Overview

URLwellsfargo-fraud-alert.com/login.php
IP 193.106.191.135 (Russia)
ASN#59940 Kanzas LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-12 21:00:05 UTC
StatusLoading report..
IDS alerts0
Blocklist alert6
urlquery alerts
4
Phishing - Wells Fargo
Phishing - Wells Fargo
Tags None

Domain Summary (11)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
www15.wellsfargomedia.com (2) 20573 No data No data 96.6.19.156
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
wellsfargo-fraud-alert.com (6) 0 2022-11-11 16:12:32 UTC 2022-11-12 16:06:21 UTC 193.106.191.135 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-12 06:07:04 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-12 05:57:21 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.27.12.161
files.killbot.org (1) 0 2021-08-07 14:39:30 UTC 2022-11-12 15:58:29 UTC 172.67.166.105 Unknown ranking
r3.o.lencr.org (5) 344 No data No data 23.36.77.32
ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
cdnjs.cloudflare.com (5) 235 2015-04-17 20:46:33 UTC 2022-11-12 17:08:07 UTC 104.17.24.14

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-12 2 wellsfargo-fraud-alert.com/login.php Wells Fargo & Company
2022-11-12 2 wellsfargo-fraud-alert.com/login.php Wells Fargo & Company
2022-11-12 2 wellsfargo-fraud-alert.com/ Wells Fargo & Company
2022-11-12 2 wellsfargo-fraud-alert.com/ Wells Fargo & Company
2022-11-12 2 wellsfargo-fraud-alert.com/ Wells Fargo & Company
2022-11-12 2 wellsfargo-fraud-alert.com/ Wells Fargo & Company

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 193.106.191.135
Date UQ / IDS / BL URL IP
2022-12-17 22:10:52 +0000 0 - 0 - 12 ing-gerateerneuerung.com/95ca6d9d18742ae5428c (...) 193.106.191.135
2022-12-17 22:10:41 +0000 0 - 0 - 12 ing-gerateerneuerung.com/b8d3a8f5b0912c8b1370 (...) 193.106.191.135
2022-12-17 20:12:03 +0000 0 - 0 - 10 failed-new-attempt.com/Login.php/absa/ib 193.106.191.135
2022-12-17 18:35:22 +0000 0 - 0 - 2 secure-device-login.com/Login.php 193.106.191.135
2022-12-17 16:36:14 +0000 0 - 0 - 2 security-new-device.com/login.php 193.106.191.135


Last 5 reports on ASN: Kanzas LLC
Date UQ / IDS / BL URL IP
2022-12-17 22:10:52 +0000 0 - 0 - 12 ing-gerateerneuerung.com/95ca6d9d18742ae5428c (...) 193.106.191.135
2022-12-17 22:10:41 +0000 0 - 0 - 12 ing-gerateerneuerung.com/b8d3a8f5b0912c8b1370 (...) 193.106.191.135
2022-12-17 20:12:03 +0000 0 - 0 - 10 failed-new-attempt.com/Login.php/absa/ib 193.106.191.135
2022-12-17 18:35:22 +0000 0 - 0 - 2 secure-device-login.com/Login.php 193.106.191.135
2022-12-17 16:36:14 +0000 0 - 0 - 2 security-new-device.com/login.php 193.106.191.135


Last 5 reports on domain: wellsfargo-fraud-alert.com
Date UQ / IDS / BL URL IP
2022-11-18 16:57:25 +0000 6 - 0 - 14 wellsfargo-fraud-alert.com/login.php?ssl=true (...) 193.106.191.135
2022-11-18 16:28:57 +0000 6 - 0 - 14 wellsfargo-fraud-alert.com/login.php?ssl=true (...) 193.106.191.135
2022-11-18 16:24:45 +0000 6 - 0 - 12 wellsfargo-fraud-alert.com/login.php?session= (...) 193.106.191.135
2022-11-18 11:24:49 +0000 6 - 0 - 12 wellsfargo-fraud-alert.com/login.php?session= (...) 193.106.191.135
2022-11-17 21:39:06 +0000 7 - 0 - 12 wellsfargo-fraud-alert.com/login.php?session= (...) 193.106.191.135


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-07 08:42:10 +0000 18 - 5 - 2 c33t.zapto.org/restore/login.php 35.183.198.161
2022-12-22 11:02:49 +0000 18 - 5 - 0 cjg0.zapto.org/verify/weIIsfarg0/login.php 3.34.193.230
2022-11-22 17:28:45 +0000 6 - 0 - 6 wellsfargo-device-verification.com/login.php? (...) 193.106.191.135
2022-11-22 17:28:18 +0000 5 - 0 - 6 wellsfargo-device-verification.com/login.php? (...) 193.106.191.135
2022-11-22 17:18:45 +0000 7 - 0 - 12 wellsfargo-myaccount.com/login.php?ssl=true&s (...) 193.106.191.135

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (34)


Request Response
                                        
                                            GET /login.php HTTP/1.1 
Host: wellsfargo-fraud-alert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         193.106.191.135
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sat, 12 Nov 2022 20:59:54 GMT
Server: Apache
Location: https://wellsfargo-fraud-alert.com/login.php
Content-Length: 252
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   252
Md5:    e68783242ac69ac6a328eee01966d614
Sha1:   d6f9cf66f0ae3bd0936fe24ce6b26b267d47503e
Sha256: a69dd77c906e282f79ce08524e5b051cc14157533db3c31af8a7bfccb4a6b07c

Alerts:
  Blocklists:
    - openphish: Wells Fargo & Company
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17990
Expires: Sun, 13 Nov 2022 01:59:44 GMT
Date: Sat, 12 Nov 2022 20:59:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3329
Cache-Control: max-age=138410
Date: Sat, 12 Nov 2022 20:59:54 GMT
Etag: "636f75f3-1d7"
Expires: Mon, 14 Nov 2022 11:26:44 GMT
Last-Modified: Sat, 12 Nov 2022 10:31:15 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 20:44:03 GMT
cache-control: public,max-age=3600
age: 951
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5089
Expires: Sat, 12 Nov 2022 22:24:43 GMT
Date: Sat, 12 Nov 2022 20:59:54 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: r24U3FzUqNGyGDMuPWn0IrKWg51lA9p/IWf/r4SxUbaBVOS8toOLktrKYn0nw2pSHzkqX2bUokXlIJo/hiEpnA==
x-amz-request-id: 31PECRQGAEFKG9E2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 20:13:07 GMT
age: 2807
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 12 Nov 2022 20:59:54 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /login.php HTTP/1.1 
Host: wellsfargo-fraud-alert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         193.106.191.135
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 12 Nov 2022 20:59:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=70c0caa8c6b28705c0cd22142a4db896; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2677)
Size:   14215
Md5:    8488711a70c99b17eeb57f9a792f8fc5
Sha1:   c4145a479024dc41455874b351b1b624a1187f37
Sha256: 364eeffc999b466cd0df7f484d74b6473ba3a15cb0f919056a4333ee6e3d58ea

Alerts:
  Blocklists:
    - openphish: Wells Fargo & Company
                                        
                                            GET /ajax/libs/jquery/3.0.0-beta1/jquery.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 12 Nov 2022 20:59:54 GMT
content-length: 64839
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-40023"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 875443
expires: Thu, 02 Nov 2023 20:59:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0VTflJKqwJtMU9%2FeT8f4p2ZXW88xLwV5qPkNHxh9sRKhp5TftqmiOJG8Ix7RTHFyFSgJfsd7V%2FhqHFB9BbMeNX%2Fal%2BSqN4G6r1z6bOVpEPYU4kQPWgiocPDdQdiMR%2BIsItFLD%2B9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 769231b32a2f0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   64839
Md5:    9c221071bb902ab29972e322b74d7264
Sha1:   0d696a6bd5fabb1e23b7382d9fb4054b8bc29e98
Sha256: 9862fdce3bbe57e40ffdfcd3fb7de2cb0573524b7630c1eeee5621e50b9d7c9e
                                        
                                            GET /ajax/libs/jquery-validate/1.15.0/additional-methods.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 12 Nov 2022 20:59:54 GMT
content-length: 9078
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-985d"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 13724376
expires: Thu, 02 Nov 2023 20:59:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVHUwCgCuk6kNzk0dM82Zlqn19MYZHQcty32C7PTYBR2fGFbzTW7BNjG4dZQIgn6ff%2Fn1MWL9yTSbeIzvOW3eU1W2QUlsrVJOAVRayFpqIkOK33RsemN9eA4RDG%2B%2Fg9FEVn274KE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 769231b33a350b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1239)
Size:   9078
Md5:    a40dea93c56239c58fce059a437ce91c
Sha1:   1707f18a10b13ea08609f2500fc2291ef365c90f
Sha256: dc60b05010aac0e25f850d27694f59dd013c3e731bd6255d6da97b881bbef5fe
                                        
                                            GET /ajax/libs/jquery-validate/1.15.0/jquery.validate.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 12 Nov 2022 20:59:54 GMT
content-length: 10622
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-b4b9"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6460525
expires: Thu, 02 Nov 2023 20:59:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BcyLeiAyd5naFIm1g3hj9s5w%2F5fjLF8HTPjtUkZCFtcP5T9gC6RDogBpgvF7wR5l%2F6DaakLpDWslpQ0869riD4v29aelzqzPVr9%2F7oYHWQm1%2F2pg2fzradQhW25%2BJ3pHFS%2B06Ofu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 769231b33a340b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (511)
Size:   10622
Md5:    be2affef1d1d6395ca64fca620e26c61
Sha1:   aaa32a6046e2a5a22766921885c86a76b301a72c
Sha256: 83c5778393a824e22c15a58659c77c40e8ea7a96d4a101a09e52ea402be94203
                                        
                                            GET /ajax/libs/jquery.payment/1.3.2/jquery.payment.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 12 Nov 2022 20:59:54 GMT
content-length: 3067
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-421b"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 96956
expires: Thu, 02 Nov 2023 20:59:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PrkDUN9%2FWOKNUuelRPHq2fHykv0R8WKlnXkgqX9X1LWRmUh1hEuUnWRFXmHmr3U%2Fhy0X2WiNMFF5GWRbeEmjzQYaTBZ9tCP%2BCSh8lLUUSgkOmpfZsDZZKiN0x%2BJavPkZnu5f6rNK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 769231b33a360b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (386)
Size:   3067
Md5:    7a6405220e796a566c675966354156de
Sha1:   4ec2476adcce12b6c09e57a4e8319e5e14653fa9
Sha256: b33cb9051dcec82728c38aa3c410c4639089730be1b3ade2f74a2d9b04bc1515
                                        
                                            GET /ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 12 Nov 2022 20:59:54 GMT
content-length: 2306
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-284d"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 175012
expires: Thu, 02 Nov 2023 20:59:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MI%2BL9sxHPSfFPbltwVGCD1oEuXsT8WcL9Ybkz1J0ePmwuLEO9HrcSqssPcq10GT32cKYU34DUhtJhWeihCH6BpjFIVu2%2F7I%2BwRStuOSh5aYMsPX2NcILXvYy3WUTyL1V%2Frv%2FoaMN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 769231b33a380b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2306
Md5:    25ba6cf71f56fb6f70738a4a73257a10
Sha1:   95b2f9d962ad149cb94f336a69c2627e94f1eb43
Sha256: 907bed0c556e0dd60a67eca19c4d684445a4e3d45af5e78a1320fa35777894da
                                        
                                            GET /file/main.b3b5f355e18c2c42a801.chunk.css HTTP/1.1 
Host: wellsfargo-fraud-alert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/login.php
Cookie: PHPSESSID=70c0caa8c6b28705c0cd22142a4db896
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         193.106.191.135
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 12 Nov 2022 20:59:54 GMT
Server: Apache
Last-Modified: Thu, 17 Feb 2022 03:21:14 GMT
Accept-Ranges: bytes
Content-Length: 11856
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (11856), with no line terminators
Size:   11856
Md5:    89c57e64334b3c479c26cf0dd1971fad
Sha1:   259db957ed72c84154021c09ba48ceaa8c49de7a
Sha256: 5e68ea9ca9cce32f91979f88142e963f0ff950cc1f1b6c3246eaaaf2f3091c58

Alerts:
  urlquery:
    - Phishing - Wells Fargo
  Blocklists:
    - openphish: Wells Fargo & Company
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 20:25:00 GMT
cache-control: public,max-age=3600
age: 2094
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=132166
Date: Sat, 12 Nov 2022 20:59:54 GMT
Etag: "636f6a90-117"
Expires: Mon, 14 Nov 2022 09:42:40 GMT
Last-Modified: Sat, 12 Nov 2022 09:42:40 GMT
Server: nginx
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1807
Cache-Control: max-age=131824
Date: Sat, 12 Nov 2022 20:59:55 GMT
Etag: "636f622c-1d7"
Expires: Mon, 14 Nov 2022 09:36:59 GMT
Last-Modified: Sat, 12 Nov 2022 09:06:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: z1ToFQ2bJpgZDubEm8VXTg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.27.12.161
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E2GXjRcqQXWzu/oGlDgktht30bk=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=132166
Date: Sat, 12 Nov 2022 20:59:55 GMT
Etag: "636f6a90-117"
Expires: Mon, 14 Nov 2022 09:42:41 GMT
Last-Modified: Sat, 12 Nov 2022 09:42:40 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /wfui/css/fonts/wellsfargosans-rg.woff2 HTTP/1.1 
Host: www15.wellsfargomedia.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wellsfargo-fraud-alert.com
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         96.6.19.156
HTTP/2 200 OK
content-type: font/woff2
                                        
server: KONICHIWA/2.0
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5798-582d133e56280"
accept-ranges: bytes
content-length: 22424
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
cache-control: max-age=31536000
expires: Sun, 12 Nov 2023 20:59:55 GMT
date: Sat, 12 Nov 2022 20:59:55 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size:   22424
Md5:    0a1639ebe9fab396657a62aa5233c832
Sha1:   9b58164729ad918dd7255e4856f9da7f3a90bfde
Sha256: 631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
                                        
                                            GET /wfui/css/fonts/wellsfargosans-sbd.woff2 HTTP/1.1 
Host: www15.wellsfargomedia.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wellsfargo-fraud-alert.com
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         96.6.19.156
HTTP/2 200 OK
content-type: font/woff2
                                        
server: KONICHIWA/2.0
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5848-582d133e56280"
accept-ranges: bytes
content-length: 22600
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
cache-control: max-age=31536000
expires: Sun, 12 Nov 2023 20:59:55 GMT
date: Sat, 12 Nov 2022 20:59:55 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size:   22600
Md5:    83df8749c013f13019fa8e0912041759
Sha1:   2bbffcf012a59e47661c0a37edda0fc772992ae7
Sha256: ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
                                        
                                            GET /file/COB-BOB-IRT-enroll_balloons.jpg HTTP/1.1 
Host: wellsfargo-fraud-alert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/login.php
Cookie: PHPSESSID=70c0caa8c6b28705c0cd22142a4db896
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         193.106.191.135
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 12 Nov 2022 20:59:55 GMT
Server: Apache
Last-Modified: Thu, 17 Feb 2022 03:21:48 GMT
Accept-Ranges: bytes
Content-Length: 625433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2400x1600, components 3\012- data
Size:   625433
Md5:    a7beec55acf059f8f2e69b35fd93a671
Sha1:   e3c3d2cc20962e77be670f7f7e9f08d855f9feba
Sha256: b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683

Alerts:
  urlquery:
    - Phishing - Wells Fargo
  Blocklists:
    - openphish: Wells Fargo & Company
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: wellsfargo-fraud-alert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/login.php
Cookie: PHPSESSID=70c0caa8c6b28705c0cd22142a4db896
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         193.106.191.135
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sat, 12 Nov 2022 20:59:55 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - openphish: Wells Fargo & Company
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7025
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 20:59:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7025
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 20:59:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7025
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 20:59:56 GMT
Connection: keep-alive

                                        
                                            GET /file/wfui.4bdda2282747ed96f876.chunk.css HTTP/1.1 
Host: wellsfargo-fraud-alert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/login.php
Cookie: PHPSESSID=70c0caa8c6b28705c0cd22142a4db896
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         193.106.191.135
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 12 Nov 2022 20:59:54 GMT
Server: Apache
Last-Modified: Thu, 17 Feb 2022 03:21:14 GMT
Accept-Ranges: bytes
Content-Length: 100499
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5583
Md5:    85c6f450b38f41a2fb924d6d9a9cbff8
Sha1:   691f59b65ca9fde4f59bbf96b37071e07351f190
Sha256: c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c

Alerts:
  Blocklists:
    - openphish: Wells Fargo & Company
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9f88d70-47ed-4a86-9b90-ea63f189df00.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5902
x-amzn-requestid: 9c8be25c-9c96-4861-89c8-8b7bf06ffc16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNBrH2DoAMFqbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec20a-6c770a86581d1f7f4599684f;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: T6_3oJ8lEFeYF3wFDvIVfSRZbILHdbpDuAd50fwkzcYji2yVLUQkmQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:44:57 GMT
age: 83699
etag: "13535f16f207d4c19c1b6019757f6739a4531eeb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5902
Md5:    94a390953f36bf9902cb9f04007c36c1
Sha1:   13535f16f207d4c19c1b6019757f6739a4531eeb
Sha256: 37d73300955a979e5b9d3dabc6e924c4e9734c6c63d92c42c709f8cb0d5aeabb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5478
x-amzn-requestid: c06e47c6-da2a-4a70-af2a-c1268557b913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM67FEEIAMF-pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1df-0628d00244323ddf727e0b80;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3zeJU6wVmWDIbVDBlTYvTh8e78isxbmNC0GKWdKqdI5abbdERoyzpA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:23:30 GMT
age: 81386
etag: "c76588ccaf97fdfd6e73833083200cb49a01a4af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5478
Md5:    38e32fc94c445ff47da5d2907e61e3a4
Sha1:   c76588ccaf97fdfd6e73833083200cb49a01a4af
Sha256: e4e3947b2248206c9dacfd35ff5619ca3b3ae56a7bcd565d40ed048839ffa075
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9012
x-amzn-requestid: 83eac9e7-5387-4e11-9769-182fa3f7fffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNC6FxzoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec212-5ca277b90a5a9a4c437edc1e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7wqdiuomEgaQlE1P5gopDGXbAkmh3ohPXYDcBWczuYFEcj8nczk9_w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:52:57 GMT
age: 83219
etag: "0cc22d7bf9092fb30f31e2ca8f242c197b891669"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9012
Md5:    516f1bfefb1c1a737ea2441f85343b32
Sha1:   0cc22d7bf9092fb30f31e2ca8f242c197b891669
Sha256: 733824d4f6f7c5b54ce4e02ecaf152cfc1e10f3f6a801d7e2c55a02460e40087
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6577
x-amzn-requestid: b4587cfb-6041-453c-9e74-fa35ecd31448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMjIGHRoAMF26g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec147-29e7ec741b0e6f6f674aef75;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2y97S3ITb7MLXuIIAQfCCKjgvOXisdCT5mod7OD588LOhPCy_OrUXQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:02:21 GMT
age: 82655
etag: "ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6577
Md5:    faa8e3cf2ab3c1d53a1735def5bb7476
Sha1:   ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f
Sha256: e81a8fa312ec478871427f1d04ba7fe563573c683809153f75dec8df979d6efe
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8953
x-amzn-requestid: 2a2d20f4-3aa5-475e-8ec2-fc569766335e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhQGAhIAMFrjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-26dc0259793ec94814f3d41a;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BcjpdZlgZPqBX1rk3Th_XlwHrDYoeAT8pWaH7I21WnkfFzvzJE8ekw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:42:55 GMT
age: 83821
etag: "fa34520e849bf746ff43aec3d28beb9e4be44f4d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8953
Md5:    f09e254cd6f2e29b3bf198cc5d58a46f
Sha1:   fa34520e849bf746ff43aec3d28beb9e4be44f4d
Sha256: 2e29eace95fd8cb5b6d77df880d2044ecab4206cba47931c3a95e77c1b4e9d9a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b650f84-0cd0-4921-bc04-f0ea0459e4d1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8482
x-amzn-requestid: 79e5e211-afc8-4531-b361-6f6f3386f16e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUGJsIAMF7Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-5a0ba4a93eba91c81ba3a9bc;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uZ6Nth8jaUp7GXRXknKB8k90AgzBj4Yv3YfduSF7yajyFESb9oOh3A==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:51:45 GMT
age: 83298
etag: "7764777ce9a862c1590712ef33032df72edefffd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8482
Md5:    084ca839d34b15916cd2f5034440a1ef
Sha1:   7764777ce9a862c1590712ef33032df72edefffd
Sha256: b8893d7f327f88316cb909ded7fd8f4e1809190a7da807677785bf953f6e33fb
                                        
                                            GET /.cdn-cgi/killbot-security.js HTTP/1.1 
Host: files.killbot.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellsfargo-fraud-alert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.166.105
HTTP/2 404 Not Found
content-type: text/html
                                        
date: Sat, 12 Nov 2022 20:59:55 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iy1b7F5zzBjsAh9R2toiIgWe7oBGRP8cdCoxVntZm7rO9OEWrfbVE%2B7TgBWuET4fYUiT7LjH8gQGeYDfPt4uUUYPUeqh1AmSCyKuVJzGdPkln0%2FHksp75HBwG%2BeBiKdpRC1kVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 769231b4bd0b1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---