bjornreybrouck.be/bt
145.14.151.30301 Moved Permanently 707 B IP 145.14.151.30:0
ASN #47583 Hostinger International Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
fortinet Phishing
GET /bt HTTP/1.1
Host: bjornreybrouck.be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 09 Dec 2022 22:55:52 GMT
server: LiteSpeed
location: https://bjornreybrouck.be/bt
platform: hostinger
content-security-policy: upgrade-insecure-requests
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12564
Expires: Sat, 10 Dec 2022 02:25:16 GMT
Date: Fri, 09 Dec 2022 22:55:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6479
Expires: Sat, 10 Dec 2022 00:43:51 GMT
Date: Fri, 09 Dec 2022 22:55:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9806
Expires: Sat, 10 Dec 2022 01:39:18 GMT
Date: Fri, 09 Dec 2022 22:55:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 22:08:21 GMT
content-type: application/json
age: 2851
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gxnegLzUnEKl6CRzWG+UNKOeY9+UudC2eUlNvDBjFammsD0/XkEtWRBak3b+kzLKbihYvZXRUjU=
x-amz-request-id: 1NZPBB4C6KGY684R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 22:50:26 GMT
age: 326
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
bjornreybrouck.be/bt
145.14.151.30301 Moved Permanently 707 B IP 145.14.151.30:0
ASN #47583 Hostinger International Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
fortinet Phishing
GET /bt HTTP/1.1
Host: bjornreybrouck.be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 707
date: Fri, 09 Dec 2022 22:55:52 GMT
server: LiteSpeed
location: https://bjornreybrouck.be/bt/
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 22:55:52 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bjornreybrouck.be/bt/
145.14.151.30200 OK 188 B IP 145.14.151.30:0
ASN #47583 Hostinger International Limited
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2012921a4cef516172cc76fb06c97455
4f59d7261927f681811823d5a92a3d406ac65d0a
80972cf6c822b16790b2798190f8261a7da46c5a684c39810750ed507748865f
Analyzer Verdict Alert fortinet Phishing
GET /bt/ HTTP/1.1
Host: bjornreybrouck.be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.32
content-type: text/html; charset=UTF-8
content-length: 188
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 22:55:53 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 22:33:13 GMT
age: 1360
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6208
Cache-Control: max-age=129270
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:53 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:50:23 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4c6c3cb8b2c42770b119c5b5845e1a18
f5acb474cca520e8ecb9f98459381eae787dfb7e
56aa58862805e2c7ff813f5a5c6ed190f13091fe0d27652a35471b1e7dda7463
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56AA58862805E2C7FF813F5A5C6ED190F13091FE0D27652A35471B1E7DDA7463"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20585
Expires: Sat, 10 Dec 2022 04:38:58 GMT
Date: Fri, 09 Dec 2022 22:55:53 GMT
Connection: keep-alive
push.services.mozilla.com/
52.13.69.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.69.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dvvO3CaryPSCVLSqjpZZyw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PAlyNtgChQkTEgZWTgg7G/Hbc1M=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16afe57a1cefac94175f96e0b1875588
2d5529fec6d4d909d7338b2c193771d798260dca
468f3d30b09ee1d4240927c0c296bbd75b999b046d29d763b74e60cffc0f6876
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2980
Cache-Control: max-age=120683
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:54 GMT
Etag: "6392e5c1-1d7"
Expires: Sun, 11 Dec 2022 08:27:17 GMT
Last-Modified: Fri, 09 Dec 2022 07:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16afe57a1cefac94175f96e0b1875588
2d5529fec6d4d909d7338b2c193771d798260dca
468f3d30b09ee1d4240927c0c296bbd75b999b046d29d763b74e60cffc0f6876
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2980
Cache-Control: max-age=120683
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:54 GMT
Etag: "6392e5c1-1d7"
Expires: Sun, 11 Dec 2022 08:27:17 GMT
Last-Modified: Fri, 09 Dec 2022 07:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/tracking/ga/ga.js
95.101.10.120200 OK 20 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 09 Dec 2022 22:55:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=PqQjALREnYMEvz1+KyBYug%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
95.101.10.120200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 09 Dec 2022 22:55:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=llTuy%2fE8Vuz1SfO2b1xE3w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
95.101.10.120200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 09 Dec 2022 22:55:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8Qqjk%2fMJXqPjyf7ojslZVw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16afe57a1cefac94175f96e0b1875588
2d5529fec6d4d909d7338b2c193771d798260dca
468f3d30b09ee1d4240927c0c296bbd75b999b046d29d763b74e60cffc0f6876
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2980
Cache-Control: max-age=120683
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:54 GMT
Etag: "6392e5c1-1d7"
Expires: Sun, 11 Dec 2022 08:27:17 GMT
Last-Modified: Fri, 09 Dec 2022 07:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
95.101.10.120200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 09 Dec 2022 22:55:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3IzsNsiaRWPpGxx6TIxULw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
95.101.10.120200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 09 Dec 2022 22:55:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=uCPxMXRZgKQ7UiQhicX7+w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/gb/detector-dom.min.js
95.101.10.120200 OK 132 kB URL HTTP/1.1 static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Fri, 09 Dec 2022 22:55:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jdLLWrm+s9ohsmxbbRDAcQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16afe57a1cefac94175f96e0b1875588
2d5529fec6d4d909d7338b2c193771d798260dca
468f3d30b09ee1d4240927c0c296bbd75b999b046d29d763b74e60cffc0f6876
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2980
Cache-Control: max-age=120683
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:54 GMT
Etag: "6392e5c1-1d7"
Expires: Sun, 11 Dec 2022 08:27:17 GMT
Last-Modified: Fri, 09 Dec 2022 07:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16afe57a1cefac94175f96e0b1875588
2d5529fec6d4d909d7338b2c193771d798260dca
468f3d30b09ee1d4240927c0c296bbd75b999b046d29d763b74e60cffc0f6876
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2981
Cache-Control: max-age=120683
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:55 GMT
Etag: "6392e5c1-1d7"
Expires: Sun, 11 Dec 2022 08:27:18 GMT
Last-Modified: Fri, 09 Dec 2022 07:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/tracking/ytc/ytc.js
95.101.10.120200 OK 5.6 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ytc/ytc.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (15032)
Hash c48fe5e804797f0f227c7b840d74a48c
af0ab8fe13f1dc1de7363cfbfc14eacf766a13c2
1a2fbaccd0201b433a5fe36253718facae1b50d23d6af5884279f563a7494c2f
GET /tracking/ytc/ytc.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Jul 2021 21:00:28 GMT
Vary: Accept-Encoding
ETag: W/"60f0a1ec-3ad3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 5614
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=KToAdK70hiVizgmqZphWmQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/secure-auth/utag.3.js?utv=ut4.46.202012011749
95.101.10.120200 OK 2.2 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.3.js?utv=ut4.46.202012011749
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1022)
Hash a14fd9149c74dc560cbb2b19a945ef73
feb2bb1497fdf3810f823e09124f310ac3dfe9e0
314c74f80c31e727c06da493e10e9dba8cc3a80f2eb07d06463c486a3ba10ffe
GET /tracking/secure-auth/utag.3.js?utv=ut4.46.202012011749 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Dec 2020 23:04:06 GMT
Vary: Accept-Encoding
ETag: W/"5fc96ee6-15f9"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2186
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Hl49w2I7FiBsohdvax3mWg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6426
Expires: Sat, 10 Dec 2022 00:43:01 GMT
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6426
Expires: Sat, 10 Dec 2022 00:43:01 GMT
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6426
Expires: Sat, 10 Dec 2022 00:43:01 GMT
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6426
Expires: Sat, 10 Dec 2022 00:43:01 GMT
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a81548132f6f176f60e4fc278114ff84
3f330d6c27242cc3d65b975ab4a1c39b08fb69de
82095572be60a13b933293fa38a956e366a854becc5532dfccbf5893366ab702
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7535
x-amzn-requestid: 9c904976-42b9-40c9-aefa-201f0f84358f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMUHw7IAMFSng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-3a601e621f9f31c7509f4e52;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXI46ZBJB6-LoLmfPuwmnQV9lamFDrpOdrgRXopTz7fGgwDYYGmT9A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:07 GMT
age: 3768
etag: "3f330d6c27242cc3d65b975ab4a1c39b08fb69de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
163.44.197.16200 OK 87 kB URL HTTP/1.1 www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (47281), with CRLF line terminators
Hash 031275e20921a7411e3c025bce299cd6
ea275f298bdfcaa914388f7465b315d90fa11df8
2eafebf0864c74dd9967f0375c5eb2a7255242adf10fa3d108a94dd59c4677ac
Analyzer Verdict Alert fortinet Phishing
GET /wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 22:55:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; path=/
MS-Author-Via: DAV
X-Powered-By: PHP/7.3.25, PleskLin
Content-Encoding: gzip
static.wellsfargo.com/tracking/survey/gateway.min.js
95.101.10.120200 OK 7.2 kB URL HTTP/1.1 static.wellsfargo.com/tracking/survey/gateway.min.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (18709)
Hash 4e22de87d95250210841318d44411316
732d49d6c6fbaf72ca9ac3cfe7d34a08400506cf
b62365f674d8b5ce81a33cae6ad20ad15b03d10b31f6e639ab316e3480a7dc66
GET /tracking/survey/gateway.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 05 Dec 2019 22:21:08 GMT
Vary: Accept-Encoding
ETag: W/"5de982d4-4c5d"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 7188
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: DCID=CN8rQ1WEELYJRIzz1hc81Bz0Y2PxEadgf30Xyg9oRfaS2S9TvO3e7JTW5oLrJiRq; Domain=static.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/tracking/secure-auth/utag.4.js?utv=ut4.46.202011242053
95.101.10.120200 OK 1.7 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.4.js?utv=ut4.46.202011242053
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (4209)
Hash 7251c21cc4e7be828526ed0d5e218cd0
87abe4f4f42842077a75808b7c7e016b179731bb
472d727e0870b9fd4b6f965c73d41d8e4d3a9739f1f966e5785139f4b7492996
GET /tracking/secure-auth/utag.4.js?utv=ut4.46.202011242053 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 23 Sep 2021 21:00:33 GMT
Vary: Accept-Encoding
ETag: W/"614ceaf1-16e0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1663
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cf%2f0hASVedJqw6kPq%2fhCiQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15e70ae6d020b468c84816939a4329aa
be4d2e27d7d6041b17a4f3490126e4b73c68b8c1
188259d91d75505f7ee2253f80075b56174569b669ad17adbd88a06759a5f5aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5702
x-amzn-requestid: 0bd029d4-2c3b-4c62-ba67-4e28de3c0c6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWF2woAMFq8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-34d8de9e4505e5d214083b44;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: D-fEO-tBlvb1MMkHZSTJahhy4g1M5EPn_EyqRxbEbpG54dH2fgZ9gg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:47:58 GMT
age: 4077
etag: "be4d2e27d7d6041b17a4f3490126e4b73c68b8c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.46.202103182209
95.101.10.120200 OK 2.4 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.5.js?utv=ut4.46.202103182209
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (3223)
Hash 44449282135ec65f8a30f2d0019559bc
b5345b6412524b284661df58083cf4a69137bf07
4274fe65bf4837e788240c5554ea146522b4f639497f86f0ebad1cfdff13e71b
GET /tracking/secure-auth/utag.5.js?utv=ut4.46.202103182209 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:42 GMT
Vary: Accept-Encoding
ETag: W/"632cc052-1c52"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2392
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3B4L+aGHDzEdg5i5+mzcBw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 56560
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0df452512aae4c4c1f4a2cd263b16dfd
68bac75574641febc463bd0819392dae2da15811
e0a9301c5be849e116f1d98b819c2eb91f73e74d836f3e099f2cd266e8f0bb36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12743
x-amzn-requestid: 6ed8a5f4-45cd-45bd-9820-df450f612c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4E_-IAMFf3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-31d928fc430577b463a68bd0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: YTqJN92gTy04q3obEXe4P1gmG2h9b2IQjjSkkUXyqnfFOL67uobN4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:58:18 GMT
age: 3457
etag: "68bac75574641febc463bd0819392dae2da15811"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2b4c44cc196e1f4263a895ef54e6650
c5cea524045b3394c1dfe5e5fcac4637416f8587
e31f4b95811c01b2f2f181e11b7a8e1b4c57c3c7fc067c304e8dacc6fb176442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3963
x-amzn-requestid: f067a6cf-758c-4c35-be64-3970b690ea7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e7VHdnoAMF0Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab7b-485a18b738763b2029f6c653;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s34c1vAKHso9NwDfhOn5053VIDeRGdwNscoMDkkfcNx95irwIB9Hrg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:23 GMT
age: 3692
etag: "c5cea524045b3394c1dfe5e5fcac4637416f8587"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eba44f9-82c7-4919-bc2f-4f847f621994.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eba44f9-82c7-4919-bc2f-4f847f621994.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8a5e9d0cddf26cf3a1478d2942f2478
e8a228a857a414f04108c84670ed7bc74534407c
3a15851f412000f1647057745348bc6f6e2f0cfe481ca7a72f6e94fab8d5e52e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eba44f9-82c7-4919-bc2f-4f847f621994.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12990
x-amzn-requestid: 2e4f71f3-b81d-4822-a13a-e8367a76aa20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMREp3IAMFRJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-447650995616ab6a09780380;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DVOvH3hkkdKdQNGQSrJ90yGPigdD8UysVImEu_pMe_H69RagreIKsg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:07 GMT
age: 3768
etag: "e8a228a857a414f04108c84670ed7bc74534407c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/secure-auth/utag.7.js?utv=ut4.46.202010230514
95.101.10.120200 OK 3.2 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.7.js?utv=ut4.46.202010230514
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1579)
Hash bda63f460bc390b7b26d7c6bf49bc292
a9e353a34855275090f1812746caed3ecaaaed10
c7d2d5ed51d288030e4f53182ad497193a669255e1c9ab0f539765d0c9189218
GET /tracking/secure-auth/utag.7.js?utv=ut4.46.202010230514 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 28 Oct 2020 21:48:43 GMT
Vary: Accept-Encoding
ETag: W/"5f99e73b-28df"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 3220
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=omQw6WaObfsGzZfFER11pw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/AIDO/glu.js
95.101.10.136200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash fa41c714bde49596a0172aa8d01add3d
f96eb395d742d3f14ab49468f08379d0f9bd5bc6
05b3e499adc54a78447acb0619a1d4a1f94ea78283e47980cc46a07a5daf9e27
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37008
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=VbET7tJLXn+K1LJG1Ddba%2fR8cIIExxMK9p0sqmp0a+roq6w%2flKmi+VXyWbkpkDV%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/tracking/secure-auth/utag.1.js?utv=ut4.46.202103251512
95.101.10.120200 OK 2.0 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.1.js?utv=ut4.46.202103251512
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1117)
Hash f67acc5a3f56703cacf3b40067d6a62f
4e5bc3ee42947d654bfa5bef7a4bbc89c00d98a4
17006d5b261ffa4caf0d503d6d0b588dbdbf8fbc6aff432a4d602035122a50a2
GET /tracking/secure-auth/utag.1.js?utv=ut4.46.202103251512 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 29 Jun 2021 18:30:28 GMT
Vary: Accept-Encoding
ETag: W/"60db66c4-1153"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2011
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=oEhA3nAGNBciiOvLHxieiA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/css/style.css
163.44.197.16200 OK 190 B URL HTTP/1.1 www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/css/style.css
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with CRLF line terminators
Hash 171d4b7033815f99c79bb13d5a7a4042
c00a8cdfbb438adae5e2e51a8c1969d341476922
e4f7e5605680d92d2f2c7fa402a5f03c14c63f11a24bc80ce8edef9150c23d5e
GET /wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/css/style.css HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 22:55:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Accel-Version: 0.01
Last-Modified: Thu, 28 Oct 2021 06:48:28 GMT
ETag: W/"23d6c-12a-5cf6419146700"
MS-Author-Via: DAV
X-Powered-By: PleskLin
Content-Encoding: gzip
static.wellsfargo.com/tracking/secure-auth/utag.10.js?utv=ut4.46.202102191956
95.101.10.120200 OK 5.7 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.10.js?utv=ut4.46.202102191956
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2575)
Hash 9b6e37266171f49f824a6e39a413ff6f
142cc5dc8990b0d62bbf391cfdbd10cf4fbb595a
9e08142c6288d72a8448c65148ff9ea288c8958942bb36482f2409f504f3518b
GET /tracking/secure-auth/utag.10.js?utv=ut4.46.202102191956 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 04 Mar 2021 00:30:32 GMT
Vary: Accept-Encoding
ETag: W/"60402a28-50bb"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 5672
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MFnP78rdJRf2dzbd8hHwAw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/secure-auth/utag.15.js?utv=ut4.46.202109220050
95.101.10.120200 OK 1.7 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.15.js?utv=ut4.46.202109220050
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1142)
Hash 8ef348be98d33d036c76772130429a0f
0ff80908b030a9d097cf1638dd903f315791c7c5
64c81f54226a9628d8944de4a31944b810f28de5db7844bfada1ee6e18c2fb8a
GET /tracking/secure-auth/utag.15.js?utv=ut4.46.202109220050 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 23 Sep 2021 21:00:33 GMT
Vary: Accept-Encoding
ETag: W/"614ceaf1-ebc"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1682
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+oJdPlPdHHbwBkKjJNnhfQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/secure-auth/utag.9.js?utv=ut4.46.202103170122
95.101.10.120200 OK 3.5 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.9.js?utv=ut4.46.202103170122
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (3237)
Hash 366c78f63905a07a51fcf2ca5cb938e6
7d7b1a2eb08c7972faefff64e841ba22ed0e04ee
0c587e2186f735f5ea6625edb02eb6690301eaa6c87fae4ab8f37d93610bcd99
GET /tracking/secure-auth/utag.9.js?utv=ut4.46.202103170122 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 23 Sep 2021 21:00:33 GMT
Vary: Accept-Encoding
ETag: W/"614ceaf1-2bba"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 3522
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1Aso8D%2f7hKviUfVsYMd5fg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/secure-auth/utag.12.js?utv=ut4.46.202104052200
95.101.10.120200 OK 1.3 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.12.js?utv=ut4.46.202104052200
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1071)
Hash 43ec84506efb1df65f7be5764c4f8140
d9b3ab4e2cca9334c1290ffd518b8000080af784
5008a2797a0a577262b7e24bab726817ad2e914c746a425a4d9e95c03bb5619d
GET /tracking/secure-auth/utag.12.js?utv=ut4.46.202104052200 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 08 Apr 2021 21:15:26 GMT
Vary: Accept-Encoding
ETag: W/"606f726e-a3f"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1343
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XM6h+A1I7fcAw49WUo%2fIlA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/wfui.4751add72058e9dd58f2.chunk.css
95.101.10.136200 OK 20 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/wfui.4751add72058e9dd58f2.chunk.css
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
Hash 2beb0f885999a04e8c74f2ae4ecb70a7
2b9c9aa8db27a0ce51dc90002766f07ba59fc7d8
52c66fd385f6c3fde47662845c247c55b713770b8c332b747364b7976d84a1ac
GET /auth/static/ui/loginaltsignon/public/stylesheets/wfui.4751add72058e9dd58f2.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 20434
Last-Modified: Thu, 13 May 2021 02:22:41 GMT
Vary: Accept-Encoding
ETag: "609c8d71-4fd2"
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=10368000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7oq7wusc5ZVpc5pMUj+BoQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/main.d5ef04dc4bbb58096bdc.chunk.css
95.101.10.136200 OK 2.5 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/main.d5ef04dc4bbb58096bdc.chunk.css
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
Hash 5d05bec210515094a569c911be5c5d61
b7a5b5c30565d817265cc73f454dce0d6ddcd28b
50680b1825c3142e3fbd6b4c9985e6c197e1a9ab4829c3cb817f4cb90d6526d0
GET /auth/static/ui/loginaltsignon/public/stylesheets/main.d5ef04dc4bbb58096bdc.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 2464
Last-Modified: Thu, 13 May 2021 02:22:58 GMT
Vary: Accept-Encoding
ETag: "609c8d82-9a0"
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=10368000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wc8DPqaSyiIgCNT8E66Vaw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/js/actions.js
163.44.197.16200 OK 504 B URL HTTP/1.1 www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/js/actions.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with CRLF line terminators
Hash a929d6eebf69eaec9a46285c50f74994
2e42a8ba54ef0fdd2c59252cb9912516d6de1d7c
9d670b99192b4af1f0e339ab729d0a4700055d254f3d18f6f2b44ef76dca3eea
Analyzer Verdict Alert fortinet Phishing
GET /wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/js/actions.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 22:55:54 GMT
Content-Type: text/javascript
Last-Modified: Thu, 28 Oct 2021 06:27:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"617a42d6-50b"
X-Powered-By: PleskLin
Content-Encoding: gzip
connect.secure.wellsfargo.com/AIDO/trx.js
95.101.10.136200 OK 54 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/trx.js
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 16724641e8d681dc24ddbdf35d5efd87
d2e6a579cc90d29c2899d83a1659cda565fc927a
dbfefaaa9a6bcf8e604a456ec9195aac0080a2049c9cb59e820ded0b6f11a73e
GET /AIDO/trx.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 53913
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ys51AQd10O1P9FqJlmov7UcLqaTo+%2fOOBCg%2fzwQtjLBnYTs1QYY9ZuWB9QJvwoY0; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
95.101.10.136200 OK 17 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2285)
Hash 2e936e8c9e33ec708129025c63ece40a
41dfe5e92e4248607e8ad15d9f6efb514154a0bd
766548ad2b307fbc47574c0a194da545e0206c32f58bbfd8a56c1f2299bff0c0
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17104
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:26|g:c1a5e5a4-bfa0-48d8-97df-f15a8b3f31e7; Expires=Fri, 09-Dec-2022 22:56:25 GMT; Path=/; Secure
ADRUM_BTa=R:26|g:c1a5e5a4-bfa0-48d8-97df-f15a8b3f31e7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 09-Dec-2022 22:56:25 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 09-Dec-2022 22:56:25 GMT; Path=/; Secure
ADRUM_BT1=R:26|i:302812; Expires=Fri, 09-Dec-2022 22:56:25 GMT; Path=/; Secure
ADRUM_BT1=R:26|i:302812|e:3; Expires=Fri, 09-Dec-2022 22:56:25 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=yc0o4QiZ6KpocGQmkkTrG4V%2fs18nu8Tz8f6aklNoDvGRpqAU2j3yanrraiCIky5Q; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:54 GMT;Httponly; Secure
_abck=E00A82782FF759F801D53255D90EA7F4~-1~YAAQhAplX2zAuoKEAQAAljYa+Qk1wkwk+/qy/Y8+kH6PXac97WPDYOPVcSwaLy3pU0Fuy+o9A/FtMUFxDLiXn8Cr77EX6rckBv0EHDVDTxNRvhlsr5lDz+2KZRFlXSHO12k4mfMgR1lFafD5Hoji8m+bcbjnQomT+OVfZe/zL0qc57mlO+wDzw8VX0wc69cAkOMedG0LLu1npXnh8Cc4oCEC2L+3IxPGlMG4mje/inTce5OicZYuMRqJksqkxT2BKpcZbE4d7ndKicXnI+O2t8Br2GGTwJz+kkZ1weVp8PsVZtdPlFhQ8YNu5kVCycLi6rZekKrtkOxVRchCnYpPakDYu8aEu6edaZm3GoGam9tXhqmPMEOwv/Lq8KB8q8c2zQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:55 GMT; Max-Age=31536000; Secure
bm_sz=1E86A23D20DFC15AA90CAAD95CDEF719~YAAQhAplX23AuoKEAQAAljYa+RKlUX65qt6N7YNmqlzfv+7rt6uticMJiWFd4fReEt9NzTGDPiMqc0QfmAx/vfqZ8Fo9d3VaLU0u0Sr0GuJkzsvt9ocFp5PmFSqBkznhDhbz3+73Cde3m9xDvMbpa55bfOi8klH7hdkLsFx/B7nkvk/MP4cuw1Uk9RZZbfsdl4UT1Kk6u0aVsPqkDQzsesximE5xE0uAHylSbc+MHX6lwgWUsYFjEKjuvIxF0VN7HS66vXJV+HqPzgg+/vJUlef1yRXaenFzwC5cVFCNB3WXuB7qyhcF~3422008~3289410; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:54 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/ay6u?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnMlMjIlM0ElMjIwYWIzODc2Yy04ODg0LTRlMzAtYTdjYS03NjNiYjYzOTA5ZWYlMjIlN0QlN0QlNUQ%3D&cid=15%2C28&si=3&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=ugqkwnylogixegex&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
95.101.10.136200 OK 142 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/ay6u?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnMlMjIlM0ElMjIwYWIzODc2Yy04ODg0LTRlMzAtYTdjYS03NjNiYjYzOTA5ZWYlMjIlN0QlN0QlNUQ%3D&cid=15%2C28&si=3&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=ugqkwnylogixegex&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 42136946090cda75245e99bdb2661918
269b21d4acfa02ed0ae26ae455cd43a802704e47
dcd55e0cc6c093a79c3a24bd4d61f79b97bbace87f53fcd6abe76ce2702fa726
GET /AIDO/ay6u?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnMlMjIlM0ElMjIwYWIzODc2Yy04ODg0LTRlMzAtYTdjYS03NjNiYjYzOTA5ZWYlMjIlN0QlN0QlNUQ%3D&cid=15%2C28&si=3&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=ugqkwnylogixegex&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 142
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=fqdbkS3LHsaji1Tfamk%2fDEWlYs2fI1itDa1R0xgZSv9bwSqL7QVI+p0l2jzWdvNH; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
_abck=B51923516534EA14EE08D7F3B07225D4~-1~YAAQhAplX2/AuoKEAQAAIjca+Qlszbq9nfCThqNdI5/6aGI3/s/GmMI34R8QVhsnHvd0GTXvwhYd1qyVNdHIjq8eHfaliC4INUY/ABD42Fgr7dqxKRnxi3WIeGLoSRH7k9JheuwY/0uhOpWz2leHt9F3oTnqXzYSWxUlqOLMg1QpkCG56rvtFPZmnZ/9GU/g9H+EDPBu2zO7Gum2q6GgpZPSkoi+daFn6qNcUwF6rAZNKZD9yuAmA1W5TXXAm6drAuWYSfBn3O2y9bIpmNqN/cahAEIBU+5XL6MczPgfKSZptriEUKlkZEu7dyLNCxRZ9W/y1UcMq+pEWHpNFB/EFBezFUkq5XJDgwVtA8lfXsqNNR4MhV7ej6+lJdouAN8jpg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:55 GMT; Max-Age=31536000; Secure
bm_sz=845B7BA7C97655B48EF9CF9E95E07351~YAAQhAplX3DAuoKEAQAAIjca+RIM7bXuacg1LHR1yZUHJuSCg3e0jeV2L4hgiAucDYf6nyCtUCHGRd7r+9sfc9jk9715U/dAlh9/DQ0klst9FJjkutt6JcUpTfnQbBO7DiVvzV1j6j4NRg76ZVyN6vYoFyW4ymmIepU2E8Q3CZ+zUZxbqRIJlmFLOdtSsBPkCP8hPZ6ascenB1AlTStU7aiNcWDa9CREZO7lz+jixIFwnH/EhrZpv4NIUBsuVVY5pOHsOqJFQ9sYwVGeBBNArc/1iSjhGhwbzMqJ+eYXRJuzgZeMiKim~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZjb25uZWN0LnNlY3VyZS53ZWxsc2ZhcmdvLmNvbSUyRmF1dGglMkZsb2dpbiUyRnByZXNlbnQlM0ZvcmlnaW4lM0Rjb2IlMjYlM0R5ZXMlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBODA1NDUzOTAyJTJDJTIyZmMlMjIlM0ExJTJDJTIyY251bSUyMiUzQTIlMkMlMjJ0cyUyMiUzQTE2MjIzNjc2MTQlMkMlMjJ0JTIyJTNBJTdCJTIydCUyMiUzQSUyMmxvZ2luJTIyJTdEJTJDJTIycmFuZCUyMiUzQTM1MjE4MyU3RCU3RCU1RA%3D%3D&cid=8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=pgmrwysfqzyikyrq&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
95.101.10.136200 OK 131 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZjb25uZWN0LnNlY3VyZS53ZWxsc2ZhcmdvLmNvbSUyRmF1dGglMkZsb2dpbiUyRnByZXNlbnQlM0ZvcmlnaW4lM0Rjb2IlMjYlM0R5ZXMlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBODA1NDUzOTAyJTJDJTIyZmMlMjIlM0ExJTJDJTIyY251bSUyMiUzQTIlMkMlMjJ0cyUyMiUzQTE2MjIzNjc2MTQlMkMlMjJ0JTIyJTNBJTdCJTIydCUyMiUzQSUyMmxvZ2luJTIyJTdEJTJDJTIycmFuZCUyMiUzQTM1MjE4MyU3RCU3RCU1RA%3D%3D&cid=8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=pgmrwysfqzyikyrq&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 445c2a116ee0bfe0bad43402c1b1693c
e03e168f625736fce6038a13dbc265e79919e173
5918b3d659e041ea531f4d524002b72b8e48bd7f472a3fc28caae3f9ae3ed631
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZjb25uZWN0LnNlY3VyZS53ZWxsc2ZhcmdvLmNvbSUyRmF1dGglMkZsb2dpbiUyRnByZXNlbnQlM0ZvcmlnaW4lM0Rjb2IlMjYlM0R5ZXMlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBODA1NDUzOTAyJTJDJTIyZmMlMjIlM0ExJTJDJTIyY251bSUyMiUzQTIlMkMlMjJ0cyUyMiUzQTE2MjIzNjc2MTQlMkMlMjJ0JTIyJTNBJTdCJTIydCUyMiUzQSUyMmxvZ2luJTIyJTdEJTJDJTIycmFuZCUyMiUzQTM1MjE4MyU3RCU3RCU1RA%3D%3D&cid=8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=pgmrwysfqzyikyrq&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 131
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=y09nTnrCgG8UeJjOnHL1RDFeb88OxuLiWQ6BFGY7ce3QgWE+BuzWKuVzGqTTigek; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
_abck=A99C1CE54BD1B2E884971CB3D87E0B7C~-1~YAAQhAplX3HAuoKEAQAA8jca+Qm4duZbf6RBn3hkSTiWk0tMzw+Mue3zrXbJ+6anDxrCpdgqoDf1jGxn7cjzt1KwBxWB9k8VPRlhYp7T/8GTDiyKFKaAlcRGe9sLsXmMiUVfZx09OyAda1Di3ki83hHhZYRO9jpzWYAUzCUDBWPsj8sSlWGj/UCeK8w+7wFIPKdZuikWiBqBxM/fOXsBGGFrHCbquOzLmxP4OLOKjKM7PFkIBw6rGN0CmErUIEIjrnEL0Ikby8D0Mg7wlCuxRdI1TpvMfZGIyPz/LH2WGJW1cosSXjOb0juM36hr5vfyudiL48uBwPwpFIKBgFmHIqnyICmq/Y9aY64yCT/cRZe6DVI7Q7X8ywSjQsw98aTivw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:55 GMT; Max-Age=31536000; Secure
bm_sz=61E64E215785261B94BC40254F9B631A~YAAQhAplX3LAuoKEAQAA8jca+RKfFuC8V0tLk//L7A3B4mUBqvXGH9bqS4e+Hlq3WeVsODQtGQAVC3DEfpes9vkOPFUbQJJNotaHIUVKI5s6fp6KBc7KPHg6aptfSWHTYMts7GIu142zVQYw/8SmUhZLcJrQ3FOCzk2S4zwJhihnkwWvY1rxxyNiVE2dmVyUy1G6WDRxx2JHBpY0MLIl2pJYesxqgu2bULMnjy8GV21hXDCPeM39wdYUjEWo0bPGARK8tW2c9YkeJ9AgvVZ6PSI/simHmIc0vXQSHV3YwmlNVvTSdutQ~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjglMjIlMkMlMjJkYXRhJTIyJTNBJTdCJTIyY2lkJTIyJTNBJTIyOCUyMiUyQyUyMnUlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmNvbm5lY3Quc2VjdXJlLndlbGxzZmFyZ28uY29tJTJGYXV0aCUyRmxvZ2luJTJGcHJlc2VudCUzRm9yaWdpbiUzRGNvYiUyNiUzRHllcyUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJwaWQlMjIlM0E4MDU0NTM5MDIlMkMlMjJmYyUyMiUzQTElMkMlMjJjbnVtJTIyJTNBMSUyQyUyMnRzJTIyJTNBMTYyMjM2NzUxNCUyQyUyMnQlMjIlM0ElN0IlMjJ0JTIyJTNBJTIybG9naW4lMjIlN0QlMkMlMjJyYW5kJTIyJTNBNzgwNTEzJTdEJTdEJTVE&cid=15%2C8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=ynmtsfqlwqmckfmu&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
95.101.10.136200 OK 141 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjglMjIlMkMlMjJkYXRhJTIyJTNBJTdCJTIyY2lkJTIyJTNBJTIyOCUyMiUyQyUyMnUlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmNvbm5lY3Quc2VjdXJlLndlbGxzZmFyZ28uY29tJTJGYXV0aCUyRmxvZ2luJTJGcHJlc2VudCUzRm9yaWdpbiUzRGNvYiUyNiUzRHllcyUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJwaWQlMjIlM0E4MDU0NTM5MDIlMkMlMjJmYyUyMiUzQTElMkMlMjJjbnVtJTIyJTNBMSUyQyUyMnRzJTIyJTNBMTYyMjM2NzUxNCUyQyUyMnQlMjIlM0ElN0IlMjJ0JTIyJTNBJTIybG9naW4lMjIlN0QlMkMlMjJyYW5kJTIyJTNBNzgwNTEzJTdEJTdEJTVE&cid=15%2C8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=ynmtsfqlwqmckfmu&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 86dc6547f650f6c168b4ada34ad4f52e
2317c5aabc5bf6735a61ba63cb9dd851305ba8b4
3b2eb2033cfb6a18161fea0f141aeed2a2fcff9d79c58f1ff48bdac45ce0cb93
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjglMjIlMkMlMjJkYXRhJTIyJTNBJTdCJTIyY2lkJTIyJTNBJTIyOCUyMiUyQyUyMnUlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmNvbm5lY3Quc2VjdXJlLndlbGxzZmFyZ28uY29tJTJGYXV0aCUyRmxvZ2luJTJGcHJlc2VudCUzRm9yaWdpbiUzRGNvYiUyNiUzRHllcyUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJwaWQlMjIlM0E4MDU0NTM5MDIlMkMlMjJmYyUyMiUzQTElMkMlMjJjbnVtJTIyJTNBMSUyQyUyMnRzJTIyJTNBMTYyMjM2NzUxNCUyQyUyMnQlMjIlM0ElN0IlMjJ0JTIyJTNBJTIybG9naW4lMjIlN0QlMkMlMjJyYW5kJTIyJTNBNzgwNTEzJTdEJTdEJTVE&cid=15%2C8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=ynmtsfqlwqmckfmu&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 141
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=JInaxAKeFcyAx39ii0oiWUrdU7kRDR8MVyiX4vM%2fTEH1kTrR5+g5x0RCVrAd0WcF; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
_abck=071FF638679E6349FEEB740DD84F532D~-1~YAAQhAplX3PAuoKEAQAADzga+QkyX8XYiSLtqN2d/aD3Bv0E7akQF8NKEeXkEeR20f3MT7nGLY0F2OyvYsrSItOyIShhqBm8etcvZwO+IY9/YjAsVfabzSK4rBRNHtePPT1SEOFE+ixff7FrLSFLbzUIdvdjXNA2lgsS/ZGB41TgS9UJTJ8w14gHk79cKXWritgqKcxCzTK1AAB/LmjCkGVbzp+2Oo8SRqK4Zos3roy/1tgSfmKqMXwxvbXdbYY1tMNmso6tQtPP+ODxv8+XS28FQLqmjqoS/t+PSrO/zwYMZ0MekyOlR0sTspowAh9SOMZOvUYLJXf26+IZpcsxRVbZOZG5Doat+Im9gsrIhjCHIJh6UdPw0r9JzOX1Dj9KUQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:55 GMT; Max-Age=31536000; Secure
bm_sz=DA2067F2669FBD5331C2D74F03C92EF1~YAAQhAplX3TAuoKEAQAADzga+RIZsHiPB0XEIx3jRwAXZZoVuo6X9rdOkOOQPpILjkuavcuTVHWKsu8qHVWR3c24h6+bsME3/oCVTzYkOyZvW6Qkef9ypU4xjTpxEBc5LK5DwRAx0S9N1rOGfeEABCIHjMRyFeVhJur7RJNwrolHg7aE6CR3lcJFhouLGMQz5QxGxw/D3aPcSgZqgPeicnWys9WS3Mvxdul5GLb7NHSSMb/KYNKhKf21pw7vIZ8w2Y/YaMphE1VKEMtlC9kNAAvwfchCS3tA6DYWLGdW7h0ZcK+fYVOL~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIyMCUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJkdCUyMiUzQSUyMmdkaWQlMjIlMkMlMjJnJTIyJTNBJTIya3BhenFhNXJ4MGkzYWx0YTFkaiUyMiUyQyUyMmNpZCUyMiUzQSUyMjIwJTIyJTdEJTdEJTVE&cid=20&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=cwokogyqgsazemxd&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
95.101.10.136200 OK 132 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIyMCUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJkdCUyMiUzQSUyMmdkaWQlMjIlMkMlMjJnJTIyJTNBJTIya3BhenFhNXJ4MGkzYWx0YTFkaiUyMiUyQyUyMmNpZCUyMiUzQSUyMjIwJTIyJTdEJTdEJTVE&cid=20&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=cwokogyqgsazemxd&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 7e44326a3259e79b98f186211aba778b
ccf4f6dfaa776039a5ab2db32bd9b56fd7a0ee7e
6e72d742c71556542e829f2e9344e5a8596857d2c556376d759173136cfa4362
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIyMCUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJkdCUyMiUzQSUyMmdkaWQlMjIlMkMlMjJnJTIyJTNBJTIya3BhenFhNXJ4MGkzYWx0YTFkaiUyMiUyQyUyMmNpZCUyMiUzQSUyMjIwJTIyJTdEJTdEJTVE&cid=20&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=cwokogyqgsazemxd&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 132
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=mbUEizYiG96GtcK48Wb9OoOPa94aaO5dVjVmPJ4HrePEH+409vGB03ws52D+akoa; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
_abck=3BE4FDFB862A99E1B3487BDCE2934862~-1~YAAQhAplX3XAuoKEAQAAQzga+QmGuRPY2NdmmjUGR4S9zvThhJadKqyShjFSNMADghrjHcLMrN3MTB5BbUAod5wAAvmIhfPagGJ+fz6UBC0Ae9qRd1Fqei31VdI/xVeQOsN0KztC22c5mdjQaI21l/i3Shh2jU0+m15ItuINSydq3Pzjs8TIDgZ7i0MJ75ZgxE28UtVir0fCM9qaNtUgKNKyPyqKj4mXSMv7/X927RU3h6jrKHszGeYa532/jkvZLXK5ip9SSsBFB3yzD0289EQDHJP3msVEdIIdc7HfOvFsjhUL+5hR9bif0xN5+lH7p7TAQoZZCLe5xfp+i6RmnUn+aTygRzgmBMBBFwG44khMBlRxQjU+dF3hb64HSq79Yg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:55 GMT; Max-Age=31536000; Secure
bm_sz=97BBA06301BCE5104762027CC96F7607~YAAQhAplX3bAuoKEAQAAQzga+RJ+YH4QnCYzBMt11AXptIM0hQV6DU9AGUVTAPFfyBO04/INrjgCjAkAksbTQij46QhNKDIHqUjYVJ9fUHs9uL0mxDSqUzDmjk/dCvsHijxkAPdM/wjgW4KjXHEjuB80MGW409LR5fPhtp44KQzLIiHTQWTleORkIkJO3ttrKQTlzAsoubAsofppseAbTX+Kl0vB9SSVQg3TM9xCp/noUDbmHxoas6S7SN7aixyyLdXDXwWRnth7tyVSzhXdBFShZnJCgkxQM83FfMWSw72Lv5yHLRRY~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.584974079897582
95.101.10.136200 OK 56 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.584974079897582
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8b6c5d4c73a5c40ba6043d83451295c7
ff7627bc88d7d28c4055eb87989adcb05738504b
c094e8421c6f2f53aef523c18084a67c6d866a8e3ba1aea9f19aaea8b2b17d22
GET /AIDO/mint.js?dt=login&r=0.584974079897582 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55573
X-Cnection: close
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 22:55:55 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=MiWgr0IHf7+VWJq6Kdb3ixqefBY787cpkMJTHKibjCiRKiNqjo+LSoxDczMtsLQR; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.302572123598544
95.101.10.136200 OK 42 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.302572123598544
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash e8e2a7f890a43309a78e54628ba3ff49
0b8afaf42e50423f7d21ad8674191c070df0f699
79812c72b8e6c65d2bbfbfc79f8587bfe9017504077317a44162307be41308a0
GET /PIDO/pic.js?r=0.302572123598544 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 42461
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=NgKJM8ceG9b0xUNAj11aQr7kN72+yosKfOcIu+4Rkms%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZjb25uZWN0LnNlY3VyZS53ZWxsc2ZhcmdvLmNvbSUyRmF1dGglMkZsb2dpbiUyRnByZXNlbnQlM0ZvcmlnaW4lM0Rjb2IlMjYlM0R5ZXMlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBODA1NDUzOTAyJTJDJTIyZmMlMjIlM0EwJTJDJTIyY251bSUyMiUzQTMlMkMlMjJ0cyUyMiUzQTE2MjIzNjc2OTAlMkMlMjJ0JTIyJTNBJTdCJTIydCUyMiUzQSUyMmxvZ2luJTIyJTdEJTJDJTIycmFuZCUyMiUzQTE5MjY3MSU3RCU3RCU1RA%3D%3D&cid=8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=isiwpbzcophvdxin&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
95.101.10.136200 OK 131 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZjb25uZWN0LnNlY3VyZS53ZWxsc2ZhcmdvLmNvbSUyRmF1dGglMkZsb2dpbiUyRnByZXNlbnQlM0ZvcmlnaW4lM0Rjb2IlMjYlM0R5ZXMlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBODA1NDUzOTAyJTJDJTIyZmMlMjIlM0EwJTJDJTIyY251bSUyMiUzQTMlMkMlMjJ0cyUyMiUzQTE2MjIzNjc2OTAlMkMlMjJ0JTIyJTNBJTdCJTIydCUyMiUzQSUyMmxvZ2luJTIyJTdEJTJDJTIycmFuZCUyMiUzQTE5MjY3MSU3RCU3RCU1RA%3D%3D&cid=8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=isiwpbzcophvdxin&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash b2aa02444d491833cbc4f9e38c2816d8
e0544a75d8fbd979ff84ed4dd50565ff4ca47eb7
6a5ca3198641997f0c6a409bf02257c2c2ccd272fd2b181b5b21e756137375d4
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZjb25uZWN0LnNlY3VyZS53ZWxsc2ZhcmdvLmNvbSUyRmF1dGglMkZsb2dpbiUyRnByZXNlbnQlM0ZvcmlnaW4lM0Rjb2IlMjYlM0R5ZXMlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBODA1NDUzOTAyJTJDJTIyZmMlMjIlM0EwJTJDJTIyY251bSUyMiUzQTMlMkMlMjJ0cyUyMiUzQTE2MjIzNjc2OTAlMkMlMjJ0JTIyJTNBJTdCJTIydCUyMiUzQSUyMmxvZ2luJTIyJTdEJTJDJTIycmFuZCUyMiUzQTE5MjY3MSU3RCU3RCU1RA%3D%3D&cid=8&si=4&e=https%3A%2F%2Fconnect.secure.wellsfargo.com&t=jsonp&__tp=login&c=isiwpbzcophvdxin&eu=https%3A%2F%2Fconnect.secure.wellsfargo.com%2Fauth%2Flogin%2Fpresent%3Forigin%3Dcob%26%3Dyes HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 131
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=UkP%2f%2fXDmLcQqhxHPXP8o6t6CgzilSabYO2GNWnl3dI%2fQev8s3ThgJbMQJ1DqvwDX; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
_abck=A9C90DC3804B11C6E38446F34D894C16~-1~YAAQhAplX3fAuoKEAQAA1zga+QnE5ycVFIsMWIPq3klxWx8O8ZUN7Tzb12S9JVHfTd2EyGW/huRfGXw157bMjpUZvFv3eQ1Jxj7hEN9klHSb2qq+8mo+6kzc1xXIQ47dd20Oc0bXtZtIlyBuD5dvgufX5aiQm/iICb4DcfgNcYYIculWxO6YJ+ixIy5CCig1SjF5zfe4O9/KXmJUFDRqI4BvS3lgheSSZxdH0itbxiNzwAmsQzX4iraTPYzpAr2NSsrJEpqwM1W8SAn11nZnyZeFW7f/ixO+DHLfSeOgJDPW781/KPpkFyAeblWmOvnpUbZ5lVtOAfsPInxqQ1wxQJ6eiUX/o3Z8Ax60sJlN5Dzs8V92OxOAdCo7/bn568HX2Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:56 GMT; Max-Age=31536000; Secure
bm_sz=2AE6C6DF3352CF83B3A7590E79FE3674~YAAQhAplX3jAuoKEAQAA1zga+RIeJ/9j6xU9aWAJQ4IvNYYDLaAcwfI1OOuqS0bq6dbexv3yIR2OBtvrDwhgCBGmpqMDzowVTL8xvIaOGFmSjRM6vQ+4LQk8VBMr3wK/NIu5CI8t6opGe6/eAkAy3rfn2HYDUUR7KHL/JiTWGGdgB7HEAJ4FWMsjuLTGMzWlxkQDjIeUO1V2AL2RC3LGj7CTEplFJNZWZAM4TZDmEWOisOA4jXIgLLVLTHgb4Jy4ti58fL+Xn43cgzCo7arNdGbb/qRgEdldMuofmtU6IZGPEoBINa2m~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjglMjIlMkMlMjJkYXRhJTIyJTNBJTdCJTIyY2lkJTIyJTNBJTIyOCUyMiUyQyUyMnUlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBNDA1MDY1NzElMkMlMjJmYyUyMiUzQTElMkMlMjJjbnVtJTIyJTNBMSUyQyUyMnRzJTIyJTNBMTYzNTQyMDIxNzk2MiUyQyUyMnJhbmQlMjIlM0E3MTI0MDYlN0QlN0QlNUQ%3D&cid=15%2C8&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=lvkandqf_rybgn_w&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
95.101.10.136200 OK 89 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjglMjIlMkMlMjJkYXRhJTIyJTNBJTdCJTIyY2lkJTIyJTNBJTIyOCUyMiUyQyUyMnUlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBNDA1MDY1NzElMkMlMjJmYyUyMiUzQTElMkMlMjJjbnVtJTIyJTNBMSUyQyUyMnRzJTIyJTNBMTYzNTQyMDIxNzk2MiUyQyUyMnJhbmQlMjIlM0E3MTI0MDYlN0QlN0QlNUQ%3D&cid=15%2C8&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=lvkandqf_rybgn_w&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 730f77f050204ecf58f930a84221df25
18a7d47621382f421a3eae4bb3f5965ecb27896f
70e48b653f8f6d8e0d7d043c6b1a308a23671acbfd4fc7c4547ccd70a3ab0c30
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjglMjIlMkMlMjJkYXRhJTIyJTNBJTdCJTIyY2lkJTIyJTNBJTIyOCUyMiUyQyUyMnUlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIycGlkJTIyJTNBNDA1MDY1NzElMkMlMjJmYyUyMiUzQTElMkMlMjJjbnVtJTIyJTNBMSUyQyUyMnRzJTIyJTNBMTYzNTQyMDIxNzk2MiUyQyUyMnJhbmQlMjIlM0E3MTI0MDYlN0QlN0QlNUQ%3D&cid=15%2C8&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=lvkandqf_rybgn_w&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 89
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=1bIW9dXceZx1CxmHRvbYU4X0WoMT9MFGOtLC2h%2fMPXVa5qN27ilfBoYT3MDNMwC4; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
_abck=F1A337F566A163EB5955CDA3E0960B27~-1~YAAQhAplX3zAuoKEAQAAODka+Qmylb7h4c2oRPbLQ7Q3fOgb0swRjqvL/mYT+wmQibs9NyAUNFdHlMYWBOQfzgm0rC7yxqZ1nFNDFszJ4DyJY3TDCZiWV2jdnrBpT4JV8T7SO02v8NJwj/i5S0OoxwbybmWJXCz5UYE3YWetPygyQgQeZZ7C/e86XAmW5LNpwS3RlVp1D4fcsPtVwGNJ8izUiBJ06pJBm+OjrF65J062BfW+rJBxfOJOtjoyVxKWcZNsXNo8uT1vNQSlEHsjL5Qz4oUIxBDmx15+DlKbE2yAONlmUs4dEUh7M7619VMLKl7aO3+pKyCkVlmol/6KxI6cbrObF6n0mEH4kjDptt4PXp55FHo8kwaPFhaN0yFBMQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:56 GMT; Max-Age=31536000; Secure
bm_sz=5B4706F35CDDE4601904669DA18857AE~YAAQhAplX33AuoKEAQAAODka+RJyCnPqyTL03I6SLmMZS7TrJAIJjwi9QxYOfe+6tUgHauKuZrpjdiAyAdm2BUsWRDbEPmA5Ou6mBr2sXEWVOqAn1hVFr1HhNYRyBQLldmtzMCo6mccbNw8DijJz9U+aV5BaD2Az4puNMAeAUK/yvwgv3rQjRpmskrCMC41GEZ6/L3W1dUEvLw83zfPUy/ikEnWdkASkO+bmwNlRIZznU007kgqqFALdWe+Ehzg+N4a2msXVlxOJap9kyAnSB5M/6FzJmsOGi9+0UXaTb1ln6T7zWObG~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/ay6u?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjM0JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnJkJTIyJTNBJTdCJTIycHNkJTIyJTNBJTdCJTIyMzg5MDQ0NjcyOCUyMiUzQSU3QiUyMnAlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlMkMlMjJmayUyMiUzQSUyMnRyeS5qcyUyMiUyQyUyMnRhayUyMiUzQSUyMk4lMkZBJTIyJTJDJTIyYmNiJTIyJTNBJTVCJTIyNCUyMiU1RCUyQyUyMm1mJTIyJTNBJTVCJTVEJTJDJTIyZHMlMjIlM0ElNUIlNUQlMkMlMjJyZXAlMjIlM0ElN0IlMjJiY2IlMjIlM0ElNUIlNUQlMkMlMjJtZiUyMiUzQSU1QiU1RCUyQyUyMmRzJTIyJTNBJTVCJTVEJTdEJTdEJTdEJTdEJTdEJTdEJTVE&cid=15%2C34&si=3&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=zouevuafkwaaaykd&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
95.101.10.136200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/ay6u?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjM0JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnJkJTIyJTNBJTdCJTIycHNkJTIyJTNBJTdCJTIyMzg5MDQ0NjcyOCUyMiUzQSU3QiUyMnAlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlMkMlMjJmayUyMiUzQSUyMnRyeS5qcyUyMiUyQyUyMnRhayUyMiUzQSUyMk4lMkZBJTIyJTJDJTIyYmNiJTIyJTNBJTVCJTIyNCUyMiU1RCUyQyUyMm1mJTIyJTNBJTVCJTVEJTJDJTIyZHMlMjIlM0ElNUIlNUQlMkMlMjJyZXAlMjIlM0ElN0IlMjJiY2IlMjIlM0ElNUIlNUQlMkMlMjJtZiUyMiUzQSU1QiU1RCUyQyUyMmRzJTIyJTNBJTVCJTVEJTdEJTdEJTdEJTdEJTdEJTdEJTVE&cid=15%2C34&si=3&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=zouevuafkwaaaykd&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 7843a499e666a1b8567d82901791c312
974058d921e31aac449f8b89061e88a123d3ed74
b3e55c0f2bfb5b62aede5cf0f77d3670680607f7d9ca3f6016f61dc8ab480c72
GET /AIDO/ay6u?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjM0JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnJkJTIyJTNBJTdCJTIycHNkJTIyJTNBJTdCJTIyMzg5MDQ0NjcyOCUyMiUzQSU3QiUyMnAlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5pY3RleHBlcnQuY29tLm5nJTJGMDA3JTJGc1BjaGFzZXRvd2VsbHMlMkZsb2dpbiUzRmNoYXNlX2lkJTNEYjVhODc0MWEyZDllYzk0YjBjMmZhNzUwZCUyNmNvdW50cnklM0ROaWdlcmlhJTI2aXNvJTNETkclMjIlMkMlMjJmayUyMiUzQSUyMnRyeS5qcyUyMiUyQyUyMnRhayUyMiUzQSUyMk4lMkZBJTIyJTJDJTIyYmNiJTIyJTNBJTVCJTIyNCUyMiU1RCUyQyUyMm1mJTIyJTNBJTVCJTVEJTJDJTIyZHMlMjIlM0ElNUIlNUQlMkMlMjJyZXAlMjIlM0ElN0IlMjJiY2IlMjIlM0ElNUIlNUQlMkMlMjJtZiUyMiUzQSU1QiU1RCUyQyUyMmRzJTIyJTNBJTVCJTVEJTdEJTdEJTdEJTdEJTdEJTdEJTVE&cid=15%2C34&si=3&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=zouevuafkwaaaykd&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=pf256gSc0mVigxaHJxq+k8zWlDZol9aUDC3JwxHq35l6LMPfFMST56X0yJnKh3Ly; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:56 GMT;Httponly; Secure
_abck=8716F3F83814D31086569FD645263777~-1~YAAQhAplX37AuoKEAQAAbjka+QnbaShZjM7VXgZPbji6U+kbk6KxwZ4gBHrqc/3l36TkPMZdJzO5hS6Oqevhp8aWku+Mr8qNTsA+kXThERXj/KPBkd10UxZpoCn9kU3xjqNVFUyBsOGvjARiJjXH+DVswT81Kj58p3Md73mcWdXlRoS2EaZ/xvN57MWF8MEcVGcAI2GYJ582vMXEKux7AZhND00KBz77QnSYD9eelosOtRd+Wjvd0nkiG9z3/QVJFV1cW1jPDav5O3TBNZfuHaS4qOPI188Lwmo+S9V8Wz+Cj59Tik7/a0TpsX/2VWe8Unx6SXBhc8JdJGB9u1mW3I13SASmUFPtRPMWqezFAtqvXIKDn9jUteTf/SH9J6B1/Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:56 GMT; Max-Age=31536000; Secure
bm_sz=5C3D56DF4E9BE3583796696531E6ED96~YAAQhAplX3/AuoKEAQAAbjka+RJXxvZ8LWJwo7IQ4CSFow3i3/7cMPwmFpxIDG5fY8vQFIzlVAzpOZXWKDNRDYlcx6bOGBKv5H63buyKJEKO/2oDN+ajDgPZjPK8Rst4e8rqIVKTn+cleaGSdxS6dn2TPj49Ba/oCOCZ2liz4B6irXMRE8TCs7vtAvp/jKbMU1A1sAFJ8i8oI7CRRXedIB+RfcSxYVDqommJ7s4D+sdVMiUL/uKvKqUa3bgViiwMuFeLadGiyIuomN0rFb8/k698YOsaWLxzUB/4wanOnKSDvFrF6SyW~3619142~3619137; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:55 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjIwJTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmR0JTIyJTNBJTIyZ2RpZCUyMiUyQyUyMmclMjIlM0ElMjJrdmF1eWFvMWkwdGJrOWhqaWMlMjIlMkMlMjJjaWQlMjIlM0ElMjIyMCUyMiU3RCU3RCU1RA%3D%3D&cid=15%2C20&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=gvcpfcgggudid_vm&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
95.101.10.136200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjIwJTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmR0JTIyJTNBJTIyZ2RpZCUyMiUyQyUyMmclMjIlM0ElMjJrdmF1eWFvMWkwdGJrOWhqaWMlMjIlMkMlMjJjaWQlMjIlM0ElMjIyMCUyMiU3RCU3RCU1RA%3D%3D&cid=15%2C20&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=gvcpfcgggudid_vm&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash a63dc437c26af80670904aea028aba6c
31d026a98693a2a1a026419088050f590453c87d
acb70810bd7f26a2d1cb996e9a2a15e975318387be2b9ff222aee1b421d20d2d
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIxNSUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZWYlMjIlM0ElMjIlMjIlN0QlN0QlMkMlN0IlMjJpZCUyMiUzQSUyMjIwJTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmR0JTIyJTNBJTIyZ2RpZCUyMiUyQyUyMmclMjIlM0ElMjJrdmF1eWFvMWkwdGJrOWhqaWMlMjIlMkMlMjJjaWQlMjIlM0ElMjIyMCUyMiU3RCU3RCU1RA%3D%3D&cid=15%2C20&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=gvcpfcgggudid_vm&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=%2fDC7TiIxl1jEFWYnXyFMfOUqQt2n+nuWjLc003TWg48YvT92ajersrCr6jvPUI%2fy; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:56 GMT;Httponly; Secure
_abck=47A05FE8F6F7B31524B131310685692A~-1~YAAQhAplX4DAuoKEAQAAgTka+QnYeiW2z8vQG2onsimR6ZNjdL2a+W2vCHQqua6ZtsnIwJitUAqcM2SMk3x3Cry67Iv39JG7Bp5s63IADKAlLOMPbf0K83ChyquzI34GGzUwhvY7WXfhUiTa8sRL3PG9n2RyHQpUZX0C2GCYi6phWdcLdH6G3UvaGlrtfdcKWCj2PmtKWIJGKIjp2x+knz6yGE3PdERL8HMgiXreD6LcaxcnEqAwbht6jtA8/Ul9s5WZa8mtGA14ZY9IM/uURF1ZX5TvlObX4Y6EvusypzPxzChswxp/D9FLk0whFC0VpznqV+wTW3VInPkKuoklmL59v182xwxp8gztAmMidrqqfvDMHeOFYMRcEt1ELGQSrg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:56 GMT; Max-Age=31536000; Secure
bm_sz=4EF288B3C7F01931985077D23CFEC978~YAAQhAplX4HAuoKEAQAAgTka+RIaPij72DO+JSAomJdYrxgVg+JRSfphqdhGvw56sOyt/zZHRPTd4zRNbaQirCJcSWZN9LnaOStbQctaZbQeL+QzMxwjnNv254ei35csZJq1dGllt0ZvLdzUvVLZthAGS/RssIbJHxHLQiiczWXbEirilp8RQy/PYCBGPBJYSCHrz2/Ug87K8pspv+VS9VdVo69BHjcH0jr4popbVgusGTmYh2nVLkJRYerVaoPouh00LNtBFaVrN3Pq7Ii9Zj1c7ZUO7LgqNiRaFMTNH3nt2r9pmXHa~3748934~4273988; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:56 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ3d3cuaWN0ZXhwZXJ0LmNvbS5uZyUyRjAwNyUyRnNQY2hhc2V0b3dlbGxzJTJGbG9naW4lM0ZjaGFzZV9pZCUzRGI1YTg3NDFhMmQ5ZWM5NGIwYzJmYTc1MGQlMjZjb3VudHJ5JTNETmlnZXJpYSUyNmlzbyUzRE5HJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMnBpZCUyMiUzQTQwNTA2NTcxJTJDJTIyZmMlMjIlM0EwJTJDJTIyY251bSUyMiUzQTIlMkMlMjJ0cyUyMiUzQTE2MzU0MjAyMjg1ODUlMkMlMjJyYW5kJTIyJTNBNTk0OTE2JTdEJTdEJTVE&cid=8&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=othrgpyatoxgbzhv&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
95.101.10.136200 OK 79 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ3d3cuaWN0ZXhwZXJ0LmNvbS5uZyUyRjAwNyUyRnNQY2hhc2V0b3dlbGxzJTJGbG9naW4lM0ZjaGFzZV9pZCUzRGI1YTg3NDFhMmQ5ZWM5NGIwYzJmYTc1MGQlMjZjb3VudHJ5JTNETmlnZXJpYSUyNmlzbyUzRE5HJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMnBpZCUyMiUzQTQwNTA2NTcxJTJDJTIyZmMlMjIlM0EwJTJDJTIyY251bSUyMiUzQTIlMkMlMjJ0cyUyMiUzQTE2MzU0MjAyMjg1ODUlMkMlMjJyYW5kJTIyJTNBNTk0OTE2JTdEJTdEJTVE&cid=8&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=othrgpyatoxgbzhv&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 69430ab2de645f12ff46c72800eb697c
2685c52b6245ff0b4e9f13826c0506f12cccaf58
00f05292903a1f7af33f137e76b6666456cabbd0a697fdafba1a5a6d17e34d90
GET /AIDO/vyHb?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI4JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjglMjIlMkMlMjJ1JTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ3d3cuaWN0ZXhwZXJ0LmNvbS5uZyUyRjAwNyUyRnNQY2hhc2V0b3dlbGxzJTJGbG9naW4lM0ZjaGFzZV9pZCUzRGI1YTg3NDFhMmQ5ZWM5NGIwYzJmYTc1MGQlMjZjb3VudHJ5JTNETmlnZXJpYSUyNmlzbyUzRE5HJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMnBpZCUyMiUzQTQwNTA2NTcxJTJDJTIyZmMlMjIlM0EwJTJDJTIyY251bSUyMiUzQTIlMkMlMjJ0cyUyMiUzQTE2MzU0MjAyMjg1ODUlMkMlMjJyYW5kJTIyJTNBNTk0OTE2JTdEJTdEJTVE&cid=8&si=4&e=https%3A%2F%2Fwww.ictexpert.com.ng&t=jsonp&c=othrgpyatoxgbzhv&eu=https%3A%2F%2Fwww.ictexpert.com.ng%2F007%2FsPchasetowells%2Flogin%3Fchase_id%3Db5a8741a2d9ec94b0c2fa750d%26country%3DNigeria%26iso%3DNG HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 79
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=UHs8R+xNzynNcGMxajDv4OUQyQRDG%2f1tUycL9TLEhVo%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:56 GMT;Httponly; Secure
_abck=92D371F369259DD7E63E959038333CE2~-1~YAAQhAplX4LAuoKEAQAAozka+Qmccn5H+AfdMcjgOzu4XLop70A5uc5TtGE4IiSFkG0KxoGw4rnwNVHLCGa+LABfT57iW82QV/WwK8hed6Qt6ZIsrvObeYihTBsgucOhupTkZwFNf5eGq93DU4IPi+Hat0K8WiGBOGEkJ9JB5sM5drSwrLnii85WgURZzSE1o3l6R52E8cJRd2oNbV630C9uF0BJy+AcgQe13naweF6tg0Z1PeYaWHJyzt2LCKOmNg03ghz07SFlpW93YKEq1hmxgPCIBJ+rZbdAOAq0mKBoPf6jKqolCL22HOZvW8DhVYaErDPXdEZhQ9Bjw8FXnYjzNp4kXYzHm9/j/5cTeQ9FI4B4yCJhObj3M3RWvkKTHg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:56 GMT; Max-Age=31536000; Secure
bm_sz=B790870C623917A4F600DC0E7496A2D0~YAAQhAplX4PAuoKEAQAApDka+RLEsj9WWfFWw6uX1ty0Whxn0CWy0+dpIDoPxuBueSVPb+DQI8x3oJ6TyIdGHkJN0h142HLHe7dR1fQiepnUmN1t+aCkjyj9lbJPyzNQDglX7N5jco46zhyaHU5y1DAdXECa5uM+qiriCStEBEHWq1minHBY+1uXlw4LSeDioTwBCmirmTxmL0V+YbnpN/rOD1JWf8FN92AQw73Ks0tydyOrzPtueuUgYrSjP96jTRYj+xu+NOHoHcOuknE8wNKJBuEa4k3CXLluVMR9Izk5U3R5I8Jv~3748934~4273988; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:56 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/try.js
95.101.10.136200 OK 39 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/try.js
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 70e503d71fc005e1335ef2c644151dce
6c9d4fb5822f6d64dcc734f3b00f7bd198768d64
9c9da6671a7c0fbdb037540028e358d6bc38edfcd9712e43fa26efb51f5a55ce
GET /AIDO/try.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 39315
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=C2vfLAoN+B6nFbZODK1K8+ynCDeSciQ+MM+tlPBPuCZu+UIR2H2RqDbm35oRSOyA; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www.imexinter.com/auth/static/scripts/adrum-ext.b4436be974de477658d4a93afb752165.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/scripts/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/static/scripts/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:55:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
www.imexinter.com/auth/login/static/js/general_alt.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/login/static/js/general_alt.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/login/static/js/general_alt.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:55:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
www.imexinter.com/auth/static/scripts/adrum-ext.js?v=61D468EE47
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/scripts/adrum-ext.js?v=61D468EE47
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
GET /auth/static/scripts/adrum-ext.js?v=61D468EE47 HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:55:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
WPO-Cache-Status: not cached
WPO-Cache-Message: In the settings, caching is disabled for matches for one of the current request's GET parameters
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
104.17.25.14200 OK 6.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (20322)
Hash df9fe6d48e380554eb0ec9687bed3246
207263d754220200c1916edfbda262f62223ecf5
91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9
GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.imexinter.com
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 22:55:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 6458
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-500f"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 189869
expires: Wed, 29 Nov 2023 22:55:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RB1fAzenraibLF45A43veBbJO43TvYKPimUBU8TWFPLKhE%2FCQXvTGaDetmfz3e8jcb4S1TwKEgUQNCwajfb%2FaE6WtuNlr%2B0Tpdp3yC5u3%2B6KldCXBbfn1T5cBly8l2vNuqCS2ZZP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 777154cabd2bb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 25c1a71b438dd3628ebe491222f1b414
651ec6be6391f31b7ea8f89441ffc9f58d3572f2
a9671ecd9fe7a56f470b4c16799360e71c39b48ed82ae1f7c7ba92f680da3ed9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5855
Cache-Control: max-age=121396
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:56 GMT
Etag: "6392dd51-117"
Expires: Sun, 11 Dec 2022 08:39:12 GMT
Last-Modified: Fri, 09 Dec 2022 07:01:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
code.jquery.com/jquery-3.3.1.slim.min.js
69.16.175.10200 OK 24 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.slim.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (65247)
Hash 0f2e7d37e730fdbb1d8a1e8638529ecb
c21d16978a858baa75be15cb7e799ff000929429
cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0
GET /jquery-3.3.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.imexinter.com
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 22:55:56 GMT
content-encoding: gzip
content-length: 24038
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1111d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670626556.dop218.sk1.t,1670626556.cds259.sk1.hn,1670626556.cds230.sk1.c
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.2.1.min.js
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.2.1.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32058)
Hash 148f8d3ffd9cc02048c5f4d1cc83c407
9f2b89cfd151be6a29b4d43ad64d164fb8471046
4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 22:55:56 GMT
content-encoding: gzip
content-length: 30125
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670626556.dop022.sk1.t,1670626556.cds024.sk1.hn,1670626556.cds222.sk1.c
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
152.199.19.160200 OK 30 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (65451)
Hash a263be51483c81a54aa8c85104a93e55
555a54a73531c553bd2aede6abc25c128b63312e
b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66
GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 23628051
cache-control: public,max-age=31536000
content-type: application/javascript
date: Fri, 09 Dec 2022 22:55:56 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F7A8)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
104.17.25.14200 OK 4.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP 104.17.25.14:0
Hash e40e054c5726f042bad463e3774a2777
5c9413b72837a440b327444104830c35ae3b052c
fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8
GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 22:55:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4431671
expires: Wed, 29 Nov 2023 22:55:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BJU71GrNxxO%2FxRF8AuJp5A%2FnQ67XyIlXA40BzTZoItiDeyd8FoZe0RPGdHvm9GMEFgGbdiLJIJss4WBbe9mbEnhkCojfmNRLtCq8RhJvUGFm0xjXNenRGsX%2Brm6WinXXruSpNgc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 777154caec2eb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/reporting/ttms.gif?capability=LiveRamp&appId=loginapp&wfaCookie=45202105300238221576940177&error=timeout&pageId=LOGIN&pageType=BROWSER&deviceType=DESKTOP&c_t=
95.101.10.120200 OK 43 B URL HTTP/1.1 static.wellsfargo.com/tracking/reporting/ttms.gif?capability=LiveRamp&appId=loginapp&wfaCookie=45202105300238221576940177&error=timeout&pageId=LOGIN&pageType=BROWSER&deviceType=DESKTOP&c_t=
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /tracking/reporting/ttms.gif?capability=LiveRamp&appId=loginapp&wfaCookie=45202105300238221576940177&error=timeout&pageId=LOGIN&pageType=BROWSER&deviceType=DESKTOP&c_t= HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Last-Modified: Thu, 16 Jan 2020 21:55:22 GMT
ETag: "5e20dbca-2b"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
$host: wellsfargo.com
Cache-Control: max-age=3600
Accept-Ranges: bytes
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1ApTZlvCE6hineEdclQDhA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 25c1a71b438dd3628ebe491222f1b414
651ec6be6391f31b7ea8f89441ffc9f58d3572f2
a9671ecd9fe7a56f470b4c16799360e71c39b48ed82ae1f7c7ba92f680da3ed9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5855
Cache-Control: max-age=121396
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:56 GMT
Etag: "6392dd51-117"
Expires: Sun, 11 Dec 2022 08:39:12 GMT
Last-Modified: Fri, 09 Dec 2022 07:01:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
connect.secure.wellsfargo.com/auth/static/scripts/conutils-6.9.0.js
95.101.10.136200 OK 8.8 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/scripts/conutils-6.9.0.js
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (601)
Hash a71045f83e947726800148bc8e994d14
b81e27a50b39508a861a10b578b5195b4bb03fd9
48cfee6af8a269391b5767d2c6541d800cfcd99a51e62d18be73f49b5919b872
GET /auth/static/scripts/conutils-6.9.0.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 02:46:13 GMT
Vary: Accept-Encoding
ETag: W/"638eacf5-5bd1"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Cache-Control: max-age=10368000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 8774
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=3tFsVYA2PSpqMMxZrTsxHUTxGnBLF08gCVA8LQRQ+OlBhfxcxebFDHXZZmPtfXM6; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:56 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
95.101.10.136200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 02:46:13 GMT
Vary: Accept-Encoding
ETag: W/"638eacf5-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=qGOs2pk1kNpbUDbT9SCySPSAhYbAmhMXHTZCmeeztkpAQIhvG+d2wHtlVwteGWw2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:56 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/tracking/secure-auth/utag.js
95.101.10.120200 OK 10 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.js
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (6980)
Hash 53fecb94ca862573fe289d05a3ac54e2
e05a6a30c4b589bfbd38576e8f1ca90035b6594a
c43b372f7d5405f75776b9090318fffae8fa5f7a461065b90bc4ea86e0789e0e
GET /tracking/secure-auth/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:35 GMT
Vary: Accept-Encoding
ETag: W/"638fae63-8289"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 9979
Date: Fri, 09 Dec 2022 22:55:56 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sIex7vWA%2f0Fx711KrHrsxw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2
96.6.19.156200 OK 27 kB URL HTTP/2 www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2
IP 96.6.19.156:0
File type Web Open Font Format (Version 2), TrueType, length 26708, version 1.13107\012- data
Hash 885d42ab7ffcffc42ed29816c3ce9727
3d84cb41ddfb5bf8627e2b9dc867237bea47baad
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
GET /wfui/css/fonts/wellsfargoserif-rg.woff2 HTTP/1.1
Host: www15.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.imexinter.com
Connection: keep-alive
Referer: https://connect.secure.wellsfargo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: KONICHIWA/2.0
last-modified: Mon, 11 Mar 2019 20:52:01 GMT
etag: "6854-583d7be82be40"
accept-ranges: bytes
content-length: 26708
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
content-type: font/woff2
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 22:55:56 GMT
date: Fri, 09 Dec 2022 22:55:56 GMT
X-Firefox-Spdy: h2
www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
96.6.19.156200 OK 23 kB URL HTTP/2 www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
IP 96.6.19.156:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /wfui/css/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www15.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.imexinter.com
Connection: keep-alive
Referer: https://connect.secure.wellsfargo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: KONICHIWA/2.0
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5848-582d133e56280"
accept-ranges: bytes
content-length: 22600
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
content-type: font/woff2
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 22:55:56 GMT
date: Fri, 09 Dec 2022 22:55:56 GMT
X-Firefox-Spdy: h2
www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
96.6.19.156200 OK 22 kB URL HTTP/2 www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
IP 96.6.19.156:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /wfui/css/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www15.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.imexinter.com
Connection: keep-alive
Referer: https://connect.secure.wellsfargo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: KONICHIWA/2.0
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5798-582d133e56280"
accept-ranges: bytes
content-length: 22424
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
content-type: font/woff2
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 22:55:56 GMT
date: Fri, 09 Dec 2022 22:55:56 GMT
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2914bf9965fbb345af0460f8a6b15aeb
6a97030ab679647ca186abb22aae7a1eb0cd7f12
5ce7ced50656bd6419af356921f06dea4e7d0f6c4e7a9a7af6b4303849752735
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6558
Cache-Control: max-age=152289
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:55:57 GMT
Etag: "63935340-1d7"
Expires: Sun, 11 Dec 2022 17:14:06 GMT
Last-Modified: Fri, 09 Dec 2022 15:24:48 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/AIDO/gateway.html?sui=46f918ac5359ea506a8bcca006e3a3ad447252f7fb0bdbf4d7f19f7c23bf2e4d
95.101.10.136200 OK 11 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/gateway.html?sui=46f918ac5359ea506a8bcca006e3a3ad447252f7fb0bdbf4d7f19f7c23bf2e4d
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (22057), with no line terminators
Hash bef47073abd8f55fd22dfe5173afca46
b9c8bd6bbd0c549baacc85ffc90f88d735f0cbe4
5fcf1591c0bb2ecedca06b0f45ec6adb8df788e77ac65517f3ef7c1fdefaea4b
GET /AIDO/gateway.html?sui=46f918ac5359ea506a8bcca006e3a3ad447252f7fb0bdbf4d7f19f7c23bf2e4d HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 10805
max-age: 0
Expires: Fri, 09 Dec 2022 23:55:57 GMT
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 22:55:57 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=5codfwMFU9ucx4eC5uchmYrnFmFfViNzyzKr4Aws2xHEKBad35225OUgIDz83UXv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:57 GMT;Httponly; Secure
_abck=669313850A812C0DF6B4D7EBF36F0C3F~-1~YAAQhAplX4fAuoKEAQAAAj4a+QmAWUd6SDx5WrfGaVwkZf5innO43as8w/Z9T3n5c4YZCMWGQer5WWeMPBE1ua+MWZDxi6s7qGoTLaei3ce8fdknpNkcMHNEWYE0QhPymiWbq1YFd7B7RyC3USXbPhMTMCUVLPlMc4gRWrsv2Y72PfktYUGt0r9isVJNEuZ7Q3/MKHtFjPBNEyo6fgNog1p/xp1t2WIyZF/C2USNDRqNG2jDooA882wF9edU44/8SuPM5AsOYfZRKX8D/31MoaU59buvYF6nR5XDzYxHIbpxiXN3Vl5j7KFA+MzS8Iqw/Tp5C8rbtY2KycX02ikg1H0nqvQZhuR1gQMGqA//j4uAeLEr+kv2PJyojCxRSm9fyQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:57 GMT; Max-Age=31536000; Secure
bm_sz=760662B03BF59715B725C3FDB8836946~YAAQhAplX4jAuoKEAQAAAj4a+RIy9dLT/vmniObSe5Lx87QLccwUozBB9HDGSLXIbrR0byEiD/hUk6W4yW7n7rJkJO7yuhwU0WyFButpqYtYcNUQYgSFm2ZafGM9Fl3tZQ/BYUgIwqfYL0sL8Flj3Jy+kbl2fbSYeyLLvT3e+8aEU2WQ1Wl8BwXusvZI3l1N2SOyEQjOx0dLrSjLZlyiBgcQceghhzQ8Y4McwJWAZ+r52iiujBO2aexdK6lQPYdLct99xFEkNto5Wu9BFQ2UHSiAGVLBKadJXrPsK7q7V4RV6uPdi0u4~3555651~3556166; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:57 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
awusw-wfr.advanced-web-analytics.com/AIDO/mech.html?e=https%3A%2F%2Fwww.imexinter.com&es=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D&eu=https%3A%2F%2Fwww.imexinter.com%2Fwells%2FwellsfargoNew%2Fwellsfargo.com_iceNi%2524%2524a%2FW%2Findex.php&icid=167062655583085948
108.157.214.31200 OK 0 B URL HTTP/2 awusw-wfr.advanced-web-analytics.com/AIDO/mech.html?e=https%3A%2F%2Fwww.imexinter.com&es=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D&eu=https%3A%2F%2Fwww.imexinter.com%2Fwells%2FwellsfargoNew%2Fwellsfargo.com_iceNi%2524%2524a%2FW%2Findex.php&icid=167062655583085948
IP 108.157.214.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AIDO/mech.html?e=https%3A%2F%2Fwww.imexinter.com&es=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D&eu=https%3A%2F%2Fwww.imexinter.com%2Fwells%2FwellsfargoNew%2Fwellsfargo.com_iceNi%2524%2524a%2FW%2Findex.php&icid=167062655583085948 HTTP/1.1
Host: awusw-wfr.advanced-web-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 0
date: Fri, 09 Dec 2022 22:55:57 GMT
server: haile
expires: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cache: Miss from cloudfront
via: 1.1 47df1466fb55fd6ccae35d2a1425deaa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 9LqqaCN5H3bE3N1JEkWA2cAQv6RyhAPiSDEaOLlxE3Xy-kVWcCYkhA==
X-Firefox-Spdy: h2
www.imexinter.com/auth/static/ui/loginaltsignon/public/js/runtime.2321a8e33b12b5146e18.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/ui/loginaltsignon/public/js/runtime.2321a8e33b12b5146e18.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/static/ui/loginaltsignon/public/js/runtime.2321a8e33b12b5146e18.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:55:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/img/loading.gif
163.44.197.16200 OK 39 kB URL HTTP/1.1 www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/img/loading.gif
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type GIF image data, version 89a, 200 x 200\012- data
Hash d10ef01e81faa2c2d812bdf670b4e072
77d09a57b2091fd7665dff763a5eab23e0ff907e
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
GET /wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/img/loading.gif HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 22:55:56 GMT
Content-Type: image/gif
Content-Length: 38636
Last-Modified: Sat, 11 Aug 2018 06:03:52 GMT
Connection: keep-alive
ETag: "5b6e7c48-96ec"
X-Powered-By: PleskLin
Accept-Ranges: bytes
www.imexinter.com/auth/static/ui/loginaltsignon/public/js/wfui.5b2dbd8c6f5da16ba504.chunk.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/ui/loginaltsignon/public/js/wfui.5b2dbd8c6f5da16ba504.chunk.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/static/ui/loginaltsignon/public/js/wfui.5b2dbd8c6f5da16ba504.chunk.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:55:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
www.imexinter.com/auth/static/ui/loginaltsignon/public/js/vendor.2af3639bd560569d55e1.chunk.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/ui/loginaltsignon/public/js/vendor.2af3639bd560569d55e1.chunk.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/static/ui/loginaltsignon/public/js/vendor.2af3639bd560569d55e1.chunk.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:55:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEB2QXhFS0ZRNXNIRUk4cERndk9XMVFIMTdJbEZWWmQvV1V1azlpaWxuYzhoL1A3REl5MFZyZFlSL1pCWmUxNkVXUVRpZXZuNVFZR0JsVWdzQ3JIcCtzVjhCVXE0L0xWZXZoVzREOFNjWHQrWVN0ZE9BUTBkbC9IUDZWY1lldTR6NDJPM2dVVEJLUm83M084WHhqVHcwc2xiQ1l3eWxXdVUvc1dRN3gxSVB2R0g0SklYR0QrYk1MWGo0U2F1WHFJM05oZnpiLzV5LzU5SDJpOU80UVFZMC93Qm5hOTRjYVNWQ1QxdCtiOGlySHYrTXdUTlp6dFgxY1Z1a1llcnpKdk5TWk04RldpQUNJczBwV2hFPXwyYzBiMDhkNWM4MmZhZDUxOGNhYjllMTllYzQwY2U0OTkwMTYzZDY1YzNjMmU1OGViMzQ1NTNjOGVhNGIyYWRkMzg1MTdiMTg4OWY1N2M2YTc3YTY1MGY4MzI1MDdmMjFmMGNkZGZmZjYyMDZkYTY4NWE4NWE0NTI3ZGE2YWMwMGU1NzI3Njc3NjU2N2Y1NTM3NGI1YWVkNTU5MTY1YWQyZjQ3ZGQ0OTFiN2I4OTE5MTY3OTVhZTY3MDExMmVmMjY1MjU5OWY3N2RkYzk4MDQ4NGI3NjY2M2ZiNWY1YjBkMmYyYTQ0YzQxODlmZGNmNWMyMzYzNTEwM2I3YmJkM2RmYmQwNTZkYzFmZTI2ZTcxZGU5MDM1MWE0YWM1OGQ5M2JhZWM4OGQ2NzgwYmY2MmNhYzdjMDgzYjRkY2JiMzAxNGJmMmMxOTJlMDc4MWI3YjgxMWMwMzljMWNhZTFlY2Y0NmM0ZmVkNTU5OGZjZGIxYjNhZDQzOTQxMGRkNzdjNWUyODIzNmI3YzdhZjA3ZDk3NWEyMWQ5YTc2YTBhNzU0ZjExZmQ5MzgxOWY2NDZjMTg0M2MyMWExNWRkZTQzMmY1MGYwNDZhN2Y5OWRhOTU3NWE2YzQyMWFjNmQ1NzMwOWFhNTZmYTI0N2IxMTFhMzVkZGI5Yzg0OTM4ODJkM2NkZHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C20&si=4&e=https%3A%2F%2Fwww.imexinter.com&t=jsonp&c=hpmromxiischvrmx&eu=https%3A%2F%2Fwww.imexinter.com%2Fwells%2FwellsfargoNew%2Fwellsfargo.com_iceNi%2524%2524a%2FW%2Findex.php
95.101.10.136200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEB2QXhFS0ZRNXNIRUk4cERndk9XMVFIMTdJbEZWWmQvV1V1azlpaWxuYzhoL1A3REl5MFZyZFlSL1pCWmUxNkVXUVRpZXZuNVFZR0JsVWdzQ3JIcCtzVjhCVXE0L0xWZXZoVzREOFNjWHQrWVN0ZE9BUTBkbC9IUDZWY1lldTR6NDJPM2dVVEJLUm83M084WHhqVHcwc2xiQ1l3eWxXdVUvc1dRN3gxSVB2R0g0SklYR0QrYk1MWGo0U2F1WHFJM05oZnpiLzV5LzU5SDJpOU80UVFZMC93Qm5hOTRjYVNWQ1QxdCtiOGlySHYrTXdUTlp6dFgxY1Z1a1llcnpKdk5TWk04RldpQUNJczBwV2hFPXwyYzBiMDhkNWM4MmZhZDUxOGNhYjllMTllYzQwY2U0OTkwMTYzZDY1YzNjMmU1OGViMzQ1NTNjOGVhNGIyYWRkMzg1MTdiMTg4OWY1N2M2YTc3YTY1MGY4MzI1MDdmMjFmMGNkZGZmZjYyMDZkYTY4NWE4NWE0NTI3ZGE2YWMwMGU1NzI3Njc3NjU2N2Y1NTM3NGI1YWVkNTU5MTY1YWQyZjQ3ZGQ0OTFiN2I4OTE5MTY3OTVhZTY3MDExMmVmMjY1MjU5OWY3N2RkYzk4MDQ4NGI3NjY2M2ZiNWY1YjBkMmYyYTQ0YzQxODlmZGNmNWMyMzYzNTEwM2I3YmJkM2RmYmQwNTZkYzFmZTI2ZTcxZGU5MDM1MWE0YWM1OGQ5M2JhZWM4OGQ2NzgwYmY2MmNhYzdjMDgzYjRkY2JiMzAxNGJmMmMxOTJlMDc4MWI3YjgxMWMwMzljMWNhZTFlY2Y0NmM0ZmVkNTU5OGZjZGIxYjNhZDQzOTQxMGRkNzdjNWUyODIzNmI3YzdhZjA3ZDk3NWEyMWQ5YTc2YTBhNzU0ZjExZmQ5MzgxOWY2NDZjMTg0M2MyMWExNWRkZTQzMmY1MGYwNDZhN2Y5OWRhOTU3NWE2YzQyMWFjNmQ1NzMwOWFhNTZmYTI0N2IxMTFhMzVkZGI5Yzg0OTM4ODJkM2NkZHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C20&si=4&e=https%3A%2F%2Fwww.imexinter.com&t=jsonp&c=hpmromxiischvrmx&eu=https%3A%2F%2Fwww.imexinter.com%2Fwells%2FwellsfargoNew%2Fwellsfargo.com_iceNi%2524%2524a%2FW%2Findex.php
IP 95.101.10.136:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 16d834221ede37cd9a17f0c8281180c7
0063fcdab2b69c9152168010da5704b1e9adeb86
65eef2de0d5413d6c379bb764300c6701086259a811d1ca96d77b3d0b0220626
GET /AIDO/vyHb?d=ZW5jZEB2QXhFS0ZRNXNIRUk4cERndk9XMVFIMTdJbEZWWmQvV1V1azlpaWxuYzhoL1A3REl5MFZyZFlSL1pCWmUxNkVXUVRpZXZuNVFZR0JsVWdzQ3JIcCtzVjhCVXE0L0xWZXZoVzREOFNjWHQrWVN0ZE9BUTBkbC9IUDZWY1lldTR6NDJPM2dVVEJLUm83M084WHhqVHcwc2xiQ1l3eWxXdVUvc1dRN3gxSVB2R0g0SklYR0QrYk1MWGo0U2F1WHFJM05oZnpiLzV5LzU5SDJpOU80UVFZMC93Qm5hOTRjYVNWQ1QxdCtiOGlySHYrTXdUTlp6dFgxY1Z1a1llcnpKdk5TWk04RldpQUNJczBwV2hFPXwyYzBiMDhkNWM4MmZhZDUxOGNhYjllMTllYzQwY2U0OTkwMTYzZDY1YzNjMmU1OGViMzQ1NTNjOGVhNGIyYWRkMzg1MTdiMTg4OWY1N2M2YTc3YTY1MGY4MzI1MDdmMjFmMGNkZGZmZjYyMDZkYTY4NWE4NWE0NTI3ZGE2YWMwMGU1NzI3Njc3NjU2N2Y1NTM3NGI1YWVkNTU5MTY1YWQyZjQ3ZGQ0OTFiN2I4OTE5MTY3OTVhZTY3MDExMmVmMjY1MjU5OWY3N2RkYzk4MDQ4NGI3NjY2M2ZiNWY1YjBkMmYyYTQ0YzQxODlmZGNmNWMyMzYzNTEwM2I3YmJkM2RmYmQwNTZkYzFmZTI2ZTcxZGU5MDM1MWE0YWM1OGQ5M2JhZWM4OGQ2NzgwYmY2MmNhYzdjMDgzYjRkY2JiMzAxNGJmMmMxOTJlMDc4MWI3YjgxMWMwMzljMWNhZTFlY2Y0NmM0ZmVkNTU5OGZjZGIxYjNhZDQzOTQxMGRkNzdjNWUyODIzNmI3YzdhZjA3ZDk3NWEyMWQ5YTc2YTBhNzU0ZjExZmQ5MzgxOWY2NDZjMTg0M2MyMWExNWRkZTQzMmY1MGYwNDZhN2Y5OWRhOTU3NWE2YzQyMWFjNmQ1NzMwOWFhNTZmYTI0N2IxMTFhMzVkZGI5Yzg0OTM4ODJkM2NkZHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C20&si=4&e=https%3A%2F%2Fwww.imexinter.com&t=jsonp&c=hpmromxiischvrmx&eu=https%3A%2F%2Fwww.imexinter.com%2Fwells%2FwellsfargoNew%2Fwellsfargo.com_iceNi%2524%2524a%2FW%2Findex.php HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 22:55:59 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=htKY0VsPAbNyBKrRz2pibFNKMf+beL00jBmFOkcedQVWuobKkrZQ1+p58lcs2omm; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 09 Dec 2022 23:10:59 GMT;Httponly; Secure
_abck=C85DA67CB9A4AD550E4290214F0B65EE~-1~YAAQhAplX4zAuoKEAQAAkEUa+Qm+fPMi+7FwX/RiDFODT3Ofw1jWZ/CDl1cwtaZY0UIqQb6NYPswbWIFPkDhfw2Kg/kHzs+iFszz6HEhMFG+objBkOnbYePVa2sBkOwbIyNzqdW5QpiT2UnYpjyiY+7uA0bszDgnlCAd5HkzRdXu8kXac9Y5j0lNUXMO1nsMOy50YwKJnXTb5Dkor+4MihhCJm/4UMfIlbRTQAKgjI9prZqD76ertVeLW/CHQq7j9kfMM0jOeZVLD9ZT/PE3PZ6JeLHmlPurii8WlpAJlrdivJ/J1Ovj3IIPN5PTA3Zki13CH81x1iijNdtlAIsMqvBsrlW+vAEG5rBZe2chg6V/zk8vsr3GPl7cIdBr0THE7Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 09 Dec 2023 22:55:59 GMT; Max-Age=31536000; Secure
bm_sz=F989CDB0FCD43F5F95952E3952B1345B~YAAQhAplX43AuoKEAQAAkEUa+RJjJIcDEcnGChO0kaWtG33cNiy34wh7mZoUJynKxBLU0WvyKazq+ab06ikPMxKm4qr56aemj4EOOzY1SUrCeCvt2LToaQ5exkhulebkqOwGHrfphynPjf5VZn7A7pD75Nvd8igXxKCsz3x/BuqKX5lR7pdhMWUKdrUKZPl/5Y96AuVESk0SUmB95Kj0pq7uy9JhIpCX1slAlUSWf8qfJZnxVZCf8EeMn5WF38LVEd5uL7G5//dCLjSslvcfUskZ7ZNzs0I8d8gVs/7eenfw4FiYBm8T~3617841~3683393; Domain=.wellsfargo.com; Path=/; Expires=Sat, 10 Dec 2022 02:55:58 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/img/favicon.png
163.44.197.16200 OK 3.3 kB URL HTTP/1.1 www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/img/favicon.png
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash c883164cc2810c647ef47f309de13827
253ba40bd1e69ea9bb1bd3e861bbc3809e095497
2ef5d9374d972b966104f245e01a0939d10a49628a74b6ffb7673ea6cbec291e
GET /wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/img/favicon.png HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D; __gdic=lbh3x0hfehja186vnh4; ___r124934=0.5585069514251
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 22:56:00 GMT
Content-Type: image/png
Content-Length: 3289
Last-Modified: Thu, 28 Oct 2021 00:21:52 GMT
Connection: keep-alive
ETag: "6179ed20-cd9"
X-Powered-By: PleskLin
Accept-Ranges: bytes
www.imexinter.com/auth/static/ui/loginaltsignon/public/js/main.ac4d32899929fd052d6d.chunk.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/ui/loginaltsignon/public/js/main.ac4d32899929fd052d6d.chunk.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/static/ui/loginaltsignon/public/js/main.ac4d32899929fd052d6d.chunk.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:56:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
www.imexinter.com/auth/static/prefs/login-userprefs.min.js
163.44.197.16404 Not Found 29 kB URL HTTP/1.1 www.imexinter.com/auth/static/prefs/login-userprefs.min.js
IP 163.44.197.16:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (20486)
Hash e273faad1d5794732b8c5fbfc413a18a
e8fd0e4a59bdd5ea14d76ac95a6c3b33e46cef82
9f16a8d768afe1edcdcf9771cc938961c5f9677337ed7586c80f8d0ba858aee5
Analyzer Verdict Alert fortinet Phishing
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: www.imexinter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/wells/wellsfargoNew/wellsfargo.com_iceNi%24%24a/W/index.php
Cookie: PHPSESSID=ng4kgqf3mji65ts36mhegtemad; _cls_v=b8a6cd75-027b-4f54-9adb-839bdf03fdde; _cls_s=7de54dae-2121-459d-951a-5a839f611187:0; LSESSIONID=eyJpIjoiY3NaZ3hGcXlIWVU4a1l4cThcL01vXC93PT0iLCJlIjoiWWVGK1ZUZDhjbXNYRGx2RXlIaVFNOVJVM1Q0ZlVwYTJzaE0zbitiOVhXV3dKbU5KRG05MitVTEN0ZFZBaXRSWngycG9RTzcraDNDTFpGV0d2bXB3RnRGZ1JUb1VsT2ptbFhYRzBySjl6MG53WHpHcXdKTGlkcTVCNXdyckhVWjJmaUZDSjkxYVJyNm1WckxQR0FpXC9iUT09In0%3D.32fdfc003587dc28.ZDQ1NmNkNjFlZjAwYTZlNWYxNWQzMmYxNjM1ZmRkMmRmNjI5MGE3MWYyNjZiZTcwNjgxNGNmN2NlMzQwZTZiOA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 22:56:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.imexinter.com/wp-json/>; rel="https://api.w.org/"
MS-Author-Via: DAV
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a7fcce3dc63f88fb3bb42fe1a285c7b9
867cf7966a5efc48c619653649f82d091b1bd8e0
94153fe13e128934e8bbb652b69720e96ffe8bc7d922c9ef75474149cdeb74f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:56:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=45202105300238221576940177;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u23=DESKTOP;ord=6331431138416.5205?
142.250.74.166302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=45202105300238221576940177;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u23=DESKTOP;ord=6331431138416.5205?
IP 142.250.74.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=45202105300238221576940177;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u23=DESKTOP;ord=6331431138416.5205? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 22:56:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=2549153;type=allv40;cat=all_a012;u1=45202105300238221576940177;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u23=DESKTOP;ord=6331431138416.5205;~oref=https://www.imexinter.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 23:11:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.48.202210132016
95.101.10.120200 OK 1.8 kB URL HTTP/1.1 static.wellsfargo.com/tracking/secure-auth/utag.21.js?utv=ut4.48.202210132016
IP 95.101.10.120:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1090)
Hash 79d4c5b9ced319f1894c68d097b54f9c
75ad64d30369f91d7e2831b5b024364839e74d2d
aece2b5528a0cce3613b0ee26cc3455e0fae06eb730d8932d3baf5122766a5ff
GET /tracking/secure-auth/utag.21.js?utv=ut4.48.202210132016 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 07 Nov 2022 21:02:08 GMT
Vary: Accept-Encoding
ETag: W/"63697250-1123"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1841
Date: Fri, 09 Dec 2022 22:56:01 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=fYPP5p+6r8NW4fyhzNOJqQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 6fdb9b8e1963d5f13d91db22e9294f97
f808d36103005c224eb6f7e4543d30271d2957b0
7ca8f99e7a6c7664a782af94d7b833d3a6374601a8a3a5cd382726d5d7fa3030
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 22:56:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:42:55 GMT
Expires: Wed, 14 Dec 2022 13:42:54 GMT
Etag: "f808d36103005c224eb6f7e4543d30271d2957b0"
Cache-Control: max-age=398212,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 777154ec1c1cb4fd-OSL
www10.wellsfargomedia.com/auth/static/images/COB-BOB-IRT-enroll_balloons.jpg
104.110.9.46200 OK 4.8 kB URL HTTP/2 www10.wellsfargomedia.com/auth/static/images/COB-BOB-IRT-enroll_balloons.jpg
IP 104.110.9.46:0
File type gzip compressed data, max compression, from Unix\012- data
Hash 44b18b945ae149833c91c9f1ea72860b
2284b22ea4e096bafb50249938b0f7ec9ab0683d
61f7b07a6842c4d8e79aa30b2ef2dc46dd0dfb8bfd4f8c9aaadae380c0605e12
GET /auth/static/images/COB-BOB-IRT-enroll_balloons.jpg HTTP/1.1
Host: www10.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 625433
last-modified: Wed, 03 Aug 2022 01:44:33 GMT
etag: "62e9d301-98b19"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
content-security-policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
access-control-allow-methods: POST
allow: GET, POST, OPTIONS
accept-ranges: bytes
cache-control: max-age=10368000
expires: Sat, 08 Apr 2023 22:55:56 GMT
date: Fri, 09 Dec 2022 22:55:56 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a7fcce3dc63f88fb3bb42fe1a285c7b9
867cf7966a5efc48c619653649f82d091b1bd8e0
94153fe13e128934e8bbb652b69720e96ffe8bc7d922c9ef75474149cdeb74f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 22:56:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.imexinter.com
Connection: keep-alive
Referer: https://www.imexinter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 22:55:56 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ce6e785579ae4cb555c9de311d1b9271"
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-cachedat: 11/15/2022 10:39:35
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1054
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 94e610235c795195ba4d6cbcb1cbff81
cdn-cache: HIT
cf-cache-status: HIT
age: 72031
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 777154cafe51b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2