r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 28774b36cf8bb6b054329393a33f6239
728313ddff6d5ceb6db3eb8445f039779616a140
08378fe6a897ab5a9c8d3bc2748c9670659d0d0d164317fdfac88d23fee78fa0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08378FE6A897AB5A9C8D3BC2748C9670659D0D0D164317FDFAC88D23FEE78FA0"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11189
Expires: Wed, 22 Mar 2023 05:29:59 GMT
Date: Wed, 22 Mar 2023 02:23:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5400
Expires: Wed, 22 Mar 2023 03:53:30 GMT
Date: Wed, 22 Mar 2023 02:23:30 GMT
Connection: keep-alive
ocsp.dcocsp.cn/
47.246.44.229200 OK 471 B IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 246db4e7ee68c9d13ba1f0e263b008f6
6065895bd1e1f56299a7d3344f021d67f5370114
f71670b0cfd0a43fa7bab3c1acb69933d39c280d9f37fcfbac8e08fec33b27bc
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Wed, 22 Mar 2023 02:08:14 GMT
Ali-Swift-Global-Savetime: 1679450894
Via: cache21.l2de2[0,0,200-0,H], cache17.l2de2[0,0], cache4.se1[21,21,200-0,M], cache4.se1[22,0]
Age: 916
X-Cache: MISS TCP_REFRESH_MISS dirn:2:217080538
X-Swift-SaveTime: Wed, 22 Mar 2023 02:23:30 GMT
X-Swift-CacheTime: 2684
Timing-Allow-Origin: *
EagleId: 2ff62c9816794518108646426e
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 22 Mar 2023 01:27:27 GMT
content-type: application/json
age: 3363
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5285a032a285729d3e4a546310ed052d
d370c14bbc2d168cc3703bcb6b94ea0ece26e69d
a811aac1eb89de0666a7de8d3eda1dc3affa7ce5353219211a1beee1211536b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A811AAC1EB89DE0666A7DE8D3EDA1DC3AFFA7CE5353219211A1BEEE1211536B5"
Last-Modified: Mon, 20 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2708
Expires: Wed, 22 Mar 2023 03:08:38 GMT
Date: Wed, 22 Mar 2023 02:23:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ylGO2Fzo31YTdlSXuuEUaPbPcy5BklmZI1zNFE1l3Uwo31OaEoOAuPNRzUpnOpS4X8HwQlP2gXQ=
x-amz-request-id: B1A6HDC3D2STB5DH
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 22 Mar 2023 01:59:21 GMT
age: 1449
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 02:23:31 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
163.171.132.220200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash ecd885c801c669956928c454ddc57779
7f95f0bc207ccb2b5acb20cac8dde0b3d21e9799
304e692525ff64a17ce9803f5979f98065c43fd11ed8d397456a68cee5b663fd
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET / HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18753
Connection: keep-alive
Content-Security-Policy: default-src 'none'; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b30c4e69-1cd1-45a7-93bf-82ae452ff6b1' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18681 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:90; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202303211923312058713327; domain=.wellsfargo.com; path=/; expires=19 Mar 2033 02:23:31 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; path=/; Httponly; Secure
DCID=EYYZvLHJkwsznjYaGIQOzzVDdRPTE1bPSdVUsV45eHQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:31 GMT;Httponly; Secure
_abck=56B175DC33CAB2F68EC0B6F04FEFA701~-1~YAAQlNAXApIbJeOGAQAApO0gBwl27sKOFCFS5zFKf6w171ddiH4n+u5xKu/OxKxXtGOISaGrmmE2/YXRlgjXPQ0bVlDdfMvSsCg+PbVqkw517rZm5gVVP26mC6fuNInq9GOU7gnrZuLz+sgiRqxKpCi4Qu448/yybwzG7DKEcre31R5gUzn+yuGGGTPrn1IZ8kLFrmmmiY3FGpqGrNXQMmYrDWkSzxpwktRZMkunOVbnjpugC/HxY/Mw2dRUCoalkjMhgcloD4iN+eyEUmEWBxvZ9XdW7VVTyUJBkkPaflAiklNRKp5J98E+A/aR+4lHDg239o1Yd1NY9lIJM3AhXJPt+G4fgpCq0YN7p1FKiAL+u4FbOWUW/+DzbnodLMABbA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:31 GMT; Max-Age=31536000; Secure
bm_sz=D1ABC4390D76608523F7F8B6E3772D4D~YAAQlNAXApMbJeOGAQAApO0gBxMcKS4ZNAClddb6mhwQfsAvIKxPykCvABRCMIRYDmVTxHtxl32kI9latiYRfLhrFysGF2E8A9pmme1m0wduwaKwIndIhtrsHOUjj1uodVKu22zERX6TIJoE0MdDYwOKzmUG6HPxQZsN0ctSoBB9HlFNoOL03Gm2Pb+LI/FHN+eDr0UbMZTi++Mo3hgTjHFyJxa7v+FAr8ZjteJ7GCFC4Hb4F9mj/NgoDS1spxhKgdbwf9EsG6VPtGdGdOJZOIjlDkOG1AjLXJWGx9yTPES3Z2k+8xxY~3420997~4403769; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:30 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a2_kf175_8129-6821
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1656059
expires: Mon, 10 Apr 2023 06:24:30 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1656012
expires: Mon, 10 Apr 2023 06:23:43 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash cfb2db5a4d398be6fa43bf001e8402b7
72e9defdc58dc2f38e2d290db3f93ade59d2bac8
58b63b8be73f9263ccc1fd11801d6cd1448d677fa7262f8bb2dbf2c5a977813f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6466
Cache-Control: max-age=108109
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:31 GMT
Etag: "641950ae-1d7"
Expires: Thu, 23 Mar 2023 08:25:20 GMT
Last-Modified: Tue, 21 Mar 2023 06:37:34 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash cfb2db5a4d398be6fa43bf001e8402b7
72e9defdc58dc2f38e2d290db3f93ade59d2bac8
58b63b8be73f9263ccc1fd11801d6cd1448d677fa7262f8bb2dbf2c5a977813f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6466
Cache-Control: max-age=108109
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:31 GMT
Etag: "641950ae-1d7"
Expires: Thu, 23 Mar 2023 08:25:20 GMT
Last-Modified: Tue, 21 Mar 2023 06:37:34 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
95.101.10.120200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash c5c30c6f4bfffa360cea9e4596911099
74fd08d2536e249015a63df76527663937211369
29279bc4b9c6fae6f797bec6ab1cbef61b08cfe23b27741175f546c1eaa8c9a5
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Wed, 22 Mar 2023 02:23:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=x1PAf4UKOtQBLAa%2ftRomCQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220200 OK 24 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash 54b9cb09a12ca550998d724cf1f9c352
e56c79cae2cdde87dab4e7db2692166fb8a24791
1438a78458affd5e7adf22ceeda674f752e7ddae0a1b24d248fd89ba043b44aa
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: text/css
Content-Length: 23675
Connection: keep-alive
Expires: Wed, 22 Mar 2023 01:12:40 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-2a25f"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7974-48353
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
95.101.10.120200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Wed, 22 Mar 2023 02:23:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TKUBUxbQPFrQn4SecxVZYg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 3f9cbf08987857328ddeecd5c0841c98
6529bc4031ffe8c23feef79dcead7d3790c52b02
b6b40f8adb3910e658c5f61de4b636c0dbefafc4ce761e3544a9b38fb41cc7aa
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19118
Connection: keep-alive
Expires: Wed, 22 Mar 2023 01:12:40 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-e71d"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7926-10293
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220200 OK 58 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash f6df70690f6b9bcff57603ca344468eb
4404009b69b7cadd1b753e360dfc46d3fb770f0e
07ad2c821ccd2067ec6de1e162f3749d7c5c5a65d8117e65bf8ea65a9d1c0446
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58342
Connection: keep-alive
Expires: Wed, 22 Mar 2023 01:12:40 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: "63f9460a-2c7e2"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7958-14458
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
163.171.132.220200 OK 77 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
Hash a44bb3ac4e9d940fc74bcf584b11f61f
90da08f5955f70f0e4ec4b1b996a69f0ec6226e5
bf7f0fd0af3029a948628d15cd2494338a4e40678712677be6269e042104ffaf
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/javascript
Content-Length: 77202
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f83f52a3ef01a4360a0e01885cd652ba71d4fd946ffa69f745cc1afcfe428d60
Last-Modified: Wed, 01 Mar 2023 16:38:10 GMT
ETag: "25d60855d8ebee1f1b5f138f7ed5003d81ad4b67f05e591c270a2ce360c66069"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=I0oNF1FLhFZF2yhprA1U+A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=2910925729096B01F971C9F9158342B7~-1~YAAQlNAXAvUbJeOGAQAAmO4gBwk2rCYylP0XNGi08xsNQZqj3se29QjGAlYzqdkGUo3fV04nn8N7Ool5tX9oIPU6Pv8AkptZ+/gs8geP6RzdQ+9p4jQUlBrd/K048XMX9kNiE1BPdLSS2xzm8QL4hmLKlhTUgkrLSr1dqqWp1GuILAPcW3yhmt6CCBEpNmsDdLhaGHpCaWIlBxMwmLJ5yhU+8jL8kAkUsxf1NN9NXmWjUk3TM7LzoTzmMyh6EfhxJzM6bdYOMKDrMb4A+ufDedfVCbFT4132v9kXdDyq6nD4DBzMXOSuXi2KHDFAqasOiHSxZcA4oRp3v3M3Wl05HBtQTAwJ9HZ6IVKwNteHSJYp8aYglbaJdw0+qHko8/Q7wA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:31 GMT; Max-Age=31536000; Secure
bm_sz=75A66F025296B55B36284C2093595BA7~YAAQlNAXAvYbJeOGAQAAmO4gBxPmtIBcPtYiRKf8d1utc9jgicTgyluxN61QSnleeosYPgOHGKbPTbNcd0OC3GmdOW5MqhhYLjNcWVOPzSDaFgeaQPVdYE6cerXTdKSO1ljvEZsbOvlkekMmYwtCO2dIMqs/67RvBRu4x9eu0JTGoLihic0Ew8KenyjeNhduiyTUdXNqW7QGr3NNy9PXIHWJygLpj62trI5FrXG8/ebjY3O+aBpQE78Zas3YxNuwY18E13kwttc+IyTZwibMeM4SVqhHqjPKO5yIaj4Tqjs3CXKIJxue~3618369~4473414; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:31 GMT; Max-Age=14400
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_8318-51759
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 6b3b146290216809757a86e3f0663939
8d97b74ae9f47647a71c892aa6092bda3477df54
1b5a64422406ca3bd32d34efc01dc32605949c39de3f65782f72bd673f239ebf
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4278
Connection: keep-alive
Content-Encoding: gzip
Expires: Wed, 22 Mar 2023 02:23:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A5ruIAeHAQAA9Z2twAeoq2csL3FUo8SCdSgLUe0Azdd99xuj3lefKYCZmBx-AaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|fd2094de3bc7ce3e2e8b197eb2e172b84748a2ae; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=4TVO745SiWaDKtdduR4eM90Rz09cJo0PqfaBjxPUvgPhMaZl491ykZyf7boSMdPw; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:31 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_8129-6827
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3462d41d9283fedf24f278089d5d1570
b8bcea77656f775cdc34620322cc616216ed2b95
55e47b413ba648a98eb6e92ab73aee602912cd13e7da23ef3cea1490c1b9de50
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "55E47B413BA648A98EB6E92AB73AEE602912CD13E7DA23EF3CEA1490C1B9DE50"
Last-Modified: Sun, 19 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2924
Expires: Wed, 22 Mar 2023 03:12:15 GMT
Date: Wed, 22 Mar 2023 02:23:31 GMT
Connection: keep-alive
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:0
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12708862
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6249531
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6249535
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6092708
expires: Wed, 31 May 2023 14:48:39 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 22 Mar 2023 02:14:33 GMT
age: 538
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6249520
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Wed, 22 Mar 2023 02:23:31 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/hp/utag.js
95.101.10.203200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Wed, 22 Mar 2023 02:23:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TFuJA51SlGGjCJ+eD6FpDA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
163.171.132.220200 OK 42 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 00168788570b1c7fa9af93ff911478ce
c8e501a52b72f99ad53a004a171b915912836fdb
55bae668721a923925e977ca2ae9b9a2839c22831827e602d7251d580d40a0fa
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /_bm/get_params?type=get-akid HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/json
Content-Length: 42
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=26oVo4gxXgN0jj615mlVqw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=C44DEBA8689867D8526C334627BE61F1~-1~YAAQjtAXAiDhjOaGAQAA7O8gBwlJGJ+cv8g0uLYGeDOISSd+429gz7mcO0U5kIs5iL2xQxms/l3V6jfwcRRTgsNhnmoBkyHnR/t7AXVCUC8c2WFABtLH77qVvuOASiQ9b6K3woX67ECOgLsKQSgDDPTdx+2RQW0Dvm3F0duv88Ft4IZEUU0T9S7yvwnjIxpoxpLrJ4mCVs8tJp/SXZATv9bQZBT1N7INMA/JkPgJCjIEjQWsqkxIfbZpSDFxtx0BEUCJYPKJqW+4H7zR2R5M8DCBqaUj2rCkjDtME6LVBCrs+Hfcajd5Op3pD0HPZqN/Rd0cgNH137ydz+ntvgf4g7vWbOQ9CMnplBrSw56xOrRNJ9lUM9iEVrBEWu7arTHcmg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:31 GMT; Max-Age=31536000; Secure
bm_sz=22574051DAC2108288A617EA810E5480~YAAQjtAXAiHhjOaGAQAA7O8gBxNEqndxAxKRfb+qHlO9eazIEeM9F34XTGkTyOlC97uYcPFKLUNI03Hc+4sSg1dDIx1xfhc7zHr7CGlQiB7krECW7npg7EXCr4V+vmetdIK4Vk6L+v70UBQTGR85an3fVDiVYVbHBtYGnTi5y7k/FMxqH5A8/BWCIX76mt/AksIoSR+oBhzjyuZUilIF4HwPF6Znb//9M4yYuPbiPu6VbtuW0+zgevNOXF2RXD2+dA17xnygkkTmg7/TdvXJw0s+mind7zlFQ3ab3rZT2JTTcEV6l4Tv~3618369~4473414; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:31 GMT; Max-Age=14400
X-Via: 1.1 kf182:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7926-10294
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
163.171.132.220201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2734
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=KnDNXGhPNq1tZFOFCz0xNg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=KnDNXGhPNq1tZFOFCz0xNg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=54507CC34CD7F52606F07AAADDD2ECC6~-1~YAAQjtAXAibhjOaGAQAAHPAgBwm92O5vl8QG7QNUH7MXk8ZbXbgTpMmruB+/lPJaF53FlJnPYsn4A2ksrXVnBR0ocsfeZZ0+hg0U3DVodEA6U50WrhKTuCRe1g9RFXsR+UYQAdG1msnRlBxlxrGorhGjF/neZC1pY3juloAZHGwePYPGqrwflZuK4VWo3XgNozuUg3GxYRgtc+dUONYE889zPy0lK1MYBJApp4EI2X8izs3Ka42FIRso1mQroX8Se21DjPC7UgRp7/dv5hoswTo7ocMABd+UApMUAII0MoKE1zhzp5yd3O9qHJYaWvGnrV3MvhpuUBqOABHghW1VBpAVHAmpxO6jEkyGx/H06DZu065Jih3rugM/oOKGPcOI7A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:31 GMT; Max-Age=31536000; Secure
bm_sz=1CC40E5EEF7843E472884F026D44D5D9~YAAQjtAXAifhjOaGAQAAHPAgBxNan6YxAN+smatxg/3V7CFWhxOPrMZelhpg1pM/ocGHZwgxhBfyJeQMOsn6SFAP+thVR1bzptutaFcUSp7GWYKy0uPe7rqRlCSi0wxLhubl5vENsth2WtMZOdvn3msSJ/1/+EYOyPEEU1BsszA2r7lMsJqJZZ4CH5W163PNMB65aNz+0RM8DFJmuKZF3JiMbSaURuYkIeJQLCFZ1W6Y0ClfXM7H7MF0r3QZJOJmKMC74aEODP/D+FK6O7Z67Ds3W6QY275/+F0nckGxgQgK932prUMd~3618369~4473414; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:31 GMT; Max-Age=14400
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7926-10296
push.services.mozilla.com/
54.148.187.127101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.187.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YJoq7zMPLpKgVSjR9wBKiA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: q9/+bfdrWN+OSXxxNRZ+GnhMTnw=
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AABlCweHAQAA2y-6IW2lcxZKYqJvP38xckxgksoHAQhwPQWnsREKBFCH87jJ&X-G2Q3kxs3--z=q
163.171.132.220200 OK 149 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AABlCweHAQAA2y-6IW2lcxZKYqJvP38xckxgksoHAQhwPQWnsREKBFCH87jJ&X-G2Q3kxs3--z=q
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (148765 bytes)
Hash 4a494b45fd4dbb7a7eafe9a27180d31a
2f4d62c4b7b52f2043dc50d9c48c75896afb9b75
5a09c44b3d3e4bb08ef5cdad58137249c8248e09a897b8f55e305b9cf98badf3
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AABlCweHAQAA2y-6IW2lcxZKYqJvP38xckxgksoHAQhwPQWnsREKBFCH87jJ&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:31 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Wed, 22 Mar 2023 02:23:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A3_vIAeHAQAArekO1PyJRx97Gkr0trGAG9XH82rNUXeY_d_57v-fwPS8eIt8AaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|0954231415b01f4a134c5bd63d9db2fdaee96951; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=3UrkhW5zLBBkJsjrG7h25iFdkS7RzIx7A9gschmVZOZFcfyoKKGwMqTlkDwlMJbA; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:31 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_8318-51761
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220200 OK 2.2 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10888), with no line terminators
Hash 62c6c339822e0c7632cc82c5903d70bd
45f1b13edafb8aa3358866f638796a3696f025c8
c85dbf56e12782aa18d71339782f6616e2ee3c14aebbb1a3c0e9c51f2f3f62bf
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:32 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2175
Connection: keep-alive
Content-Security-Policy: default-src 'none'; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-98e8e777-12e9-4832-b165-fee1829955de' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:90; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:182; Expires=Wed, 22-Mar-2023 02:24:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230321192331865662228; domain=.wellsfargo.com; path=/; expires=19 Mar 2033 02:23:31 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=ECF445F6F9006A8BBD2249C6F45E3076; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=8t56fASW3BjY7eeMXFNtgIBf2hyGndoT4mZvKFor9HoGSgEgU%2fHGmGgkhdhzASsY; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:31 GMT;Httponly; Secure
_abck=95B5DC6518C8AB434435FA7B0D73D199~-1~YAAQjtAXAjzhjOaGAQAAH/EgBwkVgjesiha7RDaFWXXHG5NSDdfu52RC41zhed3xZ/M75I9gN77Z7bMwR1KP9npHSYJWNACujZJtTpYYWbRPkKLU3vaKTE7i68pV370GSbmpdSFKEyCNnK+Jqsj+djkFXeFVKB8lHYhrAY5wcFzAGZX01P0BEs7QP8zrsiHmHuffjykkQCcVXqIGj/l5ZJPP1XsUaOZK2IlpXSR/g3vyqECzz3dlH97IP5BZJOEX+ZCNKWGbycAn1GIDf6q/xaHcWl5X5enMKwwQ5A4z7kUYeSPUzr9zFvmF1LMxMEHBuaCypRuvTwaPdyT+rFpTUIdg/Apz6Beth+SDxO8iy6+AaHteIrMPNgBTLvTq8tCijg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:32 GMT; Max-Age=31536000; Secure
bm_sz=8C28D8841EF1E137E5D6DA28912D5A7E~YAAQjtAXAj3hjOaGAQAAH/EgBxNSJ/xYz7xSMZE/WEp92ORTOmfbT4HvbINjfsNcetTrA2dPIwdJ6LcdXaSKvpabpqfvbeC2uzYR7Zb/bxHiezkpf6sPSIxbH1+MfIeFQs8RnJ6N+dPWQt2EdDyuBIy24dbrUt5mf/0BBvgExK4YthtUEOKzki4mOknSDnoOqKQyjhS8I1S/fPLNKMTGBC7tguCYhxtBXA/VtmFMUfElqtm05zCaT0BAZjRxLuvCzeXj0iZqsoBI/J7xU0e9mtjsTr9XIYeehi8nB6Cmk+Jjp++ybeFR~3618369~4473414; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:31 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7974-48355
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=46863
expires: Wed, 22 Mar 2023 15:24:35 GMT
date: Wed, 22 Mar 2023 02:23:32 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1745812
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Wed, 22 Mar 2023 02:23:32 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
163.171.132.220201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3099
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Wed, 22 Mar 2023 02:23:32 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UfyO1s51tJXwz4Gu9eVegA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=UfyO1s51tJXwz4Gu9eVegA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=E29BD9CD5464A00807EB33D934AB4724~-1~YAAQjtAXAkLhjOaGAQAAc/IgBwmQlOdVkVK3R2rV0dVav8T9SAFNPyauEsJSxNbCyRNeCGvaoRQJbb/ot7y3W3BtCLqac/mi14m4AcnJI7iisjuW0zhb7doFVw1OogHLJIT/eRMCnItV7YVuB3+A6N/vaYQcpQRC/WGIjluhuLe76+oSNsKbw9ACm8++yyT2GmZg8T2R8RJQuFmLORxq9FlJZabc+/pVFXdwE6FCJ9uTZEIdKFSIXOz2s4G5Et3IqpyjgYFfRq1aFRBFK29SrCU/u0ccGeZ/RAzDfyfqFqkYbSaKYJP7KP/IU3X4gym0jtZsmygp8ESJOs25jqSXYUhEjK/EczCf5R4WoPn2kLsaJta1R0MOn5fUstXAjYlizg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:32 GMT; Max-Age=31536000; Secure
bm_sz=1C33CD84156216631F32F4AADCE4DA40~YAAQjtAXAkPhjOaGAQAAc/IgBxPl8pafvnrZ4lK+ZdzI2OXvI1B69Dx9629+785VXUmIUkBNDwrzgOfIySlEe5pHz8r0LmHFa3E9KfSyguyJ0g0c0IxhAYVXK69BHND8IBsB+rzB4IGDeAUfU7EGaftpmsd5lO0Z7r1zJLJpM3WNQbOLLbzQUpBzTGSvtN7EW8a2Q0SimjTJAw8qfVPEQfs9fMWKw16dMoobvIw1GLWpqVWfIhY10k4kQrDFaTT84lRXHAUPojHEVEeL953EOZtEPWHFD4BVs1QXtj5JQibgxNyKOoHP~3747907~3491377; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:32 GMT; Max-Age=14400
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a4_kf175_8318-51792
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
163.171.132.220201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /x0af-9mZ-MsJY_AWwWuyIqN-6KA/9QEuD4Xr1YaJY9/FwcsSHIcHw0/CE80Z/nc1CEE HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2376
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Wed, 22 Mar 2023 02:23:32 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pnf6pctzdfbBe6j5HuZzmQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=pnf6pctzdfbBe6j5HuZzmQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=A9740D6D586ED3660D03FC6B5A272B0F~-1~YAAQjtAXAkXhjOaGAQAAYPQgBwkbxLcG0EqGsGvPrGl2ZmsU3HH6Rvkmo//qTkxWelKpUhWCv41fHY/kNiBxsk34yfRTv4+oX+7761kVEaTGMLqAtDVwuZVQtaXTpAR/h1hdFiSN7EYc55DBIgvoJdgKFQ07c58XGrzo5/As9WMVHRXlfsBy8wcP1w5ty1vjRw8+HSiJL02QUc3fQ58CXKZ8K2dIfbvO7IW6ktTwa7hXZKqmQOVRczZG9MjB7opiCt+mBYP2PHc3AxndjhvFNeGbyGWLJYfaj6coewCtH5cBkswBLkrCJv/4rti/C7fzoyLLYpHy5kj1BJNE6+iS5fspu7uHHaLzDF2AkHXv8YsMNYt5ncca877VUacZOARGdg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:32 GMT; Max-Age=31536000; Secure
bm_sz=6E69DE9A930BFE891D185DCA1823A4E3~YAAQjtAXAkbhjOaGAQAAYPQgBxM2e0Gg8luXVkTELrFDiAn55oWiqE5G8qpb9ZVf6XD8bSD7r3+6rlw7JUdPmnxDQVH+IMcEKRkjcEG7YGM+aAH5FPt3DwYgLJ+rdP7MIV2TOR8m1GyB88047kE9DdT4Sx1a1NE3/j3USbIr1nc1MR3/dJENNbRvM2njU0XOOUpJ50UF03V1SlUao86szG0XKk5tI3lUgYp5AR2OciX+pjAUvCYmzBAgJVqIdnuFaQmOFpbBAvR6TqpP2tcqZQimE5t8pcTQWTDKrSwy5Q+5AYkpGoPI~3747907~3491377; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:32 GMT; Max-Age=14400
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a4_kf175_8318-51802
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
104.110.27.78200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1744460
expires: Tue, 11 Apr 2023 06:57:53 GMT
date: Wed, 22 Mar 2023 02:23:33 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1745832
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Wed, 22 Mar 2023 02:23:33 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1662845
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Wed, 22 Mar 2023 02:23:33 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1746418
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Wed, 22 Mar 2023 02:23:33 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14179
Expires: Wed, 22 Mar 2023 06:19:52 GMT
Date: Wed, 22 Mar 2023 02:23:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14179
Expires: Wed, 22 Mar 2023 06:19:52 GMT
Date: Wed, 22 Mar 2023 02:23:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F140913d8-f59f-4684-8c5f-6b7bacd2ea2e.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F140913d8-f59f-4684-8c5f-6b7bacd2ea2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f6590130a54c765dc666e36ff4aa2173
4cf14cdb893f9f22f4b51f98b75d5e07deb90e58
08cfa51d0dd9e9ea345c7db78bd2935593c48f04713cdf54c2f156833899622c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F140913d8-f59f-4684-8c5f-6b7bacd2ea2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5279
x-amzn-requestid: 44deb98c-dc8f-46df-8f44-60efd929ed24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpsfF26IAMF7kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a231c-776b1ff931fc840b14e714f5;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 4VqAwrvf6iXVjHvLVh_azMREuYh2HEQnBLThZWw6FFb9wykVwL5lSg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:47:59 GMT
etag: "4cf14cdb893f9f22f4b51f98b75d5e07deb90e58"
content-type: image/jpeg
age: 16534
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fefdf14-71ea-406c-8f95-a49ece04fd97.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fefdf14-71ea-406c-8f95-a49ece04fd97.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 81bb3fb1225b699271640895a4309319
33e6c4daa21f999f0b3130f776041c917aac790e
24caa8b21e95e372f4719070e3a475831e789b89fe20dd59ff9517b3f6958162
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fefdf14-71ea-406c-8f95-a49ece04fd97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3438
x-amzn-requestid: cbbbd56a-5744-4a8e-a307-50b8a3f2c7f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CEYtgHQPIAMFeDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641807ef-6e8ba89016eca4a91be82b1e;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 07:14:55 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: o2-th1u8_utA4a564xdRVZKYg7uvwZHNQ7haDjO1SgwGwZKf1ExkAw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 07:40:07 GMT
age: 67406
etag: "33e6c4daa21f999f0b3130f776041c917aac790e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1249d209-fb6d-4a02-9081-d8658b8ff632.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1249d209-fb6d-4a02-9081-d8658b8ff632.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13917543b8b3f8cdd572aff9d898b6f5
7a6a1c68fdb21a228f55db88933e5c2f69c8ec42
b6eb766589c295c2a909e837fe1a6d9bdc4715baab77a4fe14d2a6f775e78e16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1249d209-fb6d-4a02-9081-d8658b8ff632.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2909
x-amzn-requestid: 89330fce-b0cf-4f8e-b065-231ee439172f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJqPyHWLoAMFlww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a23fe-619e4e36404b1ee94212e2d1;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:39:10 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: GNF08Td2MDYTOGOVe-eNSQ-ftMAPX8JZznVEmHI4f4QfE9kOOFYEhw==
via: 1.1 17d76c2aee343249585a570f2d36d2ee.cloudfront.net (CloudFront), 1.1 b618c0f73dc30c968057784ed0185d7a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 22:07:35 GMT
age: 15358
etag: "7a6a1c68fdb21a228f55db88933e5c2f69c8ec42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43902d40-a241-4dfb-996d-6923d7f45960.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43902d40-a241-4dfb-996d-6923d7f45960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d4f19d99d8cd53ca98063658a371edc
55a77e71fc7c324f7447071d6728f4e0fed32075
d195469c91dcdc56c78f821768e948a9813b6c0804345e67b382e49d4ed95414
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43902d40-a241-4dfb-996d-6923d7f45960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8507
x-amzn-requestid: ca96a0e7-b76c-43e5-9a51-cbf34683b22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJps-GsyIAMF5zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a231f-06d49b766daa7cd078c3a607;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:27 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: CcEddQzROf7QMwsffbFV4CRkCHhgarCDazUkr_j40l0kZm8hvPrLWw==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 22:09:39 GMT
age: 15234
etag: "55a77e71fc7c324f7447071d6728f4e0fed32075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 2e9Y7K5xIkpbhFR8a4kGAVX7X2-97lB13zHrjOuqlkalxzdbCDcfPA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:47:57 GMT
age: 16536
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1015d7fd-e40b-43e6-96a6-6aece54206eb.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1015d7fd-e40b-43e6-96a6-6aece54206eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12b24c5279fe815489141e47ee4d63e6
db3552b97a2904334f71d3200817a7b544e16528
dd4ab9d19b843881a476f533c8e52b2cdc3449479252a717320c3d286376d0fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1015d7fd-e40b-43e6-96a6-6aece54206eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5350
x-amzn-requestid: 1acb2fdd-666a-48c6-b178-0c0d8a30951d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJqKLELqIAMF8IQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a23da-589ac4735f2f0afc4e0d726c;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: cxan7Y-kht0EyYxJ_wUsqfxBWIcrhXY-Iog5EbDUCKOc1T703JyzKw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:54:04 GMT
age: 16169
etag: "db3552b97a2904334f71d3200817a7b544e16528"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817678&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817678&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817678&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=TUD0fcYFB9s1vU%2fnfDRGLJKOv+uPOyz3V9qxI8HJKWXUtjVjAA7ExmESjaOLI%2fmX; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_8318-51804
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817747&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817747&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817747&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ShWHO3aYYh30EHokJdiGacGaftpagMLB%2fkOZLqpCom%2fINR+lTn1MMHa621F%2fQPuY; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_8129-6839
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817740&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817740&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817740&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=cFy46gHqxCN4ImysTsPyuU2uRM1gq+9+BILdkLfHhZgK7lBNoeg5fQemFBGLGPke; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_7974-48370
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220200 OK 308 kB URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65357)
Size 308 kB (308145 bytes)
Hash 09692edc541783c3d9e1fffdd645c70e
a0dc9751050cc567a7f7f7732116e16a1117989f
1fded794298268e8997cff93efa597bb60d71528d3e8ca4af840a7dd38a64e11
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:6fade487-41fc-4b43-9b48-809f2bc186c9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:90; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:32 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Wed, 22 Mar 2023 02:23:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=N2uakDcSIH0KDrMAmH8LqKGyJz0DjboXrad0w9ybgWo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:31 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a3_kf175_7958-14459
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817756&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817756&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817756&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BKdczAHNIiltCgefAqhgueLyYXRXPwp1eIdEysQFHiyigr7cIBbo1M1cPwUCyxbC; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_8129-6843
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817758&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817758&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817758&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=3okKN1odIxMsp+B28sg4%2f0atkfSzPHZ0XlCxTgXJ2gAb6EV2ull3uEb2VaCWeOB9; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_7974-48372
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817744&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817744&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817744&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=XbA8DH+7GGoy8HvJtRL803ZcU3g6VRER2GCaqLaodsyRkD8q1R1DEWSdCaPl8Dnw; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_7926-10308
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817750&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817750&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817750&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=DiI%2fwK42l6qopZVt%2f5wXyz4yTQtwVOg6JWEYIM7jj1iTI4ylb0HjDuQTOjY6rlTM; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_7985-63241
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817753&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817753&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817753&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=PhKFY0qlOmX2uBpXP1sfiKGHMj2%2fciX6ye3ZgayrHag9RBIt35e2h3SXJVL90Znw; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_8318-51807
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 951 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 83a33d51d4aa35f54f2f6c2199c150b2
07f73b41675e50d9966b314f2b80c0f19b72d87d
a85551eb8605dc8c8a4cfdbdecce7c9a91bfca0fe5b63d23d59aff1f1a96cf94
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "636fb758-81c"
last-modified: Thu, 19 Jan 2023 19:32:59 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 951
content-type: image/avif
cache-control: private, no-transform, max-age=1779557
expires: Tue, 11 Apr 2023 16:42:51 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1554904
expires: Sun, 09 Apr 2023 02:18:38 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1659257
expires: Mon, 10 Apr 2023 07:17:51 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1727627
expires: Tue, 11 Apr 2023 02:17:21 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
104.110.27.78200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=1076605
expires: Mon, 03 Apr 2023 13:26:59 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c46-769"
last-modified: Sun, 12 Mar 2023 14:30:40 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1771670
expires: Tue, 11 Apr 2023 14:31:24 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1761194
expires: Tue, 11 Apr 2023 11:36:48 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
104.110.27.78200 OK 13 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 9546dd9c0fbb7de266a2fbe85e233840
c1d9c5b3b5fa7b3490d989bef5ebb6c9ed48d613
df56980fe7ba7e6ec928aea7ea45292c5e41eef8a0a2de9d0c0682f039a788a8
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c48-e73f"
last-modified: Wed, 15 Feb 2023 22:32:34 GMT
server: Akamai Image Manager
content-length: 13262
content-type: image/avif
cache-control: private, no-transform, max-age=1945078
expires: Thu, 13 Apr 2023 14:41:32 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 338cfc728ba1dbb6840c74558c5b9d9e
16d3653d467c5e8f80600b924a91fc19d3bf416f
dcc2606ff287abd984b9e619a55adb02716c387721e5482b604503b0602e3cd0
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "635162e0-ce5a"
last-modified: Mon, 31 Oct 2022 17:02:20 GMT
server: Akamai Image Manager
x-serial: 60
x-check-cacheable: YES
content-length: 22174
content-type: image/webp
cache-control: private, no-transform, max-age=2039937
expires: Fri, 14 Apr 2023 17:02:31 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
104.110.27.78200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 7ae922293ec607f02d2b97502d277eb0
f0a9bfd1c7cd3c15d6f00c6765febdc5406545d6
828ad10b1cd19124350d846916da0031a93d1b2f02a74695b97fd82503627318
GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4b-172e2"
last-modified: Sun, 12 Mar 2023 06:54:53 GMT
server: Akamai Image Manager
content-length: 32345
content-type: image/avif
cache-control: private, no-transform, max-age=1744328
expires: Tue, 11 Apr 2023 06:55:42 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
104.110.27.78200 OK 37 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 610cca644e5b3cff3d2aa622756a5262
21d77bf774d09ef0d2aadd12e9b554bdcfabf685
9c48183f44abcf70ba1c5752a29e2e3fbb314ed363d918ee00f4977f70dcac3e
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505814-e902"
last-modified: Tue, 01 Nov 2022 15:12:20 GMT
server: Akamai Image Manager
content-length: 36638
content-type: image/webp
cache-control: private, no-transform, max-age=1945126
expires: Thu, 13 Apr 2023 14:42:20 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1739738
expires: Tue, 11 Apr 2023 05:39:12 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=2504361
expires: Thu, 20 Apr 2023 02:02:55 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
104.110.27.78200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1746080
expires: Tue, 11 Apr 2023 07:24:54 GMT
date: Wed, 22 Mar 2023 02:23:34 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817761&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817761&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679451817761&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4OM3Y2NwJRnHuLsW1ogREFbP9aZprVf7ceAlhkFXgcRX+2BLgVIv4vzdotMRF3JA; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_8129-6844
c1.wfinterface.com/tracking/gb/detector-dom.min.js
95.101.10.203200 OK 132 kB URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UZ%2fCwxqO8WMlZNLAEW+JyQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
95.101.10.203200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Vm2fcWVW7q0SHLxoehnTsw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.24200 OK 572 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
Hash 1763778a15448052cdd06f85629e4990
af01eb122ab5886733397826b9306fa1594e4002
693484c43d7293eedeef2778a8c7dd8f119fd4cb5f383a1ccfe8d2494e9485d3
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: W/"63d9c378-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 572
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Wp9z9Pb8OXSxbHCjqX9QFag%2fpmx5wSMLKU42qlaTpT3FRcWyf2TInRmqbPDd8un%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817767&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817767&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817767&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ORPDZFR5aa5pkXUWy9U0mqVyLbqpWTQsB8CjSdHQG6bEhsmQqbyOWF5pEb7g0J0B; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a6_kf175_7985-63244
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 8985a972c00f9f53b82336f5eba2a27d
a3b08130ee04b846718f40c6fe5222cc38a84c92
e687a038ca84c19c9346b0c5a66d17453d343b11265843739939c08d136027fd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 83
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:34 GMT
Last-Modified: Wed, 22 Mar 2023 02:22:11 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash aa0b02047e2d86281b8c23f18f0a997c
3eb38073a6d5150c27a96b705ce0210cd7e77620
62f454fe15e193a4be1c774f8e08c19fa46a160a905a7e1ebee6b1aacc6c05bf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 19 Mar 2023 20:38:02 GMT
Expires: Sun, 26 Mar 2023 20:38:01 GMT
Etag: "3eb38073a6d5150c27a96b705ce0210cd7e77620"
Cache-Control: max-age=410666,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7abaf92fdd5a0b02-OSL
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
23.36.79.24200 OK 23 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 30fbb91a8809ad28b5247c068c4f0bf1
83d1f59f0f0de511ee95721592fa423bdb246d4b
fc5b00cf395341a0b87f3bd8e584e291564e0054e9f108b39ad4183725e37ed2
GET /accounts/static/7M/accounts/public/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23085
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: "63d9c378-5a2d"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Dg0H4GWmmMtH%2fh7fxC+wFQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
23.36.79.24200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 51b455a6be9a1bf4c5c1220262daef7e
7039556f32796267c0f053ee35a201c0d1149e3d
aac04297e3624bdcf3f99c9a16335cf0d5af781d447de3c3c0ea46e659c3f0bf
GET /accounts/static/7M/accounts/public/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: "63d9c378-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Ajv1kSQ%2fPbu81axHMK8iyA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679451818637
52.212.210.65200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679451818637
IP 52.212.210.65:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 156c4619e31431d611014d3c09c133b4
b640d9978cca42c1a816617b42c0951b683e88ad
9e416201aa44ad3d152a02a130d6f8a63a294f95378bc3cf596e2ee50ef41579
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679451818637 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-03cf679dc.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=80258174458075709771958183035420615480; Max-Age=15552000; Expires=Mon, 18 Sep 2023 02:23:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: pD5SdkopSbE=
Content-Length: 320
Connection: keep-alive
api.rlcdn.com/api/identity/idl?pid=1317
34.120.133.55451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP 34.120.133.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Wed, 22 Mar 2023 02:23:34 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
95.101.10.120200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bCAP+XfYMXzAhTw%2f6PgO7Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817760&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817760&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&cb=1679451817760&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Tue, 21 Mar 2023 02:23:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=7EJkkHndFQkc+BiA6hofhKGUMYl9xY24SE9aBPK7O7bswNyTQTIw3X5xFC2ufnde; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a5_kf175_7958-14528
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
95.101.10.203200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=CH%2fzS5fIGwPzu4UuknC7uA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
95.101.10.203200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Sl0A7+g20IDb%2fk+5IDtk%2fg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
95.101.10.203200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=EsF%2f%2fx7qdKlgkdf8fqmRPw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash fa83f40823aa30f72cdc34df2b3248d7
223e45cb2c565fee35a8ab3cbcb3ab64ff48aee0
c5416476051f7a5d84b02daa078a5fe04895444821f93d186d331a6fd960db6e
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------303909295531266974512145963143
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:1$_ss:1$_st:1679453616289$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182; dti_apg=%7B%22_rt%22%3A%22DQcIVq1dgB%2FE8CmqyTu%2FsMgnc6jLgnXfxndinia9mcw%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DZ2cIdv9o%2fZTEL1vRugfKLjK3le%2fmWXgZ6RPuu1aQYMNu6+t%2fiq+Oy+qKktTSSHE; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
_abck=21FE47AD8A9B30F394F63C04C83941C2~-1~YAAQlNAXAi0dJeOGAQAAePogBwkv4AyXA2BbrlTB2Rwz812olE9gRh7NO2LYG23WJmfT3GJYx2e9lohqURMLBFaIp6i0Q1f/vOGCQrEbswaQwcmBXvTyuSYjBT5sg3G8e1fDleqqfFyYipjwvTPn8dhW5MkR+MjTimc2Su4e30BYaoCwAQlwldNmPb9pHNz50tde7vOGe6jkjhvvn6ycZXy8YGtCEuj0F3TgZ4Emf7udf5/or06u9cxzTzb+HwHAVS97bPvmBAaSFcVSN+LB9Duue+XcZdkTiSZTob3gPLnjscxQgAXBW3/douACtLwL/EhcDCxO/DfbRZU4b4WImfHAh1QQe2rIiUiz6fL6XWASAfyTJqtx+76j5T/ds6IITQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:34 GMT; Max-Age=31536000; Secure
bm_sz=EEE319D04D05ED225AE3B4FDCA292F8A~YAAQlNAXAi4dJeOGAQAAePogBxNxiyNzVmz9dIeBic/CSbDC2bBw7JOpZLuOwe9dzrN2YRHuEFceUoKUT4iy2NRzN84EGngpu3Qj+T7DEOeqjnad2C8wTcFGUi1bYJbZx3iD+pz0D3RyRG56SG7uR9jElSxnpgcqmyZq5qBJPGGnGz4O6PPJxqD8cqTcM6JX2WLbKZS2jNILeBxTzQVvqS0h/9q9Waae2dNG7iS57Iz8S5t/KkHVklhOasH6nIHqiXgzEpLqj404Vs7ZGUQ3sNt7+pyq+U5s8UAS4rLaYhJsHSpr1mn9~3159088~3359811; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:34 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a6_kf175_8318-51815
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=80289061449087206901955077843871553835&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202303211923312058713327%011&ts=1679451818919
52.212.210.65200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=80289061449087206901955077843871553835&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202303211923312058713327%011&ts=1679451818919
IP 52.212.210.65:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 93f695989ac9d2b2d17e74920730c1d3
3b4058f9cb7ce179dbab6eea1c205e10d45035a0
0210629ef05aa202cbc8f332ad16cecad947c764fca717cf54e6545c52fa6eb8
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=80289061449087206901955077843871553835&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202303211923312058713327%011&ts=1679451818919 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-09eff2095.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=69239490117822250051859394849786989748; Max-Age=15552000; Expires=Mon, 18 Sep 2023 02:23:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Ek3AZc5BRO4=
Content-Length: 320
Connection: keep-alive
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.bd6612f680d429d52883.js
23.36.79.24200 OK 3.8 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.bd6612f680d429d52883.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7626), with no line terminators
Hash 828ae8106215ac1187df82547fe09342
d3e7c71cdcb263f7ebb32f9a38c042093d2e52d6
20a713633dc723111c70fd6721963eb77222a3993cbc1801fd923f9495947307
GET /accounts/static/7M/accounts/public/js/runtime.bd6612f680d429d52883.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: W/"63d9c378-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=WuMvcWW3PsHtfyP7AIIwwT9s+EsamaiHUrQzmx6QFSAcxYBJuYEkyOKqfkMz42T4; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=64354578-c7af-4947-96af-21cca81fe940%3A0&_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f&pv=2&f_cls_s=true
23.36.79.18200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=64354578-c7af-4947-96af-21cca81fe940%3A0&_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f&pv=2&f_cls_s=true
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 77886f41a8e14366d602928dd205906a
1b3bd8407eba5a835b2d0dee30a09d95c15e6031
9bd1de2fda38fe83a5cf7e613fa469785152c923b190ade61e74e478d31f6a73
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=64354578-c7af-4947-96af-21cca81fe940%3A0&_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1188
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=64354578-c7af-4947-96af-21cca81fe940:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!ae2H9QtVJzpU3E4q/D2JHXmrrcNtC+pvPD79QoFLkEZSwbhDZzyVp/zymLplWrS2oK6a/IhRBqNzEA==; path=/; Httponly; Secure
DCID=811HEoRZt+XP8YvqdXf58628FymzcLS4T5c9X1ERh+Zfa4XhbGYuccVfZf1%2fAhdo; Domain=rubicon.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
95.101.10.203200 OK 14 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YGVtPJ1ROAR52TftQ1frIA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679451818644
52.51.141.47200 OK 316 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679451818644
IP 52.51.141.47:0
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash 8c0adfa053805b1676dd7220a52ebf75
4ab8e89d1896cada216e7c9055b7f81abc0c4f1d
74747e15bf2658055bfc8ad6d5dadecfa03eb21f82242a741c8c69a7c013cdba
POST /event?d_dil_ver=9.5&_ts=1679451818644 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 392
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0a5fb53d3.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=80258174458075709771958183035420615480; Max-Age=15552000; Expires=Mon, 18 Sep 2023 02:23:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Yn9OmZQLRR0=
Content-Length: 316
Connection: keep-alive
c1.wfinterface.com/tracking/ga/ga.js
95.101.10.203200 OK 20 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=JW9KIuugm5Yuy7PlDtDPBg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.24200 OK 151 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (150721 bytes)
Hash 9e5fb7b8223ee60ed1e1284fc6237cbc
132fde900774855b4dc671070649f6501ed831cf
5f4968ba695b07def7453fe1f0cc9cc5327bf2f41826184c43dd0866d6281992
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63f57dbe-168e"
Last-Modified: Wed, 22 Feb 2023 02:28:14 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 22 Mar 2023 02:23:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A3P5IAeHAQAAyTye9gXLjk4Zt5p390_QA4AoqpiVLejuQ1jP9GmiRs3cD3miAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|be54034386cd2ac9550908b2b6ecb2fff8db219b; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=KMLjwtrzSnY0eeG4mCLD6k5SdNgXHA%2fc4vruQy2nTZ8UftREXV5dsHF+xvRl64z9; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dcd9f6156f4e8761c71f09d9e0461adf
4dee53387d92dee7833943bf23ae641776434c8a
d2e17254d2aed901036ec6ea67bd8ee2dbc4e7f7f4faa241ce17a4ea76f65af0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F?
142.250.74.38200 OK 311 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (547), with no line terminators
Hash 43521c760171a0cef06e3c55757dbf11
4974bfdf66deba2fa89b47939f1efba1454ce2b0
926a167f21ecc4d8b0374f8f0f6e7c0c1c225010a4a27b8c838009f67fb9a892
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 02:23:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 311
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 22-Mar-2023 02:38:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dcd9f6156f4e8761c71f09d9e0461adf
4dee53387d92dee7833943bf23ae641776434c8a
d2e17254d2aed901036ec6ea67bd8ee2dbc4e7f7f4faa241ce17a4ea76f65af0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c1.wfinterface.com/tracking/ga/ec.js
95.101.10.203200 OK 1.3 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cxiKaeMr%2fpMPGQFThRcpYQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
95.101.10.120200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Wed, 22 Mar 2023 02:23:34 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ONfyM2+8FXQQISBGn4yaag%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3e968c0f4319273e79821cbabf3bdbdc
99f1127052594878d49370fdcc61b1e4fbb69e61
82ea5f81bec224fa88a6b83c50481d819586b5de2fbb435d522d24ce1250b6cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/as/jsLog
163.171.132.220200 OK 0 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/as/jsLog
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 342
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:2$_ss:0$_st:1679453618905$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:182; dti_apg=%7B%22_rt%22%3A%22DQcIVq1dgB%2FE8CmqyTu%2FsMgnc6jLgnXfxndinia9mcw%3D%22%2C%22_s%22%3A%22Rht5XapS%22%7D; _cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f; _cls_s=64354578-c7af-4947-96af-21cca81fe940:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C80289061449087206901955077843871553835%7CMCAAMLH-1680056618%7C6%7CMCAAMB-1679451817%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1267600071%7CMCOPTOUT-1679459018s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-a7065ac6-c254-4271-9868-3fe14cd1eb3b' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:6e348c9e-5678-466a-a205-4acfecc8e085|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:182; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9efca99e-a87e-4fa2-96f0-b8c9c25c0b32; Expires=Wed, 22-Mar-2023 02:24:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9efca99e-a87e-4fa2-96f0-b8c9c25c0b32|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Wed, 22-Mar-2023 02:24:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Wed, 22-Mar-2023 02:24:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=10C7AA144CFE31435D08659DB760B0A9; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Thu, 21-Mar-2024 02:23:34 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303211923341133118759; domain=.wellsfargo.com; path=/; expires=19 Mar 2033 02:23:34 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Wed, 22-Mar-2023 02:24:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:17; Expires=Wed, 22-Mar-2023 02:24:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:17|d:1; Expires=Wed, 22-Mar-2023 02:24:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!A6AUAbQLLZBLj/4Gl7IZxfIs0wroUS+tUkqZ55onyv7eFw00aDXkBhORLFzH9GpNUqIwIgsMsjbfX44=; path=/; Httponly; Secure
DCID=ciBDL9txgdfh8cBS0UtZp0Tu%2f9uzmd+bV6grEaJSGyQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
_abck=05C8BA8617C29C826CCA04B245C69E47~-1~YAAQlNAXApAdJeOGAQAA9/sgBwnlXVk5lTZu6lO0kWAz2tHQxYWtwJBhCb6f170UWhlpK6IaT37r+kZTGjAV+bhoVB0yLZgJ8amv4VX5MJ/B9ybpCoy00nEhJOsLGzs8fCy2+JSfdvQw1Zr47jxLSHjo5TJkVClcc9o1wWSlrVFe3PGkxMpg5CqWwB1fh+T98/jD58IPmDD7qUdVzbbyWQ7+FuJhNyH3K8y7EVfq4vmWyhflYNHqrlnC3n5tejCL5Emmk2qoPDY+J+x5w/r532eqfYz/DBzxqmWOmm0pyBj4eKPoXEWCtDzr1hrgeeEdQ4BmYl15EWlzjpCgyDw3ZlzaBbAg6Dx9cc0kXXcYyBhwxsaPWK9KgQ9HWFQJEpTvaA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:34 GMT; Max-Age=31536000; Secure
bm_sz=9FB076B4101312872C7CE4B9CB1118E9~YAAQlNAXApEdJeOGAQAA9/sgBxPRu4g3lgsSyX7lJF0nqVqZtuYsffjkupRwMqC1Orh/rMvjtAKwj4BwDxJxNR0KruVg+kcah5G061DLQMRePUbM85JjTRtJGHkbNglWnDn0Xh2j4+EFCeTiv6l1svlg0h7X2AOgNpFa3a7FatouVNRopj677Xa4NLkQJrjyMDbyiB8FZ6KbT0oB/na3bfZ/qbdwk9scXka3SQjQHipkSxHdkz3AKsMJQgkNSpPzREF59RozxC/kqf0nj0oIFrC8McIXT2Po3/zv8b5vU8wS4cmBoyir~3159088~3359811; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:34 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a6_kf175_7958-14559
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=20495774&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=978279449&gjid=171279692&cid=1059750215.1679451819&tid=UA-107148943-1&_gid=2110982303.1679451819&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202303211923312058713327&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1059750215.1679451819&z=493885204
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=20495774&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=978279449&gjid=171279692&cid=1059750215.1679451819&tid=UA-107148943-1&_gid=2110982303.1679451819&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202303211923312058713327&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1059750215.1679451819&z=493885204
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=20495774&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=978279449&gjid=171279692&cid=1059750215.1679451819&tid=UA-107148943-1&_gid=2110982303.1679451819&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202303211923312058713327&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1059750215.1679451819&z=493885204 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
date: Wed, 22 Mar 2023 02:23:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash aa0b02047e2d86281b8c23f18f0a997c
3eb38073a6d5150c27a96b705ce0210cd7e77620
62f454fe15e193a4be1c774f8e08c19fa46a160a905a7e1ebee6b1aacc6c05bf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 19 Mar 2023 20:38:02 GMT
Expires: Sun, 26 Mar 2023 20:38:01 GMT
Etag: "3eb38073a6d5150c27a96b705ce0210cd7e77620"
Cache-Control: max-age=410666,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7abaf9309d980b02-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3e968c0f4319273e79821cbabf3bdbdc
99f1127052594878d49370fdcc61b1e4fbb69e61
82ea5f81bec224fa88a6b83c50481d819586b5de2fbb435d522d24ce1250b6cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=64354578-c7af-4947-96af-21cca81fe940:0&_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f&pid=87a2c6c6-dc00-4e18-a1e0-1ebdd57ec6bb&sn=1&cfg&pv=2&aid=
23.36.79.18200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=64354578-c7af-4947-96af-21cca81fe940:0&_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f&pid=87a2c6c6-dc00-4e18-a1e0-1ebdd57ec6bb&sn=1&cfg&pv=2&aid=
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 77886f41a8e14366d602928dd205906a
1b3bd8407eba5a835b2d0dee30a09d95c15e6031
9bd1de2fda38fe83a5cf7e613fa469785152c923b190ade61e74e478d31f6a73
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=64354578-c7af-4947-96af-21cca81fe940:0&_cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f&pid=87a2c6c6-dc00-4e18-a1e0-1ebdd57ec6bb&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2839
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=de760e43; _cls_s=64354578-c7af-4947-96af-21cca81fe940:0; _cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1188
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!zZPU2NJHSRCmTiIq/D2JHXmrrcNtCwBlZjC0LTZszEvDC/6b7S2ps7UQAsJbXCf1UQtbc2DJvQcm9Q==; path=/; Httponly; Secure
DCID=HcAzPQqUk2Q0pt5his18Jh3aApctQXrr+ziQTickT5NiIcCizWuaZRYhDEFqdFD1; Domain=rubicon.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ff476bde43022243f6c3f9dddd9360d3
7862bf4ba04f1218f10f85bbddbe2a11aeeeece6
6e8b017b6722c1f95b920e14876ef42e2a38556bbad3b9f4b1b1879634ced74a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1059750215.1679451819&jid=978279449&gjid=171279692&_gid=2110982303.1679451819&_u=4GBACUAKBAAAAC~&z=1047013435
209.85.233.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1059750215.1679451819&jid=978279449&gjid=171279692&_gid=2110982303.1679451819&_u=4GBACUAKBAAAAC~&z=1047013435
IP 209.85.233.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1059750215.1679451819&jid=978279449&gjid=171279692&_gid=2110982303.1679451819&_u=4GBACUAKBAAAAC~&z=1047013435 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 22 Mar 2023 02:23:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ff476bde43022243f6c3f9dddd9360d3
7862bf4ba04f1218f10f85bbddbe2a11aeeeece6
6e8b017b6722c1f95b920e14876ef42e2a38556bbad3b9f4b1b1879634ced74a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.24200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 22 Feb 2023 02:28:14 GMT
Vary: Accept-Encoding
ETag: W/"63f57dbe-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=%2fYBWspy9yF6mIYb4tc76QV4mpRvrCh9GcvoOQ6JEsWZsV6n7yro84tMiNCYk1h5r; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9446303f24a6e8e8d138867549399aa2
410a03d7475ec879b8e346f1706aea491e3f1da5
f7d7017ca9dbdf1822739e9baa6f34868504e6ce0d827aeeef82517c5db72960
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F
142.250.74.66200 OK 314 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (546), with no line terminators
Hash a2b71c67ecf0704dc9d85b361580b47c
120ea73f034b6085a866e7a326f567bd4f610729
9209aae4561593dc348bdd29ff118f45344c88fb51afc9de211846d9ed019b63
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 02:23:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 314
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9446303f24a6e8e8d138867549399aa2
410a03d7475ec879b8e346f1706aea491e3f1da5
f7d7017ca9dbdf1822739e9baa6f34868504e6ce0d827aeeef82517c5db72960
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8a237b3ec23da41b2cdefc39b643691f
322b5b2a4fb99140ac53a94058d34a4806133519
4d88ec2ff0cf38948e56dabbd03130bb35850d89921fe80e242e762fedde2468
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F
216.58.207.194200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=4690700820145;gtm=2od8g0;auiddc=1244435355.1679451819;u1=11202303211923312058713327;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 02:23:35 GMT
expires: Wed, 22 Mar 2023 02:23:35 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ort.wellsfargo.com/securereporting/reporting/v1/csp
95.101.10.185200 OK 0 B URL HTTP/1.1 ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3597
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 567207dc-ea1d-4212-77d2-04969f14588d
X-Xss-Protection: 1; mode=block
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:d410be71-3fe2-4a1d-8931-d7c2d6bbc580; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:d410be71-3fe2-4a1d-8931-d7c2d6bbc580|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:4; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:4|d:9; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
DCID=ZbwymhjBdGi4d6y8BBkR5GEnGIcnvLMOyGhUTW4qh%2fE%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
_abck=C4C44E8042A7F8A66FCC74C11114014E~-1~YAAQtQplX4Ad1OWGAQAAhP0gBwmSLqdFJvu310vIziT5nv3A3UObN3giYJp56R/Ct9wsDcLrlJe1xfB0kHF9Xf8Hvbg2UNfHCc6n9bftF36E0FtGwWCN7udJlIiM1Q6+OWq71/t4AE1bWszpgylciJKoEd5PnZhOPexSvBSp7wfd5h80e8R1gdIq8LS4Pv8oy2hvSV0e2xBrZY6mW+a0K7sJL5SngkK9p2i/dBdVvGR6T+N9QRvYXCvtuIIMnKFYmXdaNMrj4Pkk7Rhe5YzP23l5UuefQf9pq9jHKRuQ528/1w9NzRf+YNWiwd1Ru/YaA0Q1ltGEb1qJJlB9E5Mo0Dp8SX68Vrcsw6ifI6lr61JOx9+pBSAY9zlZY0zIrUX1BQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:35 GMT; Max-Age=31536000; Secure
bm_sz=E3EF174FC5C7A2A6A862E1FEF8164C47~YAAQtQplX4Ed1OWGAQAAhP0gBxPLJLPyUBD2xV8JWZfxv3DNyjl6dOYZR/GZa9had1PF6InxiHpeZIYUIqWQ3VgvEI7xqx5KvB6omD2fXmTICPviqBu5l6SPmhQCbREF9nhzuys4EAhgJ2WOzBV5ylfAQysotx/N6NQgXCd6ssFMdlzK7GwDQIiU4TRL18QFMGq18ZWIUfREXVum4smF/Yv8PSsLn+2Qve0lQWmXylkOJ86OatBEjvfi82Y+Qx0BFCFV+vsR5afTPDpkePCudx1iIZLSuGdwq0vaf185dmb3D4Mlx51c~4277316~3294273; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:35 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8a237b3ec23da41b2cdefc39b643691f
322b5b2a4fb99140ac53a94058d34a4806133519
4d88ec2ff0cf38948e56dabbd03130bb35850d89921fe80e242e762fedde2468
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash e2583a1f4b002a577fcb3c39e988590d
5bf921721b9509d6b7c7b9473bcd9369651bccd3
e3c6a4d9b245d0eb522a530309639dd561a8381123844fa21135acf684e1f70f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4303
Cache-Control: max-age=137587
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Etag: "6419cc4b-1d7"
Expires: Thu, 23 Mar 2023 16:36:42 GMT
Last-Modified: Tue, 21 Mar 2023 15:24:59 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash e2583a1f4b002a577fcb3c39e988590d
5bf921721b9509d6b7c7b9473bcd9369651bccd3
e3c6a4d9b245d0eb522a530309639dd561a8381123844fa21135acf684e1f70f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4303
Cache-Control: max-age=137587
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:35 GMT
Etag: "6419cc4b-1d7"
Expires: Thu, 23 Mar 2023 16:36:42 GMT
Last-Modified: Tue, 21 Mar 2023 15:24:59 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.24200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4f150294db8e987c02d059cce71ef584
6fa13506ffcd0219aea4d944460e4b827a32e6fc
2d2a2d6212ce7a26ae44cb035299f54bdd9a8e39a0f0bf78c017c9400e288fab
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37198
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=3EFxVV6G4x%2fJvJ3X8TAwIg+sqboSQCT8VJkY7R0RNW9X7GkJmSEde%2frCkgjwfvxz; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 38eaa8403d406c79d904d83ee525c335
a0318b6c3137cda2fbd368b843528a58fe7f065b
621131ca78c12f7d7b3c36d8cbee11d317b65d50dd3c47ddfb62744fad9c1b29
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2010
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:2$_ss:0$_st:1679453618905$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQcIVq1dgB%2FE8CmqyTu%2FsMgnc6jLgnXfxndinia9mcw%3D%22%2C%22_s%22%3A%22Rht5XapS%22%2C%22c%22%3A%22R1F4a0JuWnZVcmtVTjkzRg%3D%3D_ikOkUkml1_LGc-j_ybKcM0bNQS9-YLlvNrnDcfyN-qTgsiT4f1H_XBKVM-yi14VeRvuUZPYrd9lx2_op7AXR0pkBjRddwOMNEw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f; _cls_s=64354578-c7af-4947-96af-21cca81fe940:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C80289061449087206901955077843871553835%7CMCAAMLH-1680056619%7C6%7CMCAAMB-1680056619%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1267600071%7CMCOPTOUT-1679459019s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.1244435355.1679451819; _ga=GA1.2.1059750215.1679451819; _gid=GA1.2.2110982303.1679451819; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!A6AUAbQLLZBLj/4Gl7IZxfIs0wroUS+tUkqZ55onyv7eFw00aDXkBhORLFzH9GpNUqIwIgsMsjbfX44=; ADRUM_BTa=R:27|g:9efca99e-a87e-4fa2-96f0-b8c9c25c0b32|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:17|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 9
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+R%2fTVpdemz8hON+fQOAA1cqfhptxLrtPucIpyvhIMGXtMIUTtfhGjHfHDRN34Rm8; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
_abck=DD8403C131B516FC1D53038A728B8C86~-1~YAAQjtAXAkvhjOaGAQAAP/8gBwn+Ix2iGEeZBThiHAs8c9Y/v4gxLYPwFKw7OozloOuIyqI6KsLX9CR3/JGTSYZ59SplyQMSBx3ALCLUqFePJWwSEuE8jdBt8fUpyF0LPoh3xFu0+33L0qaKh+Br2HqFHAQ6GZ8LcJZyzbxjWbrBit1E+oINhlnDVAKY2TOm6ph2Ln3M/Re+V4pyIUQbcf92jPF+52EtTsly5KOLFlCdDqFD9QUddsaLyMjhd87fIENiOqTmAdU8JjB3uG9u3kXIZBVzu/1RJ7DuOBbx2oyFmk1zmtILzC5dvURPzXk8QgCLtuLbNx2PWCQqOnt21WRbPDnkytPXYHBnrW4P04UWu2kdBmEweo8MmBk8fvttUw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:35 GMT; Max-Age=31536000; Secure
bm_sz=B558392FDF40F6FD8F0466B0DC711AE9~YAAQjtAXAkzhjOaGAQAAP/8gBxPGljBwR9hRRTXw8OhZLBc273Qoz6I54qhK7QF9KewIsGErP7osfJEq2C7qtS27QVXPncWDqyBW6oH1cyBTXOIC8ZVj6JPeTCJZbNb4kBKRqBcHO53sLcnHLJ1Drn3/ejgUKajcSQ1VRkNDkRA4SytS83IYh/DLfMEBoDPNR4e//LUyBLXTjdnJznND72/o5mhNJllxWl+cwrJYPD6zXwxZF3PyEfbQnps1w/+ad5rejoW/Akwc8vABSJ/UefkG98jO7GVohWVOG3MLirkrLtSTs7az~3224131~4273474; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:35 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a7_kf175_7958-14603
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBDOW5yL3IzZFB3M0lyTUhDdysyN3ZLNzIzU1JIVWZzZnhBQVJ2aVN2UzBxOElscys0Tzd1Ui9DTXhuZGVYTE5tVkx4Q3VVUUQ0Vnk2aDBkZFg1T1hvZE90NHRkSnh0aGMzTEZ5OU5RR1cvVEdIM1F4aXRiZEVFTWZHNUlpeFNWMnFpUCtXTmRTZVBLSXFmOVRmU0ZzS3FreDNyZlR0MHg3OTlmbGY4OWU4Q2VYa0RhckxIZk9wRzd2WENoM0lyYUdvRHh5MUVSNUZJdzAwOGpZOUg1ZlA3dTlIMHRzZVVlNll0ejArZWxoM2xKOUpaTy9aTGNOSncyYVlsN2tWdlJKckpjcW51L05rMG43SkNFVzJVN0ZMdGVCTndibVAxUXd6cm05NDNRPXxjNzg1MjY5YzdhOTBjNmIxZTQzZTFkNmM4ODIzOGM1NTYzODA4MWJkZDM4YjNiMTgxZmYwZmI4YTQ2NzgwNGRjYzczOGIyYzRlNDJiNTViZjdkMTMzZDA4MjQ0ZTJhMDRmYmU0ZmIxNjY0YWEyYThjMmIwYTg4ZTgzMTY1ZWY3NzEwOTBiM2NiNDI0MWVmYjJmMzkyYjRhN2VmNTUzM2FmNjU5NDVhZDc0MTRhNDBiMjcxZTgyNDUwMThhYWMwYzM0MjU0MDc0YmRmYTMwNTM1NTliZDkzZTE2OTYxMzJkOGVkMjE5N2VlM2FkZDc1ODJjMWM1ZGFjZmUwZGY4NzQyZmUyYjNmMDA1ZDlhMjQ0MTRiZGVlYWEwYTZkZTQ2MjNkNDQ0Y2MzOTYxMmYwZjNmZjQ4MzhkNTE1OWUxYjI4NzRkOTVmYzI2MmI5OTJkODliZWFhODAwNzIxYzQ3OGM3ZGNlNGY4MmI0MDIxMGI5ZTgyNzYxMzMxZmMzY2EyZTVjZTE3ZDQxODk5OThmMGZlZThmNDVmN2Y3YmE3MDk0ZDJhY2U4ODJkMmI4YzY1Y2JjNjZlM2Q2OTEzYjFiMDhjOGQxNWE1NzVhMTYyNjJlMjk0Zjc4ZmJmNGFiYWMyY2I3NzdlMmNmNjE0Zjg0YTQ0NDY5NDgyODdkMDhlNzIwYXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com&t=jsonp&c=pecxdqloocadshhc&eu=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F
23.36.79.24200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBDOW5yL3IzZFB3M0lyTUhDdysyN3ZLNzIzU1JIVWZzZnhBQVJ2aVN2UzBxOElscys0Tzd1Ui9DTXhuZGVYTE5tVkx4Q3VVUUQ0Vnk2aDBkZFg1T1hvZE90NHRkSnh0aGMzTEZ5OU5RR1cvVEdIM1F4aXRiZEVFTWZHNUlpeFNWMnFpUCtXTmRTZVBLSXFmOVRmU0ZzS3FreDNyZlR0MHg3OTlmbGY4OWU4Q2VYa0RhckxIZk9wRzd2WENoM0lyYUdvRHh5MUVSNUZJdzAwOGpZOUg1ZlA3dTlIMHRzZVVlNll0ejArZWxoM2xKOUpaTy9aTGNOSncyYVlsN2tWdlJKckpjcW51L05rMG43SkNFVzJVN0ZMdGVCTndibVAxUXd6cm05NDNRPXxjNzg1MjY5YzdhOTBjNmIxZTQzZTFkNmM4ODIzOGM1NTYzODA4MWJkZDM4YjNiMTgxZmYwZmI4YTQ2NzgwNGRjYzczOGIyYzRlNDJiNTViZjdkMTMzZDA4MjQ0ZTJhMDRmYmU0ZmIxNjY0YWEyYThjMmIwYTg4ZTgzMTY1ZWY3NzEwOTBiM2NiNDI0MWVmYjJmMzkyYjRhN2VmNTUzM2FmNjU5NDVhZDc0MTRhNDBiMjcxZTgyNDUwMThhYWMwYzM0MjU0MDc0YmRmYTMwNTM1NTliZDkzZTE2OTYxMzJkOGVkMjE5N2VlM2FkZDc1ODJjMWM1ZGFjZmUwZGY4NzQyZmUyYjNmMDA1ZDlhMjQ0MTRiZGVlYWEwYTZkZTQ2MjNkNDQ0Y2MzOTYxMmYwZjNmZjQ4MzhkNTE1OWUxYjI4NzRkOTVmYzI2MmI5OTJkODliZWFhODAwNzIxYzQ3OGM3ZGNlNGY4MmI0MDIxMGI5ZTgyNzYxMzMxZmMzY2EyZTVjZTE3ZDQxODk5OThmMGZlZThmNDVmN2Y3YmE3MDk0ZDJhY2U4ODJkMmI4YzY1Y2JjNjZlM2Q2OTEzYjFiMDhjOGQxNWE1NzVhMTYyNjJlMjk0Zjc4ZmJmNGFiYWMyY2I3NzdlMmNmNjE0Zjg0YTQ0NDY5NDgyODdkMDhlNzIwYXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com&t=jsonp&c=pecxdqloocadshhc&eu=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 45949b9ba426ae9742b130f837dab32f
c9b80dcdeecc9a8ba73ff02e3d628b28490338bb
91b6e4fdf82967c3a0da92a2e066e73e4cc90dc5ca2208e22297079a30494cd3
GET /AIDO/vyHb?d=ZW5jZEBDOW5yL3IzZFB3M0lyTUhDdysyN3ZLNzIzU1JIVWZzZnhBQVJ2aVN2UzBxOElscys0Tzd1Ui9DTXhuZGVYTE5tVkx4Q3VVUUQ0Vnk2aDBkZFg1T1hvZE90NHRkSnh0aGMzTEZ5OU5RR1cvVEdIM1F4aXRiZEVFTWZHNUlpeFNWMnFpUCtXTmRTZVBLSXFmOVRmU0ZzS3FreDNyZlR0MHg3OTlmbGY4OWU4Q2VYa0RhckxIZk9wRzd2WENoM0lyYUdvRHh5MUVSNUZJdzAwOGpZOUg1ZlA3dTlIMHRzZVVlNll0ejArZWxoM2xKOUpaTy9aTGNOSncyYVlsN2tWdlJKckpjcW51L05rMG43SkNFVzJVN0ZMdGVCTndibVAxUXd6cm05NDNRPXxjNzg1MjY5YzdhOTBjNmIxZTQzZTFkNmM4ODIzOGM1NTYzODA4MWJkZDM4YjNiMTgxZmYwZmI4YTQ2NzgwNGRjYzczOGIyYzRlNDJiNTViZjdkMTMzZDA4MjQ0ZTJhMDRmYmU0ZmIxNjY0YWEyYThjMmIwYTg4ZTgzMTY1ZWY3NzEwOTBiM2NiNDI0MWVmYjJmMzkyYjRhN2VmNTUzM2FmNjU5NDVhZDc0MTRhNDBiMjcxZTgyNDUwMThhYWMwYzM0MjU0MDc0YmRmYTMwNTM1NTliZDkzZTE2OTYxMzJkOGVkMjE5N2VlM2FkZDc1ODJjMWM1ZGFjZmUwZGY4NzQyZmUyYjNmMDA1ZDlhMjQ0MTRiZGVlYWEwYTZkZTQ2MjNkNDQ0Y2MzOTYxMmYwZjNmZjQ4MzhkNTE1OWUxYjI4NzRkOTVmYzI2MmI5OTJkODliZWFhODAwNzIxYzQ3OGM3ZGNlNGY4MmI0MDIxMGI5ZTgyNzYxMzMxZmMzY2EyZTVjZTE3ZDQxODk5OThmMGZlZThmNDVmN2Y3YmE3MDk0ZDJhY2U4ODJkMmI4YzY1Y2JjNjZlM2Q2OTEzYjFiMDhjOGQxNWE1NzVhMTYyNjJlMjk0Zjc4ZmJmNGFiYWMyY2I3NzdlMmNmNjE0Zjg0YTQ0NDY5NDgyODdkMDhlNzIwYXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com&t=jsonp&c=pecxdqloocadshhc&eu=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9zXF7t%2fcxXZwR2Chljdk05nkb3iZ7Aw4YH5ws3NqpNCHnTLzu4rXwIoigBeS43zB; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
_abck=CACD021A51C93D2FA40F4CD1D08E7BE9~-1~YAAQFE8kF7wG9+aGAQAAZ/8gBwlctV2b/u5BTb/b0XsrK6WidKCeL684DjsEzChZ4fVVfI19ta6Iy9rSpYLUv8sq4rRapcRhFqY9AFxeYj+Pzl/bsbXslwqU8evPOyrXxMB9xdZTqDoSP27bTGsWm2V36IUyVIQExrD/d34mVgqixPCzqYx+tv2RVXDsVa79YsGPx9cfzEVB5c7zDobt7HZVntaJnwNxzJKRfs/bPFA5+05hc68yQEt7++KsBvj1ax5pI9IXuuewlW1GDV/bmtgFQ95kl6Ctossl7AObMBumpWEo5W6jM8fgjPzYYON+S144x00JpKDCQyk9kdz1jHn68VcKv7gxwflxQjq4RUjVyU6mJ2f5ulyGfD63eL671Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:35 GMT; Max-Age=31536000; Secure
bm_sz=084B0A01EEF8061196FD53F5EE524D3A~YAAQFE8kF70G9+aGAQAAZ/8gBxO4rEaOiVCwOyr/VzTil+Wq3A9JtMQbKfsCvPawjl7jtGxW20ufQIJNCSIzkS3qxx7HLHSXqQizX8z4a2qMe5J0H9RPeNdZvqTXlU34o7AR7O6NAUxv1TLWiJ10N2h5NFpW018x9vBjqdaS2299DUQXVPsGFTnumyTNpozrgaf2BpcowOT62oq3NiYDu6/Pkuw/jSNtTS9SedjNW3p7ICxHFzgI5LeLrNYGGcXMy9W+5n8qRirTGIAmq5FWf5B3b2xIKE33dgx9MBbJ/xcsNDyb8NeJ~4539205~4339767; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:35 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
23.36.79.24200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash 965807c70ad6e5b693212bd7a4e849f6
eb6d91f7861769667e436755cfb97284b67250bf
f3fd9d1f8aefa3ca7258f71a24a5f2d02c0723f3658ba26922651df08d55d573
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17915
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:b3a63cba-7f62-4dd2-827b-a2226f01b672; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:b3a63cba-7f62-4dd2-827b-a2226f01b672|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
SameSite=None; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Wed, 22-Mar-2023 02:24:05 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=k8FIOAeC46nU0+XIsflcPUo37T26I26laIALc3SL1avjnbxf42QzMnXfCaujTbYu; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
_abck=F0B2234640D9C680EE100FCC1CFF1338~-1~YAAQFE8kF74G9+aGAQAAe/8gBwmUR6yj+Ht8mZAUddZYnv6I5gbAifYQYEscZRE/RSyD82JtEA4T04VCt7K+Xe/C+aEdv8EbYKO4ByJmddUFR1YPvsbUpFXyIu5A9n8Okh+YNJ/44YoblCkdZIc/fK3bGDlY6ULY/0elJmQCs1bCQx8OcopwA1SSZb+ojsRXgfCVg5DSmRVvuSo+atrYurJzMz38uA77kvu+GU94As+/1Cb1D+4BVnrga5901ILytIHJTJr0dJ8gusUOizaXA7MyXBBS7El/DwRpKwJaLtzkU5anZV1G3H3s5QoXvD3FIzqgJOn2j0VGQDkLsEGtYVM5aUX/w1yLWKmvBOg1bMZZFGY+xGQNZ6Nf0SiwvNnL1A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:35 GMT; Max-Age=31536000; Secure
bm_sz=66E060288576E21D43F015E0AF8427C4~YAAQFE8kF78G9+aGAQAAe/8gBxM30BYIS1ks1LLHXoo4rKxsyQWX9n2gpFgiB5J7hgjjamYP+M1lnf96CtOyI7vpv0/YDeFoNfmnckMx7T8imX/Yx19xriSmf6kF6hUHLidIc/k/cCvv0N3UFz+T8bhgrToTomb+hvFdGwthW6QjdvyhnxtcgsSGtTXvX3N6/hUkZaK+dS5URMYP2RUdrmJ5IxVFXWbQ/BsoReAfwgnRdOhYA95K7lDcCaHu9he5YJEnp1lm1fQnXq1HfKKA5YtPobZhxkcjpwhKib/Nh84l8a6HdIVX~4539205~4339767; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:35 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.bce22143e85144f6d513.chunk.js
23.36.79.24200 OK 220 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.bce22143e85144f6d513.chunk.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
Size 220 kB (219853 bytes)
Hash 37caf4cf45f23e01dc4f6071c53204dd
1dda737907cea6de6acabd27b0b510870832222f
0c77b64dbee74ff7fe3956cd2a53edff515360b224e67debcf30f0dfa7e922fa
GET /accounts/static/7M/accounts/public/js/vendor.bce22143e85144f6d513.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365437
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: "63d9c378-5937d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=rnnfxeOvoLMd3YAkkCVdJMEQS2KPVKK6Xt2fAp3vGyxvEOXTQnuZTiosrA7Q8y9g; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash e2ba316dbf0d1c231f12512204d0e832
16271f049892b4d07ab70043935b1873a2e423f9
99a5a7e359df4cc82ef7a931bc93c0252f28c938155c1a6bd886550a0709cb11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4817
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:36 GMT
Last-Modified: Wed, 22 Mar 2023 01:03:19 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 22 Mar 2023 02:23:36 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f86da0dd278dab61512989673262b7b7
0a9e07a3e3001b0fd895cd6be56f4b6929048e7b
ac48a2d4cff37e533bcead879c78d3a6f937e6c07fe2aa71a7d0aa4cc5181752
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d8076782b7586aea6d69480d5434652e
6bd6f10f27f62711c6783bc8b5ea72cb74622e2f
ab660e165b0044aa0ca16ab2a42ac38a1922a24a6ae6e879d4e3e1e9c19822c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash e2ba316dbf0d1c231f12512204d0e832
16271f049892b4d07ab70043935b1873a2e423f9
99a5a7e359df4cc82ef7a931bc93c0252f28c938155c1a6bd886550a0709cb11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4817
Cache-Control: max-age=127675
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:36 GMT
Etag: "6419a392-1d7"
Expires: Thu, 23 Mar 2023 13:51:31 GMT
Last-Modified: Tue, 21 Mar 2023 12:31:14 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679451819273&cv=9&fst=1679451819273&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
142.250.74.130302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679451819273&cv=9&fst=1679451819273&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1679451819273&cv=9&fst=1679451819273&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 02:23:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1679451819273&cv=9&fst=1679450400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--xp49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=641773639&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 22-Mar-2023 02:38:36 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1059750215.1679451819&jid=978279449&_u=4GBACUAKBAAAAC~&z=182844889
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1059750215.1679451819&jid=978279449&_u=4GBACUAKBAAAAC~&z=182844889
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1059750215.1679451819&jid=978279449&_u=4GBACUAKBAAAAC~&z=182844889 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 02:23:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f86da0dd278dab61512989673262b7b7
0a9e07a3e3001b0fd895cd6be56f4b6929048e7b
ac48a2d4cff37e533bcead879c78d3a6f937e6c07fe2aa71a7d0aa4cc5181752
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 02:23:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ort.wellsfargo.com/securereporting/reporting/v1/csp
95.101.10.185200 OK 0 B URL HTTP/1.1 ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3829
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: a3d7e07d-c857-43ce-5dc0-be6bc6bbc548
X-Xss-Protection: 1; mode=block
Date: Wed, 22 Mar 2023 02:23:36 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:f78d79d1-affe-4138-8809-f180171dd9e6; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:f78d79d1-affe-4138-8809-f180171dd9e6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:4; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:4|d:5; Max-Age=30; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Path=/; Secure
DCID=8eb2raVGD6Fk7H%2fOkw4NABygjav%2f2+ALUSSwOgbDYO0%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:36 GMT;Httponly; Secure
_abck=B1476257BA7CE8558DACE7354D5B20B7~-1~YAAQtQplX4Id1OWGAQAAOwIhBwmIzD+PG6e8hM5mOAlwkQ6rNHt4iiew1bjSsnf4+6VVlG0KtRTpk51lerXw7O6TrqD4JzliTkDTNYBViOW3L6IWQyUeh+QPszYCyOCGtCwMKyrjpf+phI5Vn9J4ha1rW7YHvS3F4mLmS5pqvNO15l4Bp9QJN3jXNQSbZRpthY5jHKO+MBxhNliL9+fgbMmOt/tUWisOCa51/vwCfKaeCCBAFVdQrPLmRI+oNV+x/qeqj1Z4Su+RZ7ey9MZqMBXp1qWmkIVAEygPU+ZrbUg35W+rx5RhaRLl1o1ZSYw9M7QOcCIsA0mOxSC3ePNi5hodB82o2Ka9InzjvKDyuD5lvT+3/7p1VTuY2zRg/F+mcQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:36 GMT; Max-Age=31536000; Secure
bm_sz=54DE2EF8259D25E7451372B96EEB92E5~YAAQtQplX4Md1OWGAQAAPAIhBxNaFDT+JnNRKxpFcMsEgg5ncHS7xpPCkhumNSPVFD7UJfRNCyaoESSu0n8Xu6XiYJ3h6teBZ3jyKIytLHtT6Ezj2WDw0vXUBeGE4gVqj1bKc9ysl9CFudajCvou49XSb+E1C0W+GFkeqw10AzAGu1nocasc+V9gk8OMBMiBD3PrCXvEk+/cZciRcG2o1NAqxGhV+7VfU5nD/uLsL62jc5qX5ingArYDW3UfA0ITN6bW3yPRRwVAZTXy9PP1jforFKQurCkeBptad587JqR+62yeFI7N~3748145~4604996; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:36 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.2303953852683278
23.36.79.24200 OK 136 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.2303953852683278
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136528 bytes)
Hash 4b8338b2f1c21311bda9548b4fb90e70
eb4cf4ff60e97880e5c35ac9772768eef5fbdb22
c312a8686be15551d4ea9ef5a74a496cec278e45732798f62b97c0b6066e7998
GET /AIDO/mint.js?dt=login&r=0.2303953852683278 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136528
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 22 Mar 2023 02:23:36 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=qvTeF8k7lc6py4yHgPxIl3o2x0gsNRGxM0VhaWwbNVXG3fXDEb7pmxD2HwWewZ3+; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--xp49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.132.220200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--xp49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash a0b7fb0dae25050b19289bddd2fd9143
5d5b48eb8f5bf291d8c9c0078263b2a97b5800dc
f2d299ea61349ba897bb44218ca6fb26f9c4eedecdaa635b597a8cd52e6fe651
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--xp49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Content-Length: 648
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!HTgNWBXfQ7Di0PF0PL2CkLh7/8NjqgTLthYX5FtXlEjIclTmnQU7vHYkuyaEKljSlOzmmQDiIzDRH/I=; utag_main=v_id:0187072101600021a19ea080ac9800050003700900918$_sn:1$_se:2$_ss:0$_st:1679453618905$ses_id:1679451816289%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQcIVq1dgB%2FE8CmqyTu%2FsMgnc6jLgnXfxndinia9mcw%3D%22%2C%22_s%22%3A%22Rht5XapS%22%2C%22c%22%3A%22R1F4a0JuWnZVcmtVTjkzRg%3D%3D_ikOkUkml1_LGc-j_ybKcM0bNQS9-YLlvNrnDcfyN-qTgsiT4f1H_XBKVM-yi14VeRvuUZPYrd9lx2_op7AXR0pkBjRddwOMNEw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AadmGmQAAAAAp8TX2O0Ppwt4OOUcA9S1%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; _cls_v=75563cde-7b1a-4f82-b25f-02bc1a08025f; _cls_s=64354578-c7af-4947-96af-21cca81fe940:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C80289061449087206901955077843871553835%7CMCAAMLH-1680056619%7C6%7CMCAAMB-1680056619%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1267600071%7CMCOPTOUT-1679459019s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.1244435355.1679451819; _ga=GA1.2.1059750215.1679451819; _gid=GA1.2.2110982303.1679451819; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!A6AUAbQLLZBLj/4Gl7IZxfIs0wroUS+tUkqZ55onyv7eFw00aDXkBhORLFzH9GpNUqIwIgsMsjbfX44=; ADRUM_BTa=R:27|g:9efca99e-a87e-4fa2-96f0-b8c9c25c0b32|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:17|d:1; LSESSIONID=eyJpIjoiT2h2TFdMbXlrQWEwR2l0QklQYjdmZz09IiwiZSI6IkxRMTJxQmt2a1RKbkdWNmxlZHJwQVU3N3Z3MkcrejNcL1VUeHpLTlFRbFRUNVwvRkNMQm4xQkpoUHE1NlwvaERSOHZEVEpQa3hHSGZiU3d3RExRR1pubk90d204TSsyVndhRmpocVhiZGZUVVBFUDJPWXo4ZjJ4eDIzck1VXC9LazlzaFFsMUtuclYxeUdHenlqUm82c2F2c3c9PSJ9.7150c8fd6988cf8c.YzdmMDQ5ZGYwYmE1MjBlNmE2YjQyYmE3ZjAxZmI1ZDZmY2Y2NWM4ZTZmY2RlM2UwZWZlM2M2MjBkYTU3ZjJmMQ%3D%3D; _imp_di_pc_=AadmGmQAAAAAp8TX2O0Ppwt4OOUcA9S1; ndsid=ndsanw6q5khpi1blfj2924t
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 22 Mar 2023 02:23:38 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ybBRpi3qBq8j5%2f1Mou6aSV1qgrcFTxjOb0qpJtzwvhCXyJjyfqLt0rXzU9EjsFq6; Domain=www.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:37 GMT;Httponly; Secure
_abck=2A2335CE61395FC1713DBD0E23BE94AD~-1~YAAQlNAXAqkeJeOGAQAAVAkhBwlj3Utyn4BCdaJS4qoULydulrpGYRctCNX75SSGiXxyiSw/cBd1soiU0R/OIWSE7ato0gVSvBxKDO+cnSnV4SxSNzI5e9i3kvEOPSTfJLEBT4TBKuUtlC49AAuy+EeGuKDUMquxV0LUe2ByYbC75fsVfUDiY4lIQTB/sG8WUMoQOp1lNLAl9NNZQqHWSSOuQEKKW7ynU2Hefdneotpf4gm4yX06uX0Y/qdsyLDOnsKfpAyjANkj1lGZopOVTgz0GseGNiRLGHRhuaT/hrK0eYURmtGbJqaEmGKbvTkIfojYPVthJDBrkmwLmPIRsGonsbj+kYbNGTxJ7c2YDx7vT/EVE0Mh7CjrQZZ2cZzoeA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Thu, 21 Mar 2024 02:23:38 GMT; Max-Age=31536000; Secure
bm_sz=DBCAF103A24E2D4FA6C995E203A7C1EE~YAAQlNAXAqoeJeOGAQAAVAkhBxMbgoeejnRz71hebifKv3pFVmN+dDNs3JzrpMgFWNrYMrpdtNO72I0bfMPThNxcCYRPoz/rrsP1wxYVWnYlwsp8uprtPk5FZtX3S/LG+RU7i+xa7JDzHa9Tg7NMoxlnr7MnsRdC85e4DxTXt+CJIt2g0xgHRQyvsr+5KmQbL8mVkTVbT6JuytcNWU+x2e+I1/M2nD6J0HR7WoPxFqnMz76fc3WCyXpt6bZrXgqVJWQgjXhteyMrjKVHTjXZRkOEG92DD0aBZSuXoJbzcKcS/Qjv4rzH~3486006~3356997; Domain=.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 06:23:37 GMT; Max-Age=14399
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641a66a9_kf175_7958-14651
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.ecf62c3a02822a5d5939.chunk.js
23.36.79.24200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.ecf62c3a02822a5d5939.chunk.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/main.ecf62c3a02822a5d5939.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 301066
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: "63d9c378-4980a"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=jAP%2fbKuPaprZ+mNxAlj7kZq3PBu+nDr3JGoZwpQRbBE6BVnI8HnbosXZ0MY3IIAE; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.9bb8714839d00df85c4c.chunk.js
23.36.79.24200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.9bb8714839d00df85c4c.chunk.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/wfui.9bb8714839d00df85c4c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 314535
Last-Modified: Wed, 01 Feb 2023 01:42:16 GMT
Vary: Accept-Encoding
ETag: "63d9c378-4cca7"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Wed, 22 Mar 2023 02:23:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=+J0Oa7OwGlGLZ2no6hlE+4qb8homBpATxsx6%2fZNk4+rpt6JmYsZG8aID4dfk59gv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Wed, 22 Mar 2023 02:38:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
44.238.28.214200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 44.238.28.214:0
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 02:23:35 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
44.238.28.214200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 44.238.28.214:0
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 02:23:35 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
44.238.28.214200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 44.238.28.214:0
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 14751
Origin: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--xp49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 02:23:36 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:957c4fca-c090-44bc-b219-a3745bae64e8; Path=/; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Max-Age=30
ADRUM_BTa=R:55|g:957c4fca-c090-44bc-b219-a3745bae64e8|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:5; Path=/; Expires=Wed, 22-Mar-2023 02:24:06 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2