28341-40254
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184372&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184372&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184372&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qcI3qtchVnrUiTyGKxVDWRga4LtzRqEstT8nOuDQzM0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28107-20109
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=2118397830.1680441185&jid=429700429&gjid=1908766649&_gid=722392009.1680441185&_u=4GBACUAKBAAAAC~&z=1976246277
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=2118397830.1680441185&jid=429700429&gjid=1908766649&_gid=722392009.1680441185&_u=4GBACUAKBAAAAC~&z=1976246277
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=2118397830.1680441185&jid=429700429&gjid=1908766649&_gid=722392009.1680441185&_u=4GBACUAKBAAAAC~&z=1976246277 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 02 Apr 2023 13:13:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash d57d22f79ab4e46dc15323e8b83d5cef
2e70587f2ffef6a8ffc5115ece7967467f333b0d
128157848b3f03d8131cc54c6de4541e6d328f167b516fc5670a9b46455291a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F
200 OK 309 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (545), with no line terminators
Hash 812b976d9f5ddc83fb98ea1ca9dbbccf
74860108cb869fc58f4bc3cdac2ca22603d8bf13
02046b32f32f0926530c2b618e90b4ece2d601e9da8c73dfd2fc7466670fe5f9
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Apr 2023 13:13:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 309
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/jenny/nd
200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash 3fda0b31a65a635f29784b7aba03680a
c30883a45d0408ac01c53db309546494361d5f41
1c8c0eba25a297e059e93fdf1895dc9bc164284c8942c93efdf3139cf8e3ec24
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17856
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:81b492ec-3da5-4d9b-bc93-ac6bbc529758; Expires=Sun, 02 Apr 2023 13:13:34 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:81b492ec-3da5-4d9b-bc93-ac6bbc529758|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 02 Apr 2023 13:13:34 GMT; Path=/; Secure
SameSite=None; Expires=Sun, 02 Apr 2023 13:13:34 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sun, 02 Apr 2023 13:13:34 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Sun, 02 Apr 2023 13:13:34 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=8KQYyy2bQY7pyZWy+SnCgDX6Mvmlryo6hQSA3uVs2x49GrgYzFhZrMGU8EWvJdeh; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
_abck=2285AE60B70BDE88EC2E99B006B0A20B~-1~YAAQvgplXzQVUw+HAQAAtJIZQgkLhCweul7MjKqqguGm5XisNGQZBoF3FU4m5OMf/iupMVTCZUOIpXI+hhvHlDk4QdGcm3jucbT6Jfm4a+pmDDz47LmzX+w206kXUz2nBNJJ3rRqK+crHDv/Ao8sVcbYJWYQUa4uvGnUTQlbgdp1Q8TTxwx5ukphK1o3YsFdfhQOFEX7nWrEAd+QqF2N6eJJMBRUAVxWNgy4F/Fxn0/9azBsY1CBzvn7faE/R5cFyA0g1O/j9IMcPa4tYP6oyGOOaWXNvWpaRROShdc4y1QaQ/NqFgRKgtZu9o/uHseT61ORySdA6ZgGET8HLnQhCj/ny2H8Pg69tX+G8JR9zvB8okSFKnT245i0zdG790ykiA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:04 GMT; Max-Age=31536000; Secure
bm_sz=185DF474EB3055A814D490D86C4D9D15~YAAQvgplXzUVUw+HAQAAtJIZQhM1f0Y06rTfmI0roGEP+l7dGPp7Q9qhSESUGP5vvyGQoQ3DWG4GXALSlXI6VIupbzw85mCXPQJbl3P2UYYRIs4Pc/OFI8IBQpH2AmsStbSYjBXSVF7wWxLWcJPRJAtrfQGhlGiRh51J1fKXz5uOurqj9W1StnnwBLPfxYeVr6/DF15/8Uz28AAnGvcc/HCdsnKVde/aAxrk5j3o8wR6LwXuvPvopxxpwOqgr4nIKOBwNdnAq2mLtzsYeMj7za/2K3+lOW76RbCpyeuqiETZo27U3XLV~3490867~4342851; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184382&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184382&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184382&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=EIFK3gEhWrWuDOc+PZOr1ucAKK3x1eRstEX1jFaJu5I%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28421-3976
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184361&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184361&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184361&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:04 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=+3XXIGH%2f+NKUK5fkWsGPscmgLBHbOxMV1sVSowpwZuaitgewdTuraG6UcKesURxa; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28341-40253
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184387&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184387&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184387&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=xLfWHP06vT3Y2s6Bji+GpL+A1rx0zEUJoSU2Bjk66xyETeoG%2fotg0aAGlo%2fwZV5n; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28223-19438
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184392&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184392&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184392&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=I54AJy9%2f5eW8VatiRa5P5Xz0lGqeWwvm4pMa3FXN5+0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28341-40255
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184377&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184377&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184377&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:04 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=EioHupdMvqPRymbysDxfaPsiyDOFgfZHa7APhw3r2mU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28402-9983
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 18418d3f10a64710975ca7b3e16ffc95
40b7c0c3b740fc1fe9e19b9b5348ae1c389e382b
ccf6cda6138b655ea44261ebc452389c887b5560af11720544cd2f2360489f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F
200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=8682817407872;gtm=2od8g0;auiddc=1593024949.1680441185;u1=1120230402061301603680723;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Apr 2023 13:13:05 GMT
expires: Sun, 02 Apr 2023 13:13:05 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6938557146714677
200 OK 52 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6938557146714677
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 239d2fa6a522eed38d5dc38cec3bf474
bce575bcda4685be1caf63505750ad8f3f6e39b7
778178a013462c59bd10bfa56c712e9eca83f005b4aaa6faed0e8937e18370de
GET /PIDO/pic.js?r=0.6938557146714677 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51545
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 02 Apr 2023 13:13:05 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=C8XCrXLvYcjyFe66GBlExHL0LkPkFBehHwPq04hTPmXQkbqSm13RMVWaYAW5mVFo; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 18418d3f10a64710975ca7b3e16ffc95
40b7c0c3b740fc1fe9e19b9b5348ae1c389e382b
ccf6cda6138b655ea44261ebc452389c887b5560af11720544cd2f2360489f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBZS1NhN3Z0ZWs2ZE5kSGVFYmMydkdOdlFockFNM2FJRGgweU5PMUc4ZWxpVUpyWjAxUlFJZDZoeXduV1FrUUg2WWlTQi9DTGxzUVZZbTRxRHVCaVpVa2ppSDc2clBvcUdZak5mU0Z4M09QbWhRSDhWbHovOEJYdExabTlWSmJjM2o2SmVPd09nQ2llWnZoS004V1h2d1BPY1Z5bGJsMkc4RXV2a1I4amRaRGpxeTlCU25GSk9aWFQ3aGNmTWs2bTJPNmw1eVNkK0FEWnBLMDV2TlljWDY0SzUvSnBabUhqZnM4dWNGV0l5KzRSQ0hKRkhVS2dGOWhValJnWUdUMkZUU2dRKy9EWlBpS29DQ0pPRFE2QTA0SjM3WXF0RzYrOUdxZXpPeXNjPXwwNzYwMzBjNTViMTRiN2QzMWM0N2RkYzk3ZWMwNDgwYWU3N2ZiN2FkZTYxM2UxYTM1ZGQ4ODQ5MzFjMGNkZmRjMjA2ZWU2OTI4YzkzOGIxMTIzMzBkYjhiMTQwMjQ1NTI3ODQxNjg3ZTEzNjlkNDgxMzBlZjk2OTQ2Nzk3N2I1Nzk4ODkyYWFiNDUwNDU1MGNkYTUzOTJiNDYxNjgwZDAyNjBjYTNhYjI3ZWUxNDI5NjA2NGU4NWNkNWU5ZWI0ZGVlNzQyNTRlZWUyMTI1ZDAxNzZkODc4M2JmNGU0ZTVhYTZhZjM4YmI1NjY5MGY0NTU1ZGRkMTk4ZTRiYmJmNTFjZTIxMmRlZDIzYzc3MWY0Y2MxZDM0Mjk0ZjA1OWJmZTA1YzIxOTNkZTQxNTUxNzI0NzUwMDdiYTc1MTc3YTVjZDkxYTBkNDE2NTI2MTgyM2UxOTQ4Mjk5MDdmNzg5NzkzMmZmZmIxYTY1MTEzMGY1N2I3YjQ4NzUwNmIwNzU4ZDliYjFiM2U0ODVlYTllOTc5MWIxNWUzNGVlMzhhOTljNzI2MTNlNDczYTRlMjNlNmZmZDdhZDgzOGI0YjczZTJmY2MwOGU1YWVhYTJlZTA5MGE1ZGYxNzNlNmU3ZWNmNjdlOWQ0Nzk2ZmJmODFjN2ExNWEzMDcxOWM3YTRhZGE5MXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com&t=jsonp&c=nmeziogmdtfvdrri&eu=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F
200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBZS1NhN3Z0ZWs2ZE5kSGVFYmMydkdOdlFockFNM2FJRGgweU5PMUc4ZWxpVUpyWjAxUlFJZDZoeXduV1FrUUg2WWlTQi9DTGxzUVZZbTRxRHVCaVpVa2ppSDc2clBvcUdZak5mU0Z4M09QbWhRSDhWbHovOEJYdExabTlWSmJjM2o2SmVPd09nQ2llWnZoS004V1h2d1BPY1Z5bGJsMkc4RXV2a1I4amRaRGpxeTlCU25GSk9aWFQ3aGNmTWs2bTJPNmw1eVNkK0FEWnBLMDV2TlljWDY0SzUvSnBabUhqZnM4dWNGV0l5KzRSQ0hKRkhVS2dGOWhValJnWUdUMkZUU2dRKy9EWlBpS29DQ0pPRFE2QTA0SjM3WXF0RzYrOUdxZXpPeXNjPXwwNzYwMzBjNTViMTRiN2QzMWM0N2RkYzk3ZWMwNDgwYWU3N2ZiN2FkZTYxM2UxYTM1ZGQ4ODQ5MzFjMGNkZmRjMjA2ZWU2OTI4YzkzOGIxMTIzMzBkYjhiMTQwMjQ1NTI3ODQxNjg3ZTEzNjlkNDgxMzBlZjk2OTQ2Nzk3N2I1Nzk4ODkyYWFiNDUwNDU1MGNkYTUzOTJiNDYxNjgwZDAyNjBjYTNhYjI3ZWUxNDI5NjA2NGU4NWNkNWU5ZWI0ZGVlNzQyNTRlZWUyMTI1ZDAxNzZkODc4M2JmNGU0ZTVhYTZhZjM4YmI1NjY5MGY0NTU1ZGRkMTk4ZTRiYmJmNTFjZTIxMmRlZDIzYzc3MWY0Y2MxZDM0Mjk0ZjA1OWJmZTA1YzIxOTNkZTQxNTUxNzI0NzUwMDdiYTc1MTc3YTVjZDkxYTBkNDE2NTI2MTgyM2UxOTQ4Mjk5MDdmNzg5NzkzMmZmZmIxYTY1MTEzMGY1N2I3YjQ4NzUwNmIwNzU4ZDliYjFiM2U0ODVlYTllOTc5MWIxNWUzNGVlMzhhOTljNzI2MTNlNDczYTRlMjNlNmZmZDdhZDgzOGI0YjczZTJmY2MwOGU1YWVhYTJlZTA5MGE1ZGYxNzNlNmU3ZWNmNjdlOWQ0Nzk2ZmJmODFjN2ExNWEzMDcxOWM3YTRhZGE5MXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com&t=jsonp&c=nmeziogmdtfvdrri&eu=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 66d5b8eb186ccc00901b5b0b5833ff21
ff6a25343392ca222abadb3406d65b339054c100
5c1b6fa37b4149db8d0087d6e51a480d68040d5b53b27d98942faac193c1e92f
GET /AIDO/vyHb?d=ZW5jZEBZS1NhN3Z0ZWs2ZE5kSGVFYmMydkdOdlFockFNM2FJRGgweU5PMUc4ZWxpVUpyWjAxUlFJZDZoeXduV1FrUUg2WWlTQi9DTGxzUVZZbTRxRHVCaVpVa2ppSDc2clBvcUdZak5mU0Z4M09QbWhRSDhWbHovOEJYdExabTlWSmJjM2o2SmVPd09nQ2llWnZoS004V1h2d1BPY1Z5bGJsMkc4RXV2a1I4amRaRGpxeTlCU25GSk9aWFQ3aGNmTWs2bTJPNmw1eVNkK0FEWnBLMDV2TlljWDY0SzUvSnBabUhqZnM4dWNGV0l5KzRSQ0hKRkhVS2dGOWhValJnWUdUMkZUU2dRKy9EWlBpS29DQ0pPRFE2QTA0SjM3WXF0RzYrOUdxZXpPeXNjPXwwNzYwMzBjNTViMTRiN2QzMWM0N2RkYzk3ZWMwNDgwYWU3N2ZiN2FkZTYxM2UxYTM1ZGQ4ODQ5MzFjMGNkZmRjMjA2ZWU2OTI4YzkzOGIxMTIzMzBkYjhiMTQwMjQ1NTI3ODQxNjg3ZTEzNjlkNDgxMzBlZjk2OTQ2Nzk3N2I1Nzk4ODkyYWFiNDUwNDU1MGNkYTUzOTJiNDYxNjgwZDAyNjBjYTNhYjI3ZWUxNDI5NjA2NGU4NWNkNWU5ZWI0ZGVlNzQyNTRlZWUyMTI1ZDAxNzZkODc4M2JmNGU0ZTVhYTZhZjM4YmI1NjY5MGY0NTU1ZGRkMTk4ZTRiYmJmNTFjZTIxMmRlZDIzYzc3MWY0Y2MxZDM0Mjk0ZjA1OWJmZTA1YzIxOTNkZTQxNTUxNzI0NzUwMDdiYTc1MTc3YTVjZDkxYTBkNDE2NTI2MTgyM2UxOTQ4Mjk5MDdmNzg5NzkzMmZmZmIxYTY1MTEzMGY1N2I3YjQ4NzUwNmIwNzU4ZDliYjFiM2U0ODVlYTllOTc5MWIxNWUzNGVlMzhhOTljNzI2MTNlNDczYTRlMjNlNmZmZDdhZDgzOGI0YjczZTJmY2MwOGU1YWVhYTJlZTA5MGE1ZGYxNzNlNmU3ZWNmNjdlOWQ0Nzk2ZmJmODFjN2ExNWEzMDcxOWM3YTRhZGE5MXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com&t=jsonp&c=nmeziogmdtfvdrri&eu=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Sun, 02 Apr 2023 13:13:05 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=2tc17rj0b0mpmFgRt1mGqZRdSgD0PLKwohFRQnVRyUULSCmWy4ZzuEkzLAXsnIRD; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
_abck=E4495AF2C41849180FA151E6B679DE00~-1~YAAQvgplXzkVUw+HAQAAnpMZQglp+5BfOo022wNb4Dyy0GDujN0XGY/HwJarRqe5K26AXg0bDXKTmXozNHltPALhSEfprNDg2nszxKDgV4W/X3dTOqA5RaEb6sGsUPF5mPVXm2FT68pkXARYNQ3fbkcBABcUTlFsqeVV0fwmBNyvbRMRVMJBYJKMXqU9env1u7QVes6D/J3bOPYGpUfuA/C6/T6eHNXcEtr4z23y6N4q2kYQ+6riItMd6LbHSTCMYLWWwSIApm9dz2y18aWSUpp69/uE0ZLZtUoNkIBV+e9KgHL9nmoXq/ODBXffmENkYYpIjAgEUDsO97Mc/eomzuFhF+us0DXYWBd60SA5J1nzyPNRo2qPB1yYsdcJY/GKNw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:05 GMT; Max-Age=31536000; Secure
bm_sz=1A0F990560CC21D1767FA40A15FB439E~YAAQvgplXzoVUw+HAQAAnpMZQhNOQo0BFNmr9xmXxOslzpuY6VOpC2SUM8D9H+fnULoGSUOvXX4RFL6b1676Qeq5KL3l9WXVOxiVkNVyvExr729a8NiP9d1Jh7N7VQ7Vy7p0+6O3aPwqm9SPVCh4ofQiOr5BqJfb4BBKMxOc1PueHMj9MoCWiB4KakDbpRdtQYmqYCCTTjCW8HN63xDb5/8HmPuDks1m742wP5Mc8IWVNDhmhLC1gIeBqQgszp0rmB0gHQrsZQ+ExgH8+79OMWOSVOjEJtISfXTfH17NllZ5Dy9cXqo7~3490867~4342851; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:04 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184401&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184401&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184401&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KvRptfw4%2fteThQSQkb1sue%2fTJaVq7tzJPWSuaD8FZf4%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f61_kf173_28421-3978
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184405&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184405&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184405&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Orpl2jcqujrUClTvDp6ZrTxiWkpUCj5fmOLNAFPtcIU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f61_kf173_28341-40257
ort.wellsfargo.com/securereporting/reporting/v1/csp
200 OK 0 B URL HTTP/1.1 ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3598
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 9d85b00e-afd3-4c32-622a-ddc62c753549
X-Xss-Protection: 1; mode=block
Date: Sun, 02 Apr 2023 13:13:05 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:e654111c-822c-41e6-a6fa-f95f43380706; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:e654111c-822c-41e6-a6fa-f95f43380706|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
DCID=8KlnnWH95zKYGWCkJLK9fa7AGkwjWKm91vUZbSlA7+4%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:05 GMT;Httponly; Secure
_abck=B4204FFB494AE661229B913C585C57A0~-1~YAAQFU8kF/KcGQmHAQAA85MZQgkgXf94eYPZVqne41S9O+DJKP4gam6/xe5mOVG8Ih1JWDMqSxuR3T3kBqssZpKGL5VNbxabFgjHZRLTigp6v50NAdr5H+wK0eSADl5OC8CEb1UtNfqet5/tevapo/GjTZRe6kS4khCgCW92OwJLhjuAgAkqslWfd6tSQ3B5CiUobLZ3YscWHMYdf/NMAv5pcJTnajFH7IRaioyjpCmzC4vXaMeiyAH4Myi6P88bLzi8FKohKaUwBCJJWbOG+P6ppoTkX1CRr0wS9Nq7fYIev0QVQmynQu3AEVGRpE8fBuLwNMXYs77hw/3I8KUHz4j2WLZIeGHAZSPVLxIrkf/qZFe6yDAlmA2lnMEhtR+hbA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:05 GMT; Max-Age=31536000; Secure
bm_sz=A2F3C970CF40D0DBA45D984F00308538~YAAQFU8kF/OcGQmHAQAA85MZQhMNzgYGfOyDtrskkzboDfVxgr2tjHNANK18TMWN5hwsrmJaQ84HXITO9l+PRXMgWcmy3gac3p9uHB/0c39tbtkYmmNBCrSA5tBA4Kpa7cN9uTtvVYhBDjVcA1Evso/z8eKe7S+QWva5ahRckIpuCQQ/ZkioykbNOKYbRaC0dcPiCSy7TuADpMATSDNxV8p2iqAjsA35KUhzvvvCJCecSFTJnYS6LZjVP+FfQTEOtJ8JvDHI7kocUH8+/OoSlqu5QLZdX/zlMMEyiF6cVEepSX1SBRme~4473913~3486006; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:05 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184397&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184397&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&cb=1680441184397&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:9f5b51b0-c2d0-4370-9652-b933a890684c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:127; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 01 Apr 2023 13:13:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=PVImglXd6b1Lc9jkxZlmGV2FCQSpmUh7jloZg775Cf2VLzgIE2csmOm3IQ0W6P2V; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f60_kf173_28107-20113
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 92f425bbb50b3dfafffa420ffe605189
50b018f08d110f158edc3bf9c1ee803f6d23207e
ae6ffe6e198dbb1a39516e1d7d0c7b95c2fb90c8318c9e9d5a81dd3c82ef6396
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1680441184714&cv=9&fst=1680441184714&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1680441184714&cv=9&fst=1680441184714&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1680441184714&cv=9&fst=1680441184714&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Apr 2023 13:13:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1680441184714&cv=9&fst=1680440400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--9049329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=3204967786&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 02-Apr-2023 13:28:05 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=2118397830.1680441185&jid=429700429&_u=4GBACUAKBAAAAC~&z=1099834456
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=2118397830.1680441185&jid=429700429&_u=4GBACUAKBAAAAC~&z=1099834456
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=2118397830.1680441185&jid=429700429&_u=4GBACUAKBAAAAC~&z=1099834456 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Apr 2023 13:13:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 721ee3aed49f7ab1022412fad529362b
f02d0292a43add57ff5a8e0c4d24a61f79eaed09
c13c31f74dc2cfcfc75041fb4927e990db0ddad07a372e0c3c51aeab2181415d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6435
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:05 GMT
Last-Modified: Sun, 02 Apr 2023 11:25:50 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 02 Apr 2023 13:13:05 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 721ee3aed49f7ab1022412fad529362b
f02d0292a43add57ff5a8e0c4d24a61f79eaed09
c13c31f74dc2cfcfc75041fb4927e990db0ddad07a372e0c3c51aeab2181415d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4268
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Apr 2023 13:13:05 GMT
Last-Modified: Sun, 02 Apr 2023 12:01:57 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.10522644354556976
200 OK 136 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.10522644354556976
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136451 bytes)
Hash 6d86cf8c1c582e0e643af45bf94ae5bd
f9b9a9d2236af3a1b77caf5d515a8e48e0e0e865
4cdd832cbe7585c68ec7ddaa74ccd9cd6a94b1e4e7133235810cb00b6a27bc9a
GET /AIDO/mint.js?dt=login&r=0.10522644354556976 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136451
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 02 Apr 2023 13:13:05 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Nhoe65ogAiLOVA3kA6y1P5NHa7Y68I1ua6ohlbSIGSu7+ugtEhZvkFPEJefLeglL; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ort.wellsfargo.com/securereporting/reporting/v1/csp
200 OK 0 B URL HTTP/1.1 ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3829
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 8b66bdc9-ebe9-408f-5de9-aa6945c887d0
X-Xss-Protection: 1; mode=block
Date: Sun, 02 Apr 2023 13:13:05 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:97a0c902-fba3-4d2d-b9bd-aec71ebf68ab; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:97a0c902-fba3-4d2d-b9bd-aec71ebf68ab|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Path=/; Secure
DCID=MT%2f86ZXiKM0iufOMeiJ3G7VjHZ8gqePntO%2fitIjZ3Cs%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:05 GMT;Httponly; Secure
_abck=6C676EE988B877C1FEFD6C2A95721C9C~-1~YAAQFU8kFwmdGQmHAQAAQJYZQgkh+Es3XU1n0uiKQuu8UHB+ocpxF5zUSeI3cylJJgDI3fqTN+pDvLZ5UyWpmZeFs/o+/2gJxOQw7zeSdYPHUnZy5z/PVYpiBwk/JXptfAsNEoHEqbRM/lUE442lc/EwTOrWgGn2MnLwKn4jHMopqTI9oIzuuLC1rreDC1rzZa/FOZBuygh4sietBV/6UuqBoJvPspZNQgKbmxHX7V6TJposErPNDsEYvj20PmSqiiOGjISYInX+PgsE475z9bnlmKiUi97byD8Nrtx0ef8p427bCcqM7CjyOODgZe1IW6S2EYMiqUTZeYPtRI5ALmYfFcih+9ErY38Lkhh+66PD4qFy930F116WfvBLB6b6Ew==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:05 GMT; Max-Age=31536000; Secure
bm_sz=A2C86484CEEFF804B2DC690FE529D202~YAAQFU8kFwqdGQmHAQAAQJYZQhPwxSWHC9mj6HWbBMVu4prYZmwEWPff2ABHyEegcxAAxx+kksOL8tXK0aur1vMp5Vj0he26kWnBSQeuFnUOr8B1nc6qphLPDFIqilyGoEcUgQxYeZpKCs9kTQY9OSTV0MS3R9MwpY9qqJejA3JlyZgzBbT1T+3hFXSgP01bENI2TMvumnsqsSRoqdAGLfd17VGAAGxGDwfR6ZbUMJ4ZRelZO0jFoE8F1se/xLS/IRTMUQVeciExhnDt/OMhuJPreRH15kTbKbMLewUXO4GzEKr9Lug1~4473913~3486006; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:05 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--9049329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
200 OK 134 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 9ab885feadd376421fece4aa409f2a5c
08ba8b03e771870c495a84b523e70e8f4bbb1359
2484ab32fbb2026a180aea41f1a1ad4eaba83ae7ff6045cf2bd7d9207f802fc0
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2010
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; LSESSIONID=eyJpIjoiek1ueVI5ZlB4Q0FtdFc1dFlMYVQydz09IiwiZSI6IjAxXC9NbEtDQVd0MVBlSFFHaHFMRDV4VDF1UGtCRlFyVkhPZzNWZzB2dWt4QlJ5XC96Qm1lMnZLaTE1TUduQ0VXbGFpMktPamc5cUtzeGdnckMxRDlRbFZhNUJmYzZnWUgzQURrb0xjb3Qra3R5QlEyZVNsa1ZBdnVBbXBRV2lhQnZPQXBGUFhlSVkxNFVQUXRZcnIrcGFRPT0ifQ%3D%3D.b73d91d9ffcfc781.ZjlhZTg1MzAzYmI0ZWMyZTlkYTRiNWM0MTg5OTRjYjY0OTA4ZDExNDdiYjRhMzA0YTg0ZTQyNGI4MWFiZmMzZA%3D%3D; _gcl_au=1.1.1593024949.1680441185; ISD_WCM_COOKIE=!4Fx+JdH2i+EjiBjC7cC95KsSl62XUZNsvLBAwAvpcIRuCDPd8W2TbOkFwMOINNOgu3jVZLy5wcOOfGo=; _ga=GA1.2.2118397830.1680441185; _gid=GA1.2.722392009.1680441185; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:0eb292fc-5e73-41d8-8e55-cdd214772b97|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:89; ndsid=ndsa95gzrgqqy9tlfzfakv4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 8
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=iTCOLiXJLAnf7n%2fA9A6pPqqg1idCwQx8sbTyqObsTNjnMOLYuc5JwOdVb4fGCdDZ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:05 GMT;Httponly; Secure
_abck=03DB06576BF0DFF47F4F433AAD33197B~-1~YAAQjtAXAtqvbzmHAQAAjZYZQglPXKParMnpkxcCiFPLfF4XLBVd3p7l73FMXUOhnnbRliCK6UUXWrDnTLcHf7S6oTm1LVP1GAaEDtzgkJ/QCd85mOEApGxySHOW48A4HaZ9QnCRnSrhDvE5IqMra0p3MOszXVT8hx8A7coHZPTABnft6EuQSYk39idItYh4k9GVBaO5/bwT8CQjQKW2RDp8+sScXrxjcroepmu5X+3SkpNGgWfdXX6OldRPOmXIBcE+McKKWwCjl8amWhMsbaz6GaHRSGIlDeZBs73WhS9pjyBHPGWOkZXdcNjK92sKgLmUIQOd73LfvA4uAEq4rNdqlc0uO75xgyicSGRqorAjM+0sis5hg5obGhfx5cRYow==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:05 GMT; Max-Age=31536000; Secure
bm_sz=B8AB9701017361F38E1C87C89980B1B0~YAAQjtAXAtuvbzmHAQAAjZYZQhOPyfceRBuuKoZSKFKMzTkWdQwYl4rOfil4Bb9P0mZiSZmznpZmzkiry01Pzs14sNJSYPhMFbHPZKAUSzhNf5vVcS0dNERMLOWYnIdBvtkz3zu7xEOXPDyXTMclwxe/I6949vQN4vQeBdwEhnKewUJ+yn3oD3A0MT5SWjrRstSFcbucINzLnkHCNcakqQd9JO9d8P8jx+3hGsbM4BG12gUiye0B6/sTevGq+jlUl5sdESyhr0RGLziUzG0V5MmtlKLzUMw6f64QzsDfHtK5RVlLJXG9~4277556~3687748; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:05 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f61_kf173_28341-40268
www--wellsfargo--com--9049329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--9049329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 2f0c02a32c1989a504559039387facad
5d45cbc4f701f179fa526cce41216aefdcc265c2
6cdadd12ea243f75ddbd3fc08b4e59c4a49ee30d7c253b476644685829ea140e
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--9049329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Content-Length: 648
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!iikdUEoHmstdA7QeavdtAshNKc8KkYc6U4LEOEeGlPWs/u6cnhG30TC+QQwe/ceYZtzRw/8YY2GpWhE=; utag_main=v_id:018742198ae8000f3c3cefc5403500050003700900918$_sn:1$_se:2$_ss:0$_st:1680442984184$ses_id:1680441182952%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQZYA6dXqjHE8CmqmyCy%2BJJjAs%2Bh2AaR8ylAtgbEjpk%3D%22%2C%22_s%22%3A%22RhsMKYpR%22%2C%22c%22%3A%22TUppZTRDbzBqRGM1MEU4aA%3D%3DY6u9fsjWNB7NDs4B9AaMwNMNwrDQi6qJU9B9V9VSvxDYpfkaOPqSObIjQk_7Iy2-i-XoobwDTC5fbS8UWZsfJyiXYTu3JnVSo5I%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AWF%2FKWQAAAAApbcxD5LcXWvOh2HCfNS4%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; _cls_v=c52c988c-695f-49fe-8444-b38853040cd1; _cls_s=396be2da-e1d2-4b76-b10e-2f124ee40040:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C32591252553088517440751614621773959064%7CMCAAMLH-1681045984%7C6%7CMCAAMB-1681045984%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-523210164%7CMCOPTOUT-1680448384s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; LSESSIONID=eyJpIjoiek1ueVI5ZlB4Q0FtdFc1dFlMYVQydz09IiwiZSI6IjAxXC9NbEtDQVd0MVBlSFFHaHFMRDV4VDF1UGtCRlFyVkhPZzNWZzB2dWt4QlJ5XC96Qm1lMnZLaTE1TUduQ0VXbGFpMktPamc5cUtzeGdnckMxRDlRbFZhNUJmYzZnWUgzQURrb0xjb3Qra3R5QlEyZVNsa1ZBdnVBbXBRV2lhQnZPQXBGUFhlSVkxNFVQUXRZcnIrcGFRPT0ifQ%3D%3D.b73d91d9ffcfc781.ZjlhZTg1MzAzYmI0ZWMyZTlkYTRiNWM0MTg5OTRjYjY0OTA4ZDExNDdiYjRhMzA0YTg0ZTQyNGI4MWFiZmMzZA%3D%3D; _gcl_au=1.1.1593024949.1680441185; ISD_WCM_COOKIE=!4Fx+JdH2i+EjiBjC7cC95KsSl62XUZNsvLBAwAvpcIRuCDPd8W2TbOkFwMOINNOgu3jVZLy5wcOOfGo=; _ga=GA1.2.2118397830.1680441185; _gid=GA1.2.722392009.1680441185; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:0eb292fc-5e73-41d8-8e55-cdd214772b97|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:89; ndsid=ndsa95gzrgqqy9tlfzfakv4; _imp_di_pc_=AWF%2FKWQAAAAApbcxD5LcXWvOh2HCfNS4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 02 Apr 2023 13:13:08 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=AD5MPXQkxRCZqb0QH1BUc3Jh3V1j3OFqGgog97ymnzsCsi66g9cSGiTFO3FquByv; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:06 GMT;Httponly; Secure
_abck=2C515496EE9B1F43A6C40B18471FCF79~-1~YAAQjtAXAouwbzmHAQAArJ4ZQgmsLR9GUecPvvRc2KkDwcqYRrrHdiT7OfcZh+2c/MuHwTUle33v2IWWLGLh8teayD/xd/kVkl/6SftLzTm4m/OHZQk76A63yGbHs2saqmSCbBH/Ctq7OtMmAATMFuneWfgVdPBGIQakhKfasxD4GZJ7BH9+CBFIIdZo5xWaLVgUNGLWw44xWQyO6Yw1a7h4QmkVVgKgnP8YvMfSDjRffG39CLQBZRZWiwHs17Qn1L7y39KnrNcK2fGjeUbToNocmafDeLqAFQrOMgrEIsAyhdLsfNZuhBI11kOModWxJhD4Wi3hfzvqQ9c2F1pYtuGWCpeWoujioar2bNBPVs37Vt8tKJoNu5cnQ2+RfAhxFg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 01 Apr 2024 13:13:08 GMT; Max-Age=31536000; Secure
bm_sz=A54A2CCB2E24590D63DAD29DE8755C6C~YAAQjtAXAoywbzmHAQAArJ4ZQhPT8dfcngXwQGybj23Af+u/AS1N+sRbmGoEDn9/oe/B0i8iOlxOy0MvHjMf8EfAKmJPtfjZbLEfj6xUGGrAYCc+cx/fCDR43Mof4PFKLNW5bRpVQrzn1sbJxoCGufoYKC2338dPDoFuO1QwLEtM4h63i4KyTNvoiW1UUMjvPP6SFVGCPNZ4M1MteTm0bNRMpHv35V/2V7cO1WagbyeZHuN70vfqtfebQxoNrdJwSTVuTR0nIbnyyC405YGD03Zo3hcr3/i+1D0n+mPg4noHvE4RHhqf~3617328~3294001; Domain=.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 17:13:06 GMT; Max-Age=14398
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64297f62_kf173_28341-40284
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89db332d-693f-4975-b38f-5b1436f52780.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89db332d-693f-4975-b38f-5b1436f52780.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 973563da99a46b7af74f8b5c62859984
812e948c33af4dac9e0f95afe7ddebaeef613cc2
03215dfa213c98a1de6a949fa6b75ea8f1a8f67d084280119cdf680da1931bc8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89db332d-693f-4975-b38f-5b1436f52780.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6762
x-amzn-requestid: c559ef04-4f36-48f2-abbb-2eab2c19ffc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ct6gRFvSIAMF54A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6428a467-6fe4a4445ee7f4cd2dd80d57;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 21:38:47 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3hXHu09j2xSfsa57P-AnGU8Csttz1BCjdIUddRhBiUeZCCRiqLILPw==
via: 1.1 1cbc126937aab64e42a05f9bf2f8daee.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 22:04:08 GMT
age: 54540
etag: "812e948c33af4dac9e0f95afe7ddebaeef613cc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.3194ee7aa65e829eeddb.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.3194ee7aa65e829eeddb.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/main.3194ee7aa65e829eeddb.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 303303
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-4a0c7"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=+c+%2fiOyI0vLQXMn9C5DZN6UoJMhOBSvfAelSOoTuW10I5aFQ+L6ltCphSTog5nsZ; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/wfui.ecd53189d0b6bf69e8f7.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 318080
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-4da80"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 02 Apr 2023 13:13:04 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=l+auuaWyx%2fJjKdQ9VNzNK7R+dU4m7r2V6YMkMjZs4gt8SuZPOhyAMonTGma+HAY2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 02 Apr 2023 13:28:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Apr 2023 13:13:04 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Apr 2023 13:13:04 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11894
Origin: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--9049329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Apr 2023 13:13:05 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:924620bd-3bd6-4fb8-a48f-29b0a09c3df5; Path=/; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Max-Age=30
ADRUM_BTa=R:55|g:924620bd-3bd6-4fb8-a48f-29b0a09c3df5|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:4; Path=/; Expires=Sun, 02-Apr-2023 13:13:35 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
163.171.132.220
35.241.9.150
47.246.44.226
23.36.79.9
157.240.221.35
52.19.200.27
104.18.32.68