r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5137
Expires: Fri, 02 Dec 2022 13:51:58 GMT
Date: Fri, 02 Dec 2022 12:26:21 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3857
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 12:26:21 GMT
Last-Modified: Fri, 02 Dec 2022 11:22:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10415
Expires: Fri, 02 Dec 2022 15:19:56 GMT
Date: Fri, 02 Dec 2022 12:26:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 12:18:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 489
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wKrK4StC//rgk+k01a9Eu6RUyZgxHImna0NW4Reu8ND6p5aKDmY8OjZy+7MaXEqT2b+9eiNKWzE=
x-amz-request-id: 4BSTHW7WZ3D3F041
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 11:46:41 GMT
age: 2380
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 12:26:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 12:08:57 GMT
cache-control: public,max-age=3600
age: 1045
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
pinu4564ps4t.ru/qwsa/smoth/auth.php?p=3d3dn49gvzita0may6mek2k0sch2=
103.153.182.185302 Found 0 B URL HTTP/1.1 pinu4564ps4t.ru/qwsa/smoth/auth.php?p=3d3dn49gvzita0may6mek2k0sch2=
IP 103.153.182.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qwsa/smoth/auth.php?p=3d3dn49gvzita0may6mek2k0sch2= HTTP/1.1
Host: pinu4564ps4t.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: mdLogger=false; kampyle_userid=4e3f-9725-8d0d-e22c-e2cb-7fcc-afe8-2165; kampyleUserSession=1669983942966; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 02 Dec 2022 12:26:21 GMT
Server: Apache
Location: email.html
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3852
Cache-Control: max-age=164684
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 12:26:22 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:11:06 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.162.52.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.52.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DH7yCm7fWqPJ0oQMk0l3bg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8qYwpzm8UBbGmcI1x6+Skblqj5k=
pinu4564ps4t.ru/qwsa/smoth/email.html
103.153.182.185200 OK 264 kB URL HTTP/1.1 pinu4564ps4t.ru/qwsa/smoth/email.html
IP 103.153.182.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64812), with CRLF line terminators
Size 264 kB (263790 bytes)
Hash d8c4358cdb4f0c1c9a4da37d473cead4
41833b04fd340850d6d5d60f1af15e5a34628c98
a5cc2a34b6d63f6feff55d993a81a65cc84208b69f1769e0f4580e7e23c6ff6b
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /qwsa/smoth/email.html HTTP/1.1
Host: pinu4564ps4t.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: mdLogger=false; kampyle_userid=4e3f-9725-8d0d-e22c-e2cb-7fcc-afe8-2165; kampyleUserSession=1669983942966; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 12:26:22 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2022 05:01:30 GMT
Accept-Ranges: bytes
Content-Length: 263790
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash be9104bc2b71faa92d8fe7f7cb70e66c
692f82192074ce8d5aad62b9245c4da929936184
c3baf6990264ce93f2044a3727aaadb83623b1fb8ac92dc380bc0ad84eea491a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3331
Cache-Control: max-age=158799
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 12:26:23 GMT
Etag: "6389ab3b-1d7"
Expires: Sun, 04 Dec 2022 08:33:02 GMT
Last-Modified: Fri, 02 Dec 2022 07:37:31 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash be9104bc2b71faa92d8fe7f7cb70e66c
692f82192074ce8d5aad62b9245c4da929936184
c3baf6990264ce93f2044a3727aaadb83623b1fb8ac92dc380bc0ad84eea491a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3331
Cache-Control: max-age=158799
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 12:26:23 GMT
Etag: "6389ab3b-1d7"
Expires: Sun, 04 Dec 2022 08:33:02 GMT
Last-Modified: Fri, 02 Dec 2022 07:37:31 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash be9104bc2b71faa92d8fe7f7cb70e66c
692f82192074ce8d5aad62b9245c4da929936184
c3baf6990264ce93f2044a3727aaadb83623b1fb8ac92dc380bc0ad84eea491a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3241
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 12:26:23 GMT
Last-Modified: Fri, 02 Dec 2022 11:32:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
oam.wellsfargo.com/oam/static/css/global/globalFooter.css?v=571149307C
95.101.10.91200 OK 1.1 kB URL HTTP/1.1 oam.wellsfargo.com/oam/static/css/global/globalFooter.css?v=571149307C
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 2bb8d3b883aee14272aa9fd5bf93144f
759126aef0b4db0644f6ac6de5cb9cf9123c94c3
a838073f9b84cd56bbe93d1bdf1f6b624fdc0e9b2efc6a045e3911bd3e3196b6
GET /oam/static/css/global/globalFooter.css?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Thu, 03 Nov 2022 06:01:31 GMT
Vary: Accept-Encoding
ETag: W/"6363593b-e13"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 1119
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Set-Cookie: ISD_ABC_COOKIE=A; Max-Age=2400; path=/; Domain=oam.wellsfargo.com; Secure; httpOnly
DCID=GFHZWBhwTan8zqd6PsL7MdrCs38KK6XDgOLAW0+obAgTfbe3CTBTv58CQEV9xe7m; Domain=oam.wellsfargo.com; Path=/; Expires=Fri, 02 Dec 2022 12:41:23 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
oam.wellsfargo.com/oam/static/js/appd/adrum-ext.js?v=571149307C
95.101.10.91200 OK 15 kB URL HTTP/1.1 oam.wellsfargo.com/oam/static/js/appd/adrum-ext.js?v=571149307C
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (675)
Hash b4bcf20ab8345150ce1ca1ae1c079fe3
36ad92bb9ed18f3cb6aae35ae0efff05744fcd1f
6aae000f3cf00ea216f5126569f689086a22960375df104f80d7a642d2835340
GET /oam/static/js/appd/adrum-ext.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Nov 2022 03:24:37 GMT
Vary: Accept-Encoding
ETag: W/"63633475-b218"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 14672
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=VTGi4TGINQun6usL37ithA%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
oam.wellsfargo.com/oam/static/js/nativeapp-bridge-min.js?v=571149307C
95.101.10.91200 OK 1.8 kB URL HTTP/1.1 oam.wellsfargo.com/oam/static/js/nativeapp-bridge-min.js?v=571149307C
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (4807), with no line terminators
Hash d4b7a00e8cdff8180de04f80d0739781
24dd32db0725f8ff98590a7f9e82ff635ccec96b
8689b18b6cba4494556cd301a54bfbda1f9ea3aa95dac10f5b8b0027499ab049
GET /oam/static/js/nativeapp-bridge-min.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Nov 2022 03:24:39 GMT
Vary: Accept-Encoding
ETag: W/"63633477-12c7"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 1764
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=JVjiI7qmFthTI+xqyHaelg%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.credential.remediation.css?v=571149307C
95.101.10.91200 OK 36 kB URL HTTP/1.1 oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.credential.remediation.css?v=571149307C
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (5598), with CRLF line terminators
Hash ed33c30083334d769b5eaff4d35ed591
56bf047107239361779c13410815d34555430c1f
41ebc26ace9f702b3bb0d3d7674a49041ce73670bcccaf496c7ca940fa601795
GET /oam/static/css/ssep/theme.ssep.credential.remediation.css?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Thu, 03 Nov 2022 06:01:31 GMT
Vary: Accept-Encoding
ETag: W/"6363593b-15429"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 35605
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RXsQnBLaLZrO5PgK%2f2GiAg%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
oam.wellsfargo.com/oam/static/js/jquery.min.js?v=571149307C
95.101.10.91200 OK 31 kB URL HTTP/1.1 oam.wellsfargo.com/oam/static/js/jquery.min.js?v=571149307C
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65451)
Hash 43c4cc26afc8987522d2968001c59ca0
4121fbfa94ea24ba93e30a4072ccb05fe124d4a1
1636e15b320d5032702d99b0ed52abafba808e92e08ecdb139e9099099e41029
GET /oam/static/js/jquery.min.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Nov 2022 06:01:34 GMT
Vary: Accept-Encoding
ETag: W/"6363593e-15d84"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 30879
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xSl6rVeDOHY7eVZExyEyfg%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
oam.wellsfargo.com/oam/images/icn-nav-home-glob-18x17-000720-v01_00@1x.png
95.101.10.91200 OK 239 B URL HTTP/1.1 oam.wellsfargo.com/oam/images/icn-nav-home-glob-18x17-000720-v01_00@1x.png
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type PNG image data, 17 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 53fe1c00b7d6229830420ccdeac140b8
b7631c8027e595c0963f4470ee77ded4f0c7c48d
ec04389b5b81da4ce01879e7bc68a8cc1fe2b912efb16b01ea511b80f923f79f
GET /oam/images/icn-nav-home-glob-18x17-000720-v01_00@1x.png HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Expires: -1
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; script-src 'nonce-6e90b40f-edb0-43cc-9fee-78823bc752d3' 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; img-src data: 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com https://*.kampyle.com; style-src 'unsafe-inline' 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; font-src data: 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com https://pdx-col.eum-appdynamics.com https://*.kampyle.com https://*.medallia.com/; form-action 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://wellsfargo.com; plugin-types 'none'; frame-src 'self' https://*.wellsfargo.com https://*.wellsfargoadvisors.com https://*.wfinterface.com https://*.wellsfargomedia.com https://wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Accept-Ranges: bytes
ETag: W/"239-1665668012000"
Last-Modified: Thu, 13 Oct 2022 13:33:32 GMT
Content-Type: image/png
Content-Length: 239
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Set-Cookie: wfacookie=38202212020426231472464667; domain=.wellsfargo.com; path=/; expires=29 Nov 2032 12:26:23 GMT; secure=true; HttpOnly
ISD_ABC_COOKIE=A; Max-Age=2400; path=/; Domain=oam.wellsfargo.com; Secure; httpOnly
ISD_TF_COOKIE=id3j6EDMet/xsn9zBk8ugT0Uby7HR+QWjoNVeUNpdIDEsRXhJRRK0ugoyeAE4YaMK5dDj8aHvV3UrAAAAAE=; path=/; domain=oam.wellsfargo.com; HttpOnly; Secure
DCID=9mOAn2Wh4UXi7OD6LjeYRAefwBT9H9aRnX3zCfuIeGIs4Fik%2fkhSKbr9No2TpvyQ; Domain=oam.wellsfargo.com; Path=/; Expires=Fri, 02 Dec 2022 12:41:23 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
oam.wellsfargo.com/oam/static/images/icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png
95.101.10.91200 OK 271 B URL HTTP/1.1 oam.wellsfargo.com/oam/static/images/icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
File type PNG image data, 36 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 583b8c10ee0bf99180613ea94606dacb
9d319a6fc2fc82ab0be7b0134d96ce527febe131
c3eae7afa0de88591ea3db2996b72ba0592ae63f0b9e0ffca90f03bcdab4775a
GET /oam/static/images/icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 271
Last-Modified: Thu, 03 Nov 2022 03:24:36 GMT
ETag: "63633474-10f"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 12:26:23 GMT
Connection: keep-alive
Set-Cookie: ISD_ABC_COOKIE=A; Max-Age=2400; path=/; Domain=oam.wellsfargo.com; Secure; httpOnly
DCID=B%2foOYatjo5Q+%2fHVXUjP+ngKg2rNqklJCVrnQnPoJh8KKlN0bXwtcawb72XDD21qv; Domain=oam.wellsfargo.com; Path=/; Expires=Fri, 02 Dec 2022 12:41:23 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:21:56 GMT
age: 83068
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 23136
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd8ad22c2eb1eb91c76970fa449f1bc4
0de97f3a4964038222bd751e043e413113e6db9d
668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 02EF3QEVKmEB2ikbGk9gzQq7_VMi00ufHUNRFTL8MpwJKaXQwdT8HA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 03:42:27 GMT
age: 31437
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 52491
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 52354
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 25569
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
oam.wellsfargo.com/oam/static/js/combined/change.username.js?v=571149307C
95.101.10.91200 OK 7.7 kB URL HTTP/1.1 oam.wellsfargo.com/oam/static/js/combined/change.username.js?v=571149307C
IP 95.101.10.91:0
ASN #20940 Akamai International B.V.
Hash 814ca330c1b1fdbe3ac3cb873784a957
0ed7c595983a5715efe3d80ccbf9e64db04b2135
6d6f028cd75109f07906a9ea9a3d81faa74a232d63726e0c725b186eb73aee12
GET /oam/static/js/combined/change.username.js?v=571149307C HTTP/1.1
Host: oam.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Nov 2022 03:24:39 GMT
Vary: Accept-Encoding
ETag: W/"63633477-b2a5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Length: 7672
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=31%2fKTE7Bku8MAdeOmSI%2fJw%3d%3d; Domain=oam.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/secure-auth/utag.js
95.101.10.152200 OK 10 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (6980)
Hash 32add8e685df3c8a752e1567db643dbf
12465af9f2116be2ffd11a4d19f346b3b77f09a0
f12da9ae0698b6150f84156ac3e1f8f83b91e92a0538f0e1ee0894964f8fe49d
GET /tracking/secure-auth/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 07 Nov 2022 21:07:58 GMT
Vary: Accept-Encoding
ETag: W/"636973ae-8e8f"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 10476
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vZfB9RcxQb6Kgc+cKTJ7nw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
pinu4564ps4t.ru/favicon.ico
103.153.182.185404 Not Found 315 B URL HTTP/1.1 pinu4564ps4t.ru/favicon.ico
IP 103.153.182.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: pinu4564ps4t.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/qwsa/smoth/email.html
Cookie: mdLogger=false; kampyle_userid=4e3f-9725-8d0d-e22c-e2cb-7fcc-afe8-2165; kampyleUserSession=1669983942966; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 12:26:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.48.202210132016
95.101.10.152200 OK 1.8 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.48.202210132016
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1090)
Hash 79d4c5b9ced319f1894c68d097b54f9c
75ad64d30369f91d7e2831b5b024364839e74d2d
aece2b5528a0cce3613b0ee26cc3455e0fae06eb730d8932d3baf5122766a5ff
GET /tracking/secure-auth/utag.21.js?utv=ut4.48.202210132016 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 07 Nov 2022 21:02:08 GMT
Vary: Accept-Encoding
ETag: W/"63697250-1123"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1841
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7cU0LgzBTXU3%2foqCYdeduQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js
95.101.10.152200 OK 819 B URL HTTP/1.1 static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (720)
Hash 400e574e68b2d11076d96efd5cc087ec
873e23f01b6356fc78aab57cdb1308d458ae6888
454b56cd80b0412a4ec874001dcedaa491e4ca376b3805d1d91dd83071033564
GET /tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 12 Oct 2022 20:08:15 GMT
Vary: Accept-Encoding
ETag: W/"63471eaf-798"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 819
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GsikGMZhqy8qpDvSn0MqFg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
pinu4564ps4t.ru/oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js
103.153.182.185404 Not Found 315 B URL HTTP/1.1 pinu4564ps4t.ru/oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 103.153.182.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /oam/static/js/appd/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: pinu4564ps4t.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/qwsa/smoth/email.html
Cookie: mdLogger=false; kampyle_userid=4e3f-9725-8d0d-e22c-e2cb-7fcc-afe8-2165; kampyleUserSession=1669983942966; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 12:26:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js
95.101.10.152200 OK 78 kB URL HTTP/1.1 static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (11854)
Hash 2d4114748dd4ba96746b364ddbb90efd
71af87311a51b11de269075c7d5222ac27170efb
c86a5b651313fa185fbb81f5e78f9ec42ae8a466532995e4b6bfda7407f5ac81
GET /tracking/medallia/wdcusprem/57907/onsite/generic1661785830759.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 12 Oct 2022 20:08:15 GMT
Vary: Accept-Encoding
ETag: W/"63471eaf-54d3a"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 78340
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xVwMtXWouAU4TbepkwcCvw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.48.202209151645
95.101.10.152200 OK 2.4 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.48.202209151645
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (3223)
Hash 44449282135ec65f8a30f2d0019559bc
b5345b6412524b284661df58083cf4a69137bf07
4274fe65bf4837e788240c5554ea146522b4f639497f86f0ebad1cfdff13e71b
GET /tracking/secure-auth/utag.5.js?utv=ut4.48.202209151645 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:42 GMT
Vary: Accept-Encoding
ETag: W/"632cc052-1c52"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2392
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8eUx96xu3x95M0vvy++XfA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/gb/detector-dom.min.js
95.101.10.152200 OK 132 kB URL HTTP/1.1 static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Fri, 02 Dec 2022 12:26:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8VFONLBNiIKqD1CmgwvcyA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/onsiteData.json
151.101.129.230200 OK 1.6 kB URL HTTP/2 resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/onsiteData.json
IP 151.101.129.230:0
File type JSON data\012- , ASCII text, with very long lines (2056)
Hash 7aaa86afaa226554d3779a33c42b14a2
4c673283d99b406af089ddf3ad7f4ec2f31e2538
08c3507df95050d37e85d639db9a2c6887885ac34b57dce8801fa4511d438433
GET /wdcusprem/57907/onsite/onsiteData.json HTTP/1.1
Host: resources.digital-cloud-prem.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://pinu4564ps4t.ru
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +owKg4mEzug+epSn0dkeUIPcjaxIvXEuQTOsvwTVA4LZcNQqsJjQYFHZeSbir1o+EhK+wlkvlN+9SNH6htnYkA==
x-amz-request-id: 2N2AR93JZR9H1B9J
last-modified: Tue, 18 Oct 2022 18:20:38 GMT
etag: "d8dc1950f0b57bc5a3877f5b89a3bcd1"
x-amz-version-id: pRJOZqLoxdz1tvMzBIvHCK_H7KLb6pxx
content-type: application/json
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
date: Fri, 02 Dec 2022 12:26:24 GMT
age: 3866745
x-served-by: cache-pao12023-PAO, cache-bma1637-BMA
x-cache: HIT, HIT
x-cache-hits: 188, 1
x-timer: S1669983985.732394,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 1644
X-Firefox-Spdy: h2
ocsps.ssl.com/
34.237.184.165200 OK 1.8 kB IP 34.237.184.165:0
Hash 356851d37ea2bb9a17e07d56249860fe
2cbf925ebeab93e31b2298f05a686fa6ecf5fe99
cbd0cea6ad2376ffa4ff2057dff89d3dd67775a8588a08497ab58a3e8fd2dfa7
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 12:26:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 08 Dec 2022 15:27:39 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "2cbf925ebeab93e31b2298f05a686fa6ecf5fe99"
Last-Modified: Thu, 01 Dec 2022 15:27:40 GMT
X-Proxy-Cache: HIT
ocsps.ssl.com/
34.237.184.165200 OK 1.8 kB IP 34.237.184.165:0
Hash 011217b0a618c1bcf33f252140e5f19b
41f89d0ae505409a8e9d1de5bba2bad47db21538
108dc3c86d5498feab53151f25cb741bc8d601e90784c83d254cbd7f8f0f6c9c
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 12:26:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 08 Dec 2022 16:47:39 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "41f89d0ae505409a8e9d1de5bba2bad47db21538"
Last-Modified: Thu, 01 Dec 2022 16:47:40 GMT
X-Proxy-Cache: HIT
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=73e28e14-4640-4adc-808f-626cda740836%3A0&_cls_v=ed7b8495-f3e2-46e0-9488-a11e8310a912&pv=2&f_cls_s=true
23.36.79.18200 OK 76 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=73e28e14-4640-4adc-808f-626cda740836%3A0&_cls_v=ed7b8495-f3e2-46e0-9488-a11e8310a912&pv=2&f_cls_s=true
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash d87f3a01e138ffc4cb8aa876b80532be
6742267abf4dfae37d148a8f2d3075d25b886a46
53313e36f22f03c87680239a58b684d11e6e48d4e30672794c71c5ed288416ec
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=73e28e14-4640-4adc-808f-626cda740836%3A0&_cls_v=ed7b8495-f3e2-46e0-9488-a11e8310a912&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://pinu4564ps4t.ru
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: http://pinu4564ps4t.ru
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Dec 2022 12:26:25 GMT
Connection: keep-alive
Set-Cookie: _cls_v=ed7b8495-f3e2-46e0-9488-a11e8310a912; Secure; SameSite=None;HttpOnly;Secure
_cls_s=73e28e14-4640-4adc-808f-626cda740836:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!DvxOf1gbhJNIWa3jbMKMZ0gdoDa2eVi0UV+XMgzkIgdcSuSJIM8zVJXsP+VAGvPHO2iVf3yeYJZU/1c=; path=/; Httponly; Secure
DCID=4cleMkRjAR%2fQzIvyOi3NEJYR+u+Jpu615N+CJeR+QO4%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Dec 2022 12:41:24 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHA6Ly9waW51NDU2NHBzNHQucnUvcXdzYS9zbW90aC9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2Njk5ODM5ODMwMTciLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NGQyY2NiOGNmYS0wOGY2MWQzM2Y4MzAwNS1jNTA1NDI1LTE0MDAwMC0xODRkMmNjYjhkMDM5ZSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwOi8vcGludTQ1NjRwczR0LnJ1L3F3c2Evc21vdGgvZW1haWwuaHRtbCIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0ZTNmLTk3MjUtOGQwZC1lMjJjLWUyY2ItN2ZjYy1hZmU4LTIxNjUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk4Mzk4MzAxNSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMDQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5ODM5ODMwMTcsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQ3LjNfMjAyMjA4MjkxNTEwMzAifQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHA6Ly9waW51NDU2NHBzNHQucnUvcXdzYS9zbW90aC9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2Njk5ODM5ODMwMTciLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NGQyY2NiOGNmYS0wOGY2MWQzM2Y4MzAwNS1jNTA1NDI1LTE0MDAwMC0xODRkMmNjYjhkMDM5ZSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwOi8vcGludTQ1NjRwczR0LnJ1L3F3c2Evc21vdGgvZW1haWwuaHRtbCIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0ZTNmLTk3MjUtOGQwZC1lMjJjLWUyY2ItN2ZjYy1hZmU4LTIxNjUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk4Mzk4MzAxNSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMDQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5ODM5ODMwMTcsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQ3LjNfMjAyMjA4MjkxNTEwMzAifQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHA6Ly9waW51NDU2NHBzNHQucnUvcXdzYS9zbW90aC9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2Njk5ODM5ODMwMTciLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NGQyY2NiOGNmYS0wOGY2MWQzM2Y4MzAwNS1jNTA1NDI1LTE0MDAwMC0xODRkMmNjYjhkMDM5ZSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwOi8vcGludTQ1NjRwczR0LnJ1L3F3c2Evc21vdGgvZW1haWwuaHRtbCIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0ZTNmLTk3MjUtOGQwZC1lMjJjLWUyY2ItN2ZjYy1hZmU4LTIxNjUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk4Mzk4MzAxNSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMDQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5ODM5ODMwMTcsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQ3LjNfMjAyMjA4MjkxNTEwMzAifQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 12:26:25 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-jm50
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHA6Ly9waW51NDU2NHBzNHQucnUvcXdzYS9zbW90aC9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYWZ0ZXJfaHR0cF9nZXRfcmVxdWVzdCIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTgzOTgzMDAzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMmNjYjhjZmEtMDhmNjFkMzNmODMwMDUtYzUwNTQyNS0xNDAwMDAtMTg0ZDJjY2I4ZDAzOWUiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtcHJlbSIsImFjY291bnRJZCI6IDU3OTA1LCJ1cmwiOiAiaHR0cDovL3BpbnU0NTY0cHM0dC5ydS9xd3NhL3Ntb3RoL2VtYWlsLmh0bWwiLCJ3ZWJzaXRlSWQiOiA1NzkwNywiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNGUzZi05NzI1LThkMGQtZTIyYy1lMmNiLTdmY2MtYWZlOC0yMTY1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5ODM5NDI5NjYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIiwiaHR0cFJlcXVlc3REYXRhIjogeyJyZXF1ZXN0VXJsIjogImh0dHBzOi8vcmVzb3VyY2VzLmRpZ2l0YWwtY2xvdWQtcHJlbS5tZWRhbGxpYS5jb20vd2RjdXNwcmVtLzU3OTA3L29uc2l0ZS9vbnNpdGVEYXRhLmpzb24iLCJhdHRlbXB0TnVtYmVyIjogMCwicmVxdWVzdFRvdGFsVGltZUluU2Vjb25kcyI6IDAuMTExfX0sImNvb2tpZV9zaXplIjogMjA0LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTgzOTgzMDAzLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwicGFja2FnZVZlcnNpb24iOiAiMi40Ny4zXzIwMjIwODI5MTUxMDMwIn0KXX0=
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHA6Ly9waW51NDU2NHBzNHQucnUvcXdzYS9zbW90aC9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYWZ0ZXJfaHR0cF9nZXRfcmVxdWVzdCIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTgzOTgzMDAzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMmNjYjhjZmEtMDhmNjFkMzNmODMwMDUtYzUwNTQyNS0xNDAwMDAtMTg0ZDJjY2I4ZDAzOWUiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtcHJlbSIsImFjY291bnRJZCI6IDU3OTA1LCJ1cmwiOiAiaHR0cDovL3BpbnU0NTY0cHM0dC5ydS9xd3NhL3Ntb3RoL2VtYWlsLmh0bWwiLCJ3ZWJzaXRlSWQiOiA1NzkwNywiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNGUzZi05NzI1LThkMGQtZTIyYy1lMmNiLTdmY2MtYWZlOC0yMTY1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5ODM5NDI5NjYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIiwiaHR0cFJlcXVlc3REYXRhIjogeyJyZXF1ZXN0VXJsIjogImh0dHBzOi8vcmVzb3VyY2VzLmRpZ2l0YWwtY2xvdWQtcHJlbS5tZWRhbGxpYS5jb20vd2RjdXNwcmVtLzU3OTA3L29uc2l0ZS9vbnNpdGVEYXRhLmpzb24iLCJhdHRlbXB0TnVtYmVyIjogMCwicmVxdWVzdFRvdGFsVGltZUluU2Vjb25kcyI6IDAuMTExfX0sImNvb2tpZV9zaXplIjogMjA0LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTgzOTgzMDAzLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwicGFja2FnZVZlcnNpb24iOiAiMi40Ny4zXzIwMjIwODI5MTUxMDMwIn0KXX0=
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiV2VsbHMgRmFyZ28gLSBDaGFuZ2UgeW91ciB1c2VybmFtZSIsInBhZ2VfdXJsIjogImh0dHA6Ly9waW51NDU2NHBzNHQucnUvcXdzYS9zbW90aC9lbWFpbC5odG1sIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYWZ0ZXJfaHR0cF9nZXRfcmVxdWVzdCIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTgzOTgzMDAzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMmNjYjhjZmEtMDhmNjFkMzNmODMwMDUtYzUwNTQyNS0xNDAwMDAtMTg0ZDJjY2I4ZDAzOWUiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtcHJlbSIsImFjY291bnRJZCI6IDU3OTA1LCJ1cmwiOiAiaHR0cDovL3BpbnU0NTY0cHM0dC5ydS9xd3NhL3Ntb3RoL2VtYWlsLmh0bWwiLCJ3ZWJzaXRlSWQiOiA1NzkwNywiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNGUzZi05NzI1LThkMGQtZTIyYy1lMmNiLTdmY2MtYWZlOC0yMTY1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5ODM5NDI5NjYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIiwiaHR0cFJlcXVlc3REYXRhIjogeyJyZXF1ZXN0VXJsIjogImh0dHBzOi8vcmVzb3VyY2VzLmRpZ2l0YWwtY2xvdWQtcHJlbS5tZWRhbGxpYS5jb20vd2RjdXNwcmVtLzU3OTA3L29uc2l0ZS9vbnNpdGVEYXRhLmpzb24iLCJhdHRlbXB0TnVtYmVyIjogMCwicmVxdWVzdFRvdGFsVGltZUluU2Vjb25kcyI6IDAuMTExfX0sImNvb2tpZV9zaXplIjogMjA0LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTgzOTgzMDAzLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwicGFja2FnZVZlcnNpb24iOiAiMi40Ny4zXzIwMjIwODI5MTUxMDMwIn0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://pinu4564ps4t.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 12:26:25 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-hmh0
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2