Report - www.elda-cg.tg/wp-content/plugins/revslider/Wells

Report Overview

Submitted URL
www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html
IP
154.70.82.246
ASN
#30982 CAFENET
Submitted
2023-02-07 22:49:49
Access
Website Title
Final URL
Tags
wellsfargo financial phishing
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
1
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.7 kB	3.7 kB	93.184.220.29
oam.wellsfargo.com	109906	2012-08-24T17:42:28Z	2023-03-09T14:15:47Z	3.3 kB	100 kB	23.36.79.25
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.38.165.113
www.elda-cg.tg	unknown	2022-08-04T14:15:29Z	2023-02-07T23:49:14Z	1.8 kB	508 kB	154.70.82.246
static.wellsfargo.com	12306	2015-03-14T23:03:25Z	2023-03-13T06:46:23Z	2.4 kB	229 kB	23.36.79.26
resources.digital-cloud-prem.medallia.com	21249	2020-05-14T22:27:20Z	2023-03-11T07:06:55Z	442 B	2.5 kB	151.101.129.230
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.77.32
ocsps.ssl.com	14517	2018-11-21T11:22:19Z	2023-03-13T06:57:09Z	674 B	4.4 kB	52.6.97.148
udc-neb.kampyle.com	3039	2015-12-24T10:52:27Z	2023-03-13T07:25:07Z	2.6 kB	1.1 kB	35.241.45.82
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	50 kB	34.120.237.76
rubicon.wellsfargo.com	11786	2019-12-17T21:15:25Z	2023-03-13T06:46:24Z	561 B	1.0 kB	95.101.10.203

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-07	medium	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-07	medium	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	Phishing
2023-02-07	medium	www.elda-cg.tg/oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	static.wellsfargo.com/tracking/secure-auth/utag.js	34 kB	2023-03-13	2023-03-13
Pretty URL static.wellsfargo.com/tracking/secure-auth/utag.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:12:07 Last Seen2023-03-13 19:18:05 Times Seen1 Hash 6c928c6096bf56dbacbcfcb5287fd1e2 a0a21a633f418958d932f45ad7a3e5f40c058283 6478879db9ed10ac3e8ada3fbd66208b544cced5c08040333ac2334c8aa8b48c Loading...

	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	250 kB	2023-03-07	2023-08-01
Pretty URL www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html IP 154.70.82.246 ASN #30982 CAFENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen4 Hash 93e67617ba767b612c879777608a604f 16799fd1baa4bd8747624c0d6e4f4e4edc25707b d84afd040c8db2b0a25bbde655ad76d67d9ffa0eac551bbd546d7b4e456d68eb Loading...

	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	732 B	2023-03-07	2023-08-01
Pretty URL www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html IP 154.70.82.246 ASN #30982 CAFENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen4 Hash 7ab9311f70801d338d69b04fd7aeaddc 0efb52a7a800142a9a6a362b7e9070bd429fb143 f1002603b10b798d516250cd91e0c913daf4022e5a9acf546a30f268609d7817 Loading...

	oam.wellsfargo.com/oam/static/js/combined/change.username.js?v=571149307C	46 kB	2023-03-07	2023-08-01
Pretty URL oam.wellsfargo.com/oam/static/js/combined/change.username.js?v=571149307C IP 23.36.79.25 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen7 Hash 5722c87d81040efad53bd80f79c43f18 6032498a837aa89032211a6a75bd0c3e98f1c904 5abf3d85672a57957d2399dc0d5eb7a0becf8235b521973be6cf7be72cbd64d7 Loading...

	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	1.5 kB	2023-03-07	2023-08-01
Pretty URL www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html IP 154.70.82.246 ASN #30982 CAFENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen4 Hash 2aead39d1b578343ec4b3991f4553d20 ba373c4e6da1a63043a288ac5989f9736654be95 4511393fa1d826f523e8d0534089510513cfbef3816b46289f56ad398b3b7bf7 Loading...

	static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.49.202210132016	4.4 kB	2023-03-08	2023-09-21
Pretty URL static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.49.202210132016 IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:37:52 Last Seen2023-09-21 03:50:16 Times Seen20 Hash 725f20ce8d1afdb672062ad7b6375652 7920821c6cf158f9051bdac8c835c50939e2416e f6d94388f08f73ea73adbfa84c4ec5bff48ba7130e76c71479fcbf832c302d7c Loading...

	static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js	1.9 kB	2023-03-08	2023-03-14
Pretty URL static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:37:52 Last Seen2023-03-14 17:05:27 Times Seen1 Hash 3e5fd43cd384a6b198861f7f94359107 d308a154b84fd1134d4a4e8cca7865ff9efd9cc9 988ce210a0f58c104e2c122eb42338ddd85ff2e33b9b0ffe3af2d7df9e2b00ad Loading...

	static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js	348 kB	2023-03-08	2023-03-14
Pretty URL static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:37:52 Last Seen2023-03-14 17:05:27 Times Seen1 Hash 8ea2ef87708d00a74feaa82381bebe42 6c3884440c3b4e22026616868446c67280b79252 c567736fbf5b10d4933ff5632a372890f0cd43804f0e17ec9d5c8b1c9b8a14ee Loading...

	oam.wellsfargo.com/oam/static/js/appd/adrum-ext.js?v=571149307C	46 kB	2023-03-07	2024-03-23
Pretty URL oam.wellsfargo.com/oam/static/js/appd/adrum-ext.js?v=571149307C IP 23.36.79.25 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2024-03-23 06:17:56 Times Seen28 Hash 69c630c91c0669d3c88d29c9860ea4b5 1ad3e1b9c9e737b6a26006d5c98d86c8048ab6dc b78d57e1736f692e67a9f3e3762b84993e8984d3d7d72bc9a55e4913880ef3d7 Loading...

	unknown	0 B	2023-03-07	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 12:19:00 Times Seen36938410 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	oam.wellsfargo.com/oam/static/js/nativeapp-bridge-min.js?v=571149307C	4.8 kB	2023-03-07	2023-08-01
Pretty URL oam.wellsfargo.com/oam/static/js/nativeapp-bridge-min.js?v=571149307C IP 23.36.79.25 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen7 Hash 3ac75bf38b472d5dfc6a4d4e32cc1c2d f7e8656e66968c11468a21e8d6e3bb524843651e c88f9e693aac54facd0bcabe4193977dc791ae30529a2771ae564f08ffdb9a6d Loading...

	static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.49.202212120858	7.3 kB	2023-03-08	2023-03-13
Pretty URL static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.49.202212120858 IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:59:27 Last Seen2023-03-13 19:18:05 Times Seen1 Hash 0fed6cb0d9c5311487bc87baa5d5d225 a24f7a6d47a809e00f0beceb9cc7936a388687e7 60d47dd37dff7fa5a9353b251f9d54bbbfc2d9564003d347a85075d046ecee7c Loading...

	static.wellsfargo.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL static.wellsfargo.com/tracking/gb/detector-dom.min.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	190 B	2023-03-07	2023-08-01
Pretty URL www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html IP 154.70.82.246 ASN #30982 CAFENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen4 Hash d1f812064c45e806413c7c9afd6ca11f 1d35bded5d9c38c93e30dd49fd008c3d58427c35 44e850fc917e7422c5b46533a79df4b8511250f177ef3f11816e904a8635bffc Loading...

	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	526 B	2023-03-07	2023-08-01
Pretty URL www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html IP 154.70.82.246 ASN #30982 CAFENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen4 Hash c1c986eba8160669e7133d69f67faeda 80561d7f708245f4996fde8e25538db7d1e004c4 6ab9f242268adeea17eed978432f7870422e2cbc76dec9e6bddfe99c2a9ca5b3 Loading...

	www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html	259 B	2023-03-07	2023-08-01
Pretty URL www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html IP 154.70.82.246 ASN #30982 CAFENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2023-08-01 08:19:15 Times Seen4 Hash f129dfc2421b3b8d3a5f9736f28ca197 2416b897ad0a468ca1caabb6253f8d97e906dbca d514b7c1bece7fde74152b7c1a4cf9374320cb9fbfdb4ecf43e6387ea2cade46 Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4552
Expires: Wed, 08 Feb 2023 00:05:30 GMT
Date: Tue, 07 Feb 2023 22:49:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6546
Expires: Wed, 08 Feb 2023 00:38:44 GMT
Date: Tue, 07 Feb 2023 22:49:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12324
Expires: Wed, 08 Feb 2023 02:15:02 GMT
Date: Tue, 07 Feb 2023 22:49:38 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 22:36:32 GMT
content-type: application/json
age: 786
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Tqeml28bwMMErV/DUDyKeshjFogxjzWsaq77C9AVLiSxNpO2LzuYlj3xW1nsLaER/3WpXLLZB4o=
x-amz-request-id: Q81P1J213HEC3NKD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 22:45:44 GMT
age: 234
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 22:49:38 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 22:14:52 GMT
age: 2087
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4254
Expires: Wed, 08 Feb 2023 00:00:33 GMT
Date: Tue, 07 Feb 2023 22:49:39 GMT
Connection: keep-alive

push.services.mozilla.com/

52.38.165.113

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.165.113:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3BE74bqh3ALy33JR+pcTzg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LDq4us9QLCHAcKRUk99C78FPoJ4=

www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html

154.70.82.246

200 OK

264 kB

URL HTTP/1.1
www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html
IP
154.70.82.246:0
ASN
#30982 CAFENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64814), with CRLF line terminators
Size
264 kB (263788 bytes)
Hash
c41fcdb58af061fc321e14b654e502fc
f17af388398f5a6532a654839fa259f272ba4bbf
a6b3dfe7c068dfc608629e04c2f7cb359209ebc475c2fbf532c87ee9c6881fd4

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/revslider/Wells_Fargo/email.html HTTP/1.1
Host: www.elda-cg.tg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 22:49:42 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2022 00:01:30 GMT
Accept-Ranges: bytes
Content-Length: 263788
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8c7377ff093f01c4c01dcc72b7fb1fc5
b8c7099601f65aa1b01240036d84a872a6665bad
52d8ef50cab3ab5345e7118294ec5e9db61b1df659a698f7b1dbe4c745221976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3688
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:49:40 GMT
Last-Modified: Tue, 07 Feb 2023 21:48:12 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8c7377ff093f01c4c01dcc72b7fb1fc5
b8c7099601f65aa1b01240036d84a872a6665bad
52d8ef50cab3ab5345e7118294ec5e9db61b1df659a698f7b1dbe4c745221976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5968
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:49:40 GMT
Last-Modified: Tue, 07 Feb 2023 21:10:12 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8c7377ff093f01c4c01dcc72b7fb1fc5
b8c7099601f65aa1b01240036d84a872a6665bad
52d8ef50cab3ab5345e7118294ec5e9db61b1df659a698f7b1dbe4c745221976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5026
Cache-Control: max-age=123089
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:49:40 GMT
Etag: "63e1ffb4-1d7"
Expires: Thu, 09 Feb 2023 09:01:09 GMT
Last-Modified: Tue, 07 Feb 2023 07:37:24 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8c7377ff093f01c4c01dcc72b7fb1fc5
b8c7099601f65aa1b01240036d84a872a6665bad
52d8ef50cab3ab5345e7118294ec5e9db61b1df659a698f7b1dbe4c745221976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5838
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:49:40 GMT
Last-Modified: Tue, 07 Feb 2023 21:12:22 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8c7377ff093f01c4c01dcc72b7fb1fc5
b8c7099601f65aa1b01240036d84a872a6665bad
52d8ef50cab3ab5345e7118294ec5e9db61b1df659a698f7b1dbe4c745221976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:49:40 GMT
Last-Modified: Tue, 07 Feb 2023 21:03:07 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

oam.wellsfargo.com/oam/static/css/global/globalFooter.css?v=571149307C

23.36.79.25

200 OK

1.1 kB

URL HTTP/1.1
oam.wellsfargo.com/oam/static/css/global/globalFooter.css?v=571149307C
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1119 bytes)
Hash
2bb8d3b883aee14272aa9fd5bf93144f
759126aef0b4db0644f6ac6de5cb9cf9123c94c3
a838073f9b84cd56bbe93d1bdf1f6b624fdc0e9b2efc6a045e3911bd3e3196b6

HTTP Headers

GET /oam/static/css/global/globalFooter.css?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 25 Jan 2023 06:08:08 GMT
Vary: Accept-Encoding
ETag: W/"63d0c748-e13"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 1119
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2foa7LM4X4Wb5ZRQwwm4uqA%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

oam.wellsfargo.com/oam/static/js/appd/adrum-ext.js?v=571149307C

23.36.79.25

200 OK

15 kB

URL HTTP/1.1
oam.wellsfargo.com/oam/static/js/appd/adrum-ext.js?v=571149307C
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (675)
Size
15 kB (14672 bytes)
Hash
b4bcf20ab8345150ce1ca1ae1c079fe3
36ad92bb9ed18f3cb6aae35ae0efff05744fcd1f
6aae000f3cf00ea216f5126569f689086a22960375df104f80d7a642d2835340

HTTP Headers

GET /oam/static/js/appd/adrum-ext.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 25 Jan 2023 06:08:10 GMT
Vary: Accept-Encoding
ETag: W/"63d0c74a-b218"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 14672
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=CRdR8wREGNLRDp%2fG%2f+J%2f+g%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.credential.remediation.css?v=571149307C

23.36.79.25

200 OK

36 kB

URL HTTP/1.1
oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.credential.remediation.css?v=571149307C
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (5598), with CRLF line terminators
Size
36 kB (35605 bytes)
Hash
ed33c30083334d769b5eaff4d35ed591
56bf047107239361779c13410815d34555430c1f
41ebc26ace9f702b3bb0d3d7674a49041ce73670bcccaf496c7ca940fa601795

HTTP Headers

GET /oam/static/css/ssep/theme.ssep.credential.remediation.css?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 25 Jan 2023 06:08:10 GMT
Vary: Accept-Encoding
ETag: W/"63d0c74a-15429"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 35605
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=JMwZy1IYAPJpBKY0BxIgPg%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

oam.wellsfargo.com/oam/static/images/icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png

23.36.79.25

200 OK

271 B

URL HTTP/1.1
oam.wellsfargo.com/oam/static/images/icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 36 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
271 B (271 bytes)
Hash
583b8c10ee0bf99180613ea94606dacb
9d319a6fc2fc82ab0be7b0134d96ce527febe131
c3eae7afa0de88591ea3db2996b72ba0592ae63f0b9e0ffca90f03bcdab4775a

HTTP Headers

GET /oam/static/images/icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 271
Last-Modified: Wed, 25 Jan 2023 03:56:34 GMT
ETag: "63d0a872-10f"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Accept-Ranges: bytes
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SSHg4s7Ke56Btw0V8ft4wQ%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7800
Expires: Wed, 08 Feb 2023 00:59:40 GMT
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7800
Expires: Wed, 08 Feb 2023 00:59:40 GMT
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7800
Expires: Wed, 08 Feb 2023 00:59:40 GMT
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7800
Expires: Wed, 08 Feb 2023 00:59:40 GMT
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive

oam.wellsfargo.com/oam/static/js/jquery.min.js?v=571149307C

23.36.79.25

200 OK

31 kB

URL HTTP/1.1
oam.wellsfargo.com/oam/static/js/jquery.min.js?v=571149307C
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
43c4cc26afc8987522d2968001c59ca0
4121fbfa94ea24ba93e30a4072ccb05fe124d4a1
1636e15b320d5032702d99b0ed52abafba808e92e08ecdb139e9099099e41029

HTTP Headers

GET /oam/static/js/jquery.min.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 25 Jan 2023 06:08:10 GMT
Vary: Accept-Encoding
ETag: W/"63d0c74a-15d84"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 30879
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yfwbZ6utwvzeeM7Vy4z8YA%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

oam.wellsfargo.com/oam/static/js/combined/change.username.js?v=571149307C

23.36.79.25

200 OK

7.7 kB

URL HTTP/1.1
oam.wellsfargo.com/oam/static/js/combined/change.username.js?v=571149307C
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
7.7 kB (7672 bytes)
Hash
814ca330c1b1fdbe3ac3cb873784a957
0ed7c595983a5715efe3d80ccbf9e64db04b2135
6d6f028cd75109f07906a9ea9a3d81faa74a232d63726e0c725b186eb73aee12

HTTP Headers

GET /oam/static/js/combined/change.username.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 25 Jan 2023 03:56:33 GMT
Vary: Accept-Encoding
ETag: W/"63d0a871-b2a5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 7672
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=j%2fw7IDsUwZcE+4vwhScWnw%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

oam.wellsfargo.com/oam/static/js/nativeapp-bridge-min.js?v=571149307C

23.36.79.25

200 OK

1.8 kB

URL HTTP/1.1
oam.wellsfargo.com/oam/static/js/nativeapp-bridge-min.js?v=571149307C
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (4807), with no line terminators
Size
1.8 kB (1764 bytes)
Hash
d4b7a00e8cdff8180de04f80d0739781
24dd32db0725f8ff98590a7f9e82ff635ccec96b
8689b18b6cba4494556cd301a54bfbda1f9ea3aa95dac10f5b8b0027499ab049

HTTP Headers

GET /oam/static/js/nativeapp-bridge-min.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 25 Jan 2023 06:08:07 GMT
Vary: Accept-Encoding
ETag: W/"63d0c747-12c7"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 1764
Date: Tue, 07 Feb 2023 22:49:40 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cV7gIPKIOJ71qGvPvZ0gKw%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8629 bytes)
Hash
02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 3438
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13160 bytes)
Hash
003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 54253
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6805 bytes)
Hash
c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: ef7a879d-25be-42b0-a5c5-df6ad8f1482c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_R2FFv5IAMFZ7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c9c0-2f8fa7ef41b70de04cfb5ac6;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:59:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JxJrYYY7fMm_DCBcuC4OEdR62HL5VMvJbt_a6TWp4QfqN0qxgFgj-A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:50 GMT
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
age: 2570
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9760 bytes)
Hash
18a84ae645223aba0709b5e16c0207f7
0b865e797846520ccc6fff6fb2ee38d8836bd2c0
b1e4868045f074a84e3de1d82ec3ae22f6d2a1a4131b2a40bcce7f3f5375aff7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9760
x-amzn-requestid: 87a47ecc-20d5-49f5-b0df-149764b8de70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f58GkEyVIAMF7rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a6f6-3ddaec37482a7a0a22899279;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:06:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Vzm5Icx0826Yup-nqN0aAdGJLl9Q7urlUjGLUHxUqRWB_qSb4tupXQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:26:33 GMT
age: 55387
etag: "0b865e797846520ccc6fff6fb2ee38d8836bd2c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6060 bytes)
Hash
db6e81972b8835dc48a0dae751ffde5f
826e2195cc52905cfed0bc4f01646290261113b6
720e6105b2ccc9cbc8fd005d53873ced5467a852c7a5041ce2ef96785c0d92f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6060
x-amzn-requestid: 80cbc454-e1b4-4e53-a3b6-3a5ac11920c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PPQEPNIAMFkqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c594-4539ebb17f27d88a47100a82;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:41:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WvujLqUMXZ4VAF2OePAIOdk96p6-GwwVcWEGORS2NKZ3XxgGIZHAww==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:15 GMT
age: 3265
etag: "826e2195cc52905cfed0bc4f01646290261113b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/secure-auth/utag.js

23.36.79.26

200 OK

10 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/secure-auth/utag.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (7030)
Size
10 kB (10074 bytes)
Hash
c10dd5cad23023da24e4f6e4470a9dbb
e1ef1048e66b4581b09dbff5556062af908edf05
38951c499a9bb273b9e1ff68cd7847012b22a6d55bbdac4e844e08f287972f73

HTTP Headers

GET /tracking/secure-auth/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 07:23:58 GMT
Vary: Accept-Encoding
ETag: W/"63cf878e-8485"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 10074
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3tw7sWlMxRiCaUTX7ZVVOw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.49.202212120858

23.36.79.26

200 OK

2.4 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.49.202212120858
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (3223)
Size
2.4 kB (2392 bytes)
Hash
44449282135ec65f8a30f2d0019559bc
b5345b6412524b284661df58083cf4a69137bf07
4274fe65bf4837e788240c5554ea146522b4f639497f86f0ebad1cfdff13e71b

HTTP Headers

GET /tracking/secure-auth/utag.5.js?utv=ut4.49.202212120858 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:42 GMT
Vary: Accept-Encoding
ETag: W/"632cc052-1c52"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2392
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UALr4%2fgoN0GUQWaWB40T%2fQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.49.202210132016

23.36.79.26

200 OK

1.8 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.49.202210132016
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1090)
Size
1.8 kB (1841 bytes)
Hash
79d4c5b9ced319f1894c68d097b54f9c
75ad64d30369f91d7e2831b5b024364839e74d2d
aece2b5528a0cce3613b0ee26cc3455e0fae06eb730d8932d3baf5122766a5ff

HTTP Headers

GET /tracking/secure-auth/utag.21.js?utv=ut4.49.202210132016 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 07 Nov 2022 21:02:08 GMT
Vary: Accept-Encoding
ETag: W/"63697250-1123"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1841
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Peo2oDcPrCn++dDTVAZLBw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

oam.wellsfargo.com/oam/images/icn-nav-home-glob-18x17-000720-v01_00@1x.png

23.36.79.25

200 OK

239 B

URL HTTP/1.1
oam.wellsfargo.com/oam/images/icn-nav-home-glob-18x17-000720-v01_00@1x.png
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 17 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
239 B (239 bytes)
Hash
53fe1c00b7d6229830420ccdeac140b8
b7631c8027e595c0963f4470ee77ded4f0c7c48d
ec04389b5b81da4ce01879e7bc68a8cc1fe2b912efb16b01ea511b80f923f79f

HTTP Headers

GET /oam/images/icn-nav-home-glob-18x17-000720-v01_00@1x.png HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Expires: -1
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; script-src 'nonce-14c37534-81ca-4462-b38c-ff57b3e62f15' 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; img-src data: 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com https://*.kampyle.com; style-src 'unsafe-inline' 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; font-src data: 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com https://pdx-col.eum-appdynamics.com https://*.kampyle.com https://*.medallia.com/; form-action 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://wellsfargo.com; plugin-types 'none'; frame-src 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Accept-Ranges: bytes
ETag: W/"239-1672974740000"
Last-Modified: Fri, 06 Jan 2023 03:12:20 GMT
Content-Type: image/png
Content-Length: 239
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Set-Cookie: wfacookie=38202302071449411688538002; domain=.wellsfargo.com; path=/; expires=4 Feb 2033 22:49:41 GMT; secure=true; HttpOnly
ISD_ABC_COOKIE=A; Max-Age=2400; path=/; Domain=oam.wellsfargo.com; Secure; httpOnly
ISD_TF_COOKIE=h415POOMakqHaOxw6FnjUuU3SLR9Bdqm8mNj64h82u7nk89dCPpVtdecWzKKeeUFZpgvj7EXyfm2owAAAAE=; path=/; domain=oam.wellsfargo.com; HttpOnly; Secure
DCID=t0N2a1yaXE1lwRI2F3sx2hla4vDNzIxZPnAVu3%2f0ANwAPjG+S7Af8JcSy%2fF6NMw6; Domain=oam.wellsfargo.com; Path=/; Expires=Tue, 07 Feb 2023 23:04:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js

23.36.79.26

200 OK

819 B

URL HTTP/1.1
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (720)
Size
819 B (819 bytes)
Hash
400e574e68b2d11076d96efd5cc087ec
873e23f01b6356fc78aab57cdb1308d458ae6888
454b56cd80b0412a4ec874001dcedaa491e4ca376b3805d1d91dd83071033564

HTTP Headers

GET /tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 12 Oct 2022 20:08:15 GMT
Vary: Accept-Encoding
ETag: W/"63471eaf-798"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 819
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mrQY6NsYj84wZmlfQkSqLg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www.elda-cg.tg/favicon.ico

154.70.82.246

200 OK

298 B

URL HTTP/1.1
www.elda-cg.tg/favicon.ico
IP
154.70.82.246:0
ASN
#30982 CAFENET

File type
data
Size
298 B (298 bytes)
Hash
539d38b7a57d9c5163bd21a2edf808b4
09cffaccdcb31f719ad4a24e5a6485160edcc035
d0f14b4c8360eb8b6bbb9262b8a24521c9d43b74773cfb26b2f1852e9cce4aec

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.elda-cg.tg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html
Cookie: utag_main=v_id:01862e12d9c1009cc8adad137a7000050004a00900918$_sn:1$_se:1$_ss:1$_st:1675812032769$ses_id:1675810232769%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 22:49:43 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

static.wellsfargo.com/tracking/gb/detector-dom.min.js

23.36.79.26

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ZyLJeC18zJHXHmy2scaqZg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js

23.36.79.26

200 OK

78 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (11854)
Size
78 kB (78340 bytes)
Hash
2d4114748dd4ba96746b364ddbb90efd
71af87311a51b11de269075c7d5222ac27170efb
c86a5b651313fa185fbb81f5e78f9ec42ae8a466532995e4b6bfda7407f5ac81

HTTP Headers

GET /tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 12 Oct 2022 20:08:15 GMT
Vary: Accept-Encoding
ETag: W/"63471eaf-54d3a"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 78340
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=agGCPLHYo0hazFyDam+dng%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/onsiteData.json

151.101.129.230

200 OK

1.7 kB

URL HTTP/2
resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/onsiteData.json
IP
151.101.129.230:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text, with very long lines (2056)
Size
1.7 kB (1731 bytes)
Hash
789f4645016e8d5c3c81fa3d02099574
cde4f02db1647ec8cbbfa83d22e4bd6e606dc0b7
fc2ffa4b52bf6c4329640c03807866e2ae848a0f36999c8188a09eadfb19c31c

HTTP Headers

GET /wdcusprem/57907/onsite/onsiteData.json HTTP/1.1
Host: resources.digital-cloud-prem.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.elda-cg.tg
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 69wSDQE7JptRsEMuMsk9wvKDDxALrV1fn0Pnn09CZi0wF66I/cQH88hgizrI8EIXOELOUzr9J93CWNKgiAJhAQ==
x-amz-request-id: AGBXAPM4DBT7E7QK
last-modified: Thu, 02 Feb 2023 20:11:27 GMT
etag: "17ee876c7d806e07011b324b771c58b9"
x-amz-version-id: 5Un7MzEiOnGgEYlXjZDkJZgzG6gxXV7n
content-type: application/json
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
date: Tue, 07 Feb 2023 22:49:41 GMT
age: 441486
x-served-by: cache-pao17458-PAO, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 100, 11
x-timer: S1675810182.826685,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 1731
X-Firefox-Spdy: h2

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=c2ba030b-6dc4-4afc-9b1c-777595601a0b%3A0&_cls_v=c9395f45-d7c6-4b43-a26d-7be856715fa1&pv=2&f_cls_s=true

95.101.10.203

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=c2ba030b-6dc4-4afc-9b1c-777595601a0b%3A0&_cls_v=c9395f45-d7c6-4b43-a26d-7be856715fa1&pv=2&f_cls_s=true
IP
95.101.10.203:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
ade1f0b0a00e5f5a2ed62f874dba3738
ac41651b0279fdf999d9227edf27fe58eb958ef3
4395511cc919f3b71e0e5e2e065229d5e567c8b91a28be8891b6aef383d88e91

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=c2ba030b-6dc4-4afc-9b1c-777595601a0b%3A0&_cls_v=c9395f45-d7c6-4b43-a26d-7be856715fa1&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.elda-cg.tg
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.elda-cg.tg
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Tue, 07 Feb 2023 22:49:41 GMT
Connection: keep-alive
Set-Cookie: _cls_s=c2ba030b-6dc4-4afc-9b1c-777595601a0b:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=c9395f45-d7c6-4b43-a26d-7be856715fa1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!oWn3zaUuonE5igUq/D2JHXmrrcNtC14x2ilT7nI8GJVxpmm6E7W7FVUl3KffhCv0lClTKXbuPp2q9g==; path=/; Httponly; Secure
DCID=uMlCZRTWeNbovb9vODIA%2fu1InrW07PzLF7AqnmaMoXHppWd17M9ZJqJqzs6fPS9s; Domain=rubicon.wellsfargo.com; Path=/; Expires=Tue, 07 Feb 2023 23:04:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
e1c83ff3c978fad6b9e3f89175963569
627cb5a154f6c1db4e91f138ff0b80575990b97a
2dd8a771b2f47e3bf09fe9a5980ca599157e846b8a486d15cf5b88effae7f35a

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 Feb 2023 22:49:42 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Tue, 14 Feb 2023 15:28:47 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "627cb5a154f6c1db4e91f138ff0b80575990b97a"
Last-Modified: Tue, 07 Feb 2023 15:28:48 GMT
X-Proxy-Cache: HIT

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
26f5c8847d097c7d13dc2dc506ebd0a2
8bc3db1e4f2ad241eb759c531d560c9d19ef8b27
b7386339de88e09e291244c1cf5e7c97d70486cbd7888aaf9883aa0a1358840a

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 Feb 2023 22:49:42 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Tue, 14 Feb 2023 15:26:26 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "8bc3db1e4f2ad241eb759c531d560c9d19ef8b27"
Last-Modified: Tue, 07 Feb 2023 15:26:27 GMT
X-Proxy-Cache: HIT

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHBzOi8vd3d3LmVsZGEtY2cudGcvd3AtY29udGVudC9wbHVnaW5zL3JldnNsaWRlci9XZWxsc19GYXJnby9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NzU4MTAyMzM1NzQiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NjJlMTJkYzVkNDVlLTBjMjUwMGQwMzI5MzhmOC1jNTA1NDI1LTE0MDAwMC0xODYyZTEyZGM1ZTIxNSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwczovL3d3dy5lbGRhLWNnLnRnL3dwLWNvbnRlbnQvcGx1Z2lucy9yZXZzbGlkZXIvV2VsbHNfRmFyZ28vZW1haWwuaHRtbCIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJjOWQ4LTA4ODctMjY5ZS0zYzM5LTM5ZjctZWIyYS03MDNmLWYyOTYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY3NTgxMDIzMzU3MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA0OTksImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NzU4MTAyMzM1NzQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQ3LjNfMjAyMjA4MjkxNTEwMzAifQpdfQ==

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHBzOi8vd3d3LmVsZGEtY2cudGcvd3AtY29udGVudC9wbHVnaW5zL3JldnNsaWRlci9XZWxsc19GYXJnby9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NzU4MTAyMzM1NzQiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NjJlMTJkYzVkNDVlLTBjMjUwMGQwMzI5MzhmOC1jNTA1NDI1LTE0MDAwMC0xODYyZTEyZGM1ZTIxNSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwczovL3d3dy5lbGRhLWNnLnRnL3dwLWNvbnRlbnQvcGx1Z2lucy9yZXZzbGlkZXIvV2VsbHNfRmFyZ28vZW1haWwuaHRtbCIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJjOWQ4LTA4ODctMjY5ZS0zYzM5LTM5ZjctZWIyYS03MDNmLWYyOTYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY3NTgxMDIzMzU3MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA0OTksImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NzU4MTAyMzM1NzQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQ3LjNfMjAyMjA4MjkxNTEwMzAifQpdfQ==
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHBzOi8vd3d3LmVsZGEtY2cudGcvd3AtY29udGVudC9wbHVnaW5zL3JldnNsaWRlci9XZWxsc19GYXJnby9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NzU4MTAyMzM1NzQiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NjJlMTJkYzVkNDVlLTBjMjUwMGQwMzI5MzhmOC1jNTA1NDI1LTE0MDAwMC0xODYyZTEyZGM1ZTIxNSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwczovL3d3dy5lbGRhLWNnLnRnL3dwLWNvbnRlbnQvcGx1Z2lucy9yZXZzbGlkZXIvV2VsbHNfRmFyZ28vZW1haWwuaHRtbCIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJjOWQ4LTA4ODctMjY5ZS0zYzM5LTM5ZjctZWIyYS03MDNmLWYyOTYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY3NTgxMDIzMzU3MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA0OTksImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NzU4MTAyMzM1NzQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQ3LjNfMjAyMjA4MjkxNTEwMzAifQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 07 Feb 2023 22:49:42 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-9m7h
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

udc-neb.kampyle.com/v1/qceuv8449dzg58ptt1bhda9g8ue19c7s/track

35.241.45.82

200 OK

59 B

URL HTTP/2
udc-neb.kampyle.com/v1/qceuv8449dzg58ptt1bhda9g8ue19c7s/track
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
59 B (59 bytes)
Hash
0ab969c512ad71613832d03710eadde2
f64271cfa7e4b386fed80e18a958a90ffd1e3893
cbc1399b82e42018fbc8b8b9277200665d6367c9134ead9308ea5e568b00e459

HTTP Headers

POST /v1/qceuv8449dzg58ptt1bhda9g8ue19c7s/track HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 2037
Origin: https://www.elda-cg.tg
Connection: keep-alive
Referer: https://www.elda-cg.tg/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 07 Feb 2023 22:49:42 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.elda-cg.tg
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-bftz
x-application-context: application:9090
content-type: text/plain;charset=ISO-8859-1
content-length: 59
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.elda-cg.tg/oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js

154.70.82.246

200 OK

243 kB

URL HTTP/1.1
www.elda-cg.tg/oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
154.70.82.246:0
ASN
#30982 CAFENET

File type
data
Size
243 kB (242995 bytes)
Hash
caea383c6c4767d140d9aa59c11b86d5
e79bade9b2e2cd86697772f3f72803e1c5efea42
277b216fd5c56615fa5d65c1cc1f3749460cc4668444d5ee9c747e6b16515adf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: www.elda-cg.tg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.elda-cg.tg/wp-content/plugins/revslider/Wells_Fargo/email.html
Cookie: utag_main=v_id:01862e12d9c1009cc8adad137a7000050004a00900918$_sn:1$_se:1$_ss:1$_st:1675812032769$ses_id:1675810232769%3Bexp-session$_pn:1%3Bexp-session; _cls_v=c9395f45-d7c6-4b43-a26d-7be856715fa1; _cls_s=c2ba030b-6dc4-4afc-9b1c-777595601a0b:0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 22:49:43 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML