r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ae86164fd9297dfdc05d67d69284d70e
5e5f27e3fd492f715baa6820f05c0fafde4040b3
be20f6ae6a51d20611cb4d350b52a5d0a339af6722fe9b2482ef58826c1e9de0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE20F6AE6A51D20611CB4D350B52A5D0A339AF6722FE9B2482EF58826C1E9DE0"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3030
Expires: Sun, 18 Dec 2022 01:48:24 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9f3cf7e36f17a535e53e5213c02cf2b4
e65acbc03135ce135b9e91b4f74b3e1439faa6f6
a2317476862acd0a92fe523454c3991752b07ba14e7667f421dd9624e0233758
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2317476862ACD0A92FE523454C3991752B07BA14E7667F421DD9624E0233758"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18596
Expires: Sun, 18 Dec 2022 06:07:50 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 18 Dec 2022 00:34:16 GMT
content-type: application/json
age: 1418
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b38399fcc8246505e5e6b0f62803a5a
bb374f8d97b2bd798873d74c6bbab20ad6843e96
406ab3af8adf2b151c052a06c0379fd8d83d3362e90c17ac2e5481b6b9a7441f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406AB3AF8ADF2B151C052A06C0379FD8D83D3362E90C17AC2E5481B6B9A7441F"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2906
Expires: Sun, 18 Dec 2022 01:46:20 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HWvBlQsGMlSquZ464TvgB6DrmvLAXwGJSit8IaIAqSxs8OaEgxaIKIl96gAvZNqRKzwm+1vQXwY=
x-amz-request-id: 47S72ATMD58TCY5P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 18 Dec 2022 00:52:00 GMT
age: 354
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a4c3652506a23a8f32ecf163ca42f373
0d89faa8a2f393da242b22a678aea5e161a47566
3ab1be66f38a53730ae8a5c38db4bc1c50b67698c83eb10dd94de22302450d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3AB1BE66F38A53730AE8A5C38DB4BC1C50B67698C83EB10DD94DE22302450D21"
Last-Modified: Sun, 18 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21589
Expires: Sun, 18 Dec 2022 06:57:43 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:54 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
104.17.25.14200 OK 8.2 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (29177)
Hash 3fdff2e939c645b7a6240f3f5c531494
4cbd07003e2b5079c61fa2ee1bbf936ee752ab6d
39974b1df4f4189f8bf39197b11a81928be2ea6c920fa8939557e6b517148322
GET /ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 00:57:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 8247
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-72c7"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 22224411
expires: Fri, 08 Dec 2023 00:57:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNn8Iv98IR4MMhhHnSspkKFSrWfo1ywx6iCFGdoUTM19a54R1ctSR2BeMXuzZxPnqGkfTJ9s8dPQIV6c4IJR3yivTPXBTxefqNkYPxBKNifC01%2B6dvK%2F66HHHpdg%2FOkiucE9D%2Bxy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77b3f2750fbbb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b09c5fd392d9d40a99ab4c70e59fd24e
40e39676ca8052fd8b9eab501750f0011737f507
8c2b60b0ec0a8121d5c5a8dda2ec1a57b923efe10246386262f359f6a458cdcd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 18 Dec 2022 00:08:00 GMT
age: 2994
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
142.250.74.74200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Dec 2022 11:09:21 GMT
expires: Wed, 13 Dec 2023 11:09:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 395313
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b09c5fd392d9d40a99ab4c70e59fd24e
40e39676ca8052fd8b9eab501750f0011737f507
8c2b60b0ec0a8121d5c5a8dda2ec1a57b923efe10246386262f359f6a458cdcd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2d1752cd6eb7f48e7494373911a5b996
43d9c23c4d03cccce0fc478f0e12c0874dc762fd
aded7fd1d638c001b0b462fdfeee0549d2ed61b51ced88eb83690e2e20ed36d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5110
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:54 GMT
Last-Modified: Sat, 17 Dec 2022 23:32:45 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.156.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.156.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0cHTylue7CDi2Y3tasEHhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8k/JUFwIWmq/fpO2hVZvb0gMNSU=
www.wls-fargo-account.com/Spox/Files/img/alert_login.png
89.23.103.7200 OK 330 B URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/alert_login.png
IP 89.23.103.7:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 639ff02b8971b8776608ae20590dbf98
8de900ccd92e9056c5cd97cd9f1d2a957ab34d67
51adbf5bc6f1f859b465cdba71920ad306f53c1898dcf4a5c53e174942cac4c0
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/img/alert_login.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 330
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 02:02:02 GMT
etag: "14a-591601febfa80"
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/down.png
89.23.103.7200 OK 467 B URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/down.png
IP 89.23.103.7:0
File type PNG image data, 30 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash b191a6331fd274d8707e81d2fd623313
dbe24fd92ca34cae65a9eee8176d7671e2499f41
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/img/down.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 467
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 01:15:08 GMT
etag: "1d3-5915f7831bf00"
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/go.png
89.23.103.7200 OK 1.0 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/go.png
IP 89.23.103.7:0
File type PNG image data, 8 x 7, 8-bit/color RGBA, non-interlaced\012- data
Hash be505af34d87e1972b34b80aa1514877
a3ddb49f2bb237cdbdb0aa99811bc74029b1ad29
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/img/go.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 1036
last-modified: Sat, 31 Aug 2019 01:17:04 GMT
etag: "5d69ca90-40c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/save.png
89.23.103.7200 OK 889 B URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/save.png
IP 89.23.103.7:0
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash f4128302ec1a418085f8ee6f11db2699
5f07195d458121558a6c2eb671a89924efcac423
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/img/save.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 889
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 01:09:58 GMT
etag: "379-5915f65b78580"
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/ba7t.svg
89.23.103.7200 OK 2.3 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/ba7t.svg
IP 89.23.103.7:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1204)
Hash 52cfbc505ce987a33cb0e9cf8a846c22
02a62bffda246cd13f08887c3d1a20b3517a770e
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /Spox/Files/img/ba7t.svg HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/svg+xml
content-length: 2345
last-modified: Sat, 31 Aug 2019 01:13:10 GMT
etag: "5d69c9a6-929"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/closex.png
89.23.103.7200 OK 1.7 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/closex.png
IP 89.23.103.7:0
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash c009521aaba8ddf151dbc15b2115739f
9068f6a75c6c33bb7cbc0377ffb6ea7fed9741d0
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/img/closex.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 1676
last-modified: Sat, 31 Aug 2019 01:15:36 GMT
etag: "5d69ca38-68c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/tccc.svg
89.23.103.7200 OK 6.2 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/tccc.svg
IP 89.23.103.7:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4992)
Hash 4f28eb5e8625fb02c537603a49677ecb
86e2e3565683359ece8baa2e663d00aee2bd61fa
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /Spox/Files/img/tccc.svg HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/svg+xml
content-length: 6173
last-modified: Sat, 31 Aug 2019 01:12:10 GMT
etag: "5d69c96a-181d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg
89.23.103.7200 OK 232 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg
IP 89.23.103.7:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64928)
Size 232 kB (231865 bytes)
Hash 52869c556c01e3f3e9e26217c50d7904
d001f35d89952d849b9ec4f4b67092b08d044046
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/svg+xml
content-length: 231865
last-modified: Sat, 31 Aug 2019 01:13:56 GMT
etag: "5d69c9d4-389b9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/css/enhanced-header.css
89.23.103.7200 OK 1.7 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/css/enhanced-header.css
IP 89.23.103.7:0
Hash 25773ce405eebc39b373b0354328eab7
6a7c6aad9ba020f9af4e4336cb440990a65fa2ca
a9fa1b65fac4801b1396833ddfe36208d7caacf37d05e326e0ec2f3f28375786
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/css/enhanced-header.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 22:15:26 GMT
etag: W/"5d6af17e-e6b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/css/wf.css
89.23.103.7200 OK 23 kB URL HTTP/2 www.wls-fargo-account.com/Spox/Files/css/wf.css
IP 89.23.103.7:0
Hash 83e4b5e2f882e9ae1c44af7295d3731e
892e69a881d9ef73f1524b1c3897d41d8bd2b417
d89a79be7ca4ab6cbed50cd2f92be7adadef607171faea14a85d43b5d0bbddd6
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/css/wf.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 01:34:38 GMT
etag: W/"c7-5915fbdee8780"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 655d864dacd0b058d62e14ca113e957e
dd977b3098ccd8d7a9b6cc8a817a5ae3b4680623
d01980fe1da310252c85b44f414558664520d554e5c2e56149bfdf998d3ba75e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4781
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:55 GMT
Last-Modified: Sat, 17 Dec 2022 23:38:14 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/favicon.ico
23.36.79.34200 OK 508 B URL HTTP/1.1 connect.secure.wellsfargo.com/favicon.ico
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 0ff9d0afb73b054116f382a98f37a437
ba616b727d91a584152ec72649bb889152077936
d2c81359c31499c0275e363e948f6bde6c51f9b49e349299c324c9b0e3fdab67
GET /favicon.ico HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Thu, 03 Nov 2022 01:27:15 GMT
ETag: "636318f3-47e"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
$host: wellsfargo.com
Cache-Control: max-age=3600
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 18 Dec 2022 00:57:56 GMT
Content-Length: 508
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4N53div8ISA5YPpQU%2fUzpg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada04738696f861648635c9ba98841e4
ce644cd4349d88aa7c24b2503b0b18b444061639
e5cee777efbf1d8a0f95f6cce71199e5f016a91f90cf0afe38bc86654b9d730d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8696
x-amzn-requestid: c897aeed-a082-46a1-965f-39e8c763cb05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10ZH3jIAMF0gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-548ac80840737a20743980f5;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JecluZu8ExMmP-UHM8QbK-bjm_yqULU1tl2QQDfKMea8NHM6y2JI7g==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:37:06 GMT
age: 12050
etag: "ce644cd4349d88aa7c24b2503b0b18b444061639"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff713a978-5d83-49aa-ba90-1412f38e5ac7.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff713a978-5d83-49aa-ba90-1412f38e5ac7.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d5f2b7168c67f3a6991208c4736b75c5
535c0c1841ab4a27ba69729403bcf5d56c99cb85
98a7be322eb5eb0a67e3672c03e0a4ed938d63b939ecbcedaf8a6e21cda6dcbd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff713a978-5d83-49aa-ba90-1412f38e5ac7.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10649
x-amzn-requestid: da30f426-ee8f-45c8-a652-61c813a03de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT3_dFe-IAMFySA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e39fc-6e187baf4d58c2434f156710;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:51:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QEMdhIVqMzYqJYNilQungzrCNrGTx_hnIRzaZ5dCwfkM6FK0K9mMHw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 22:19:50 GMT
age: 9486
etag: "535c0c1841ab4a27ba69729403bcf5d56c99cb85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 578392bee48563d778885698790a124b
597892da925c3a363878e81ff02032a316303512
d30fe2470e1f63c5249fd42d7cd804bbf326cf9a703c61e31b5322ebdb26fca6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9925
x-amzn-requestid: 15eb2112-b947-458a-8544-51bac721773d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2k9HNjIAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e37b9-7c5b94866d266af252f133b3;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:42:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vffD2KxBpOeR3uM-GHLzYmIlBCBR4K6R1ScupFeM7PQEsZSqHi_eZQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:54:10 GMT
age: 11026
etag: "597892da925c3a363878e81ff02032a316303512"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KyEMrUTeuVTPJ3EIkrH1DLYqa4bHK7fe6dApTAFP4XY0G4airnflGA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:37:06 GMT
age: 12050
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F784b33ef-7983-46bb-9758-beb8b0593d31.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F784b33ef-7983-46bb-9758-beb8b0593d31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3a2d422a57f1136e204524834143a2f
34c817327586272e8a6145d66ea94ff64a6516f6
fca96a776039d1849686e14b35ff9abd8df5840258d30a2cbb90abeccae6362d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F784b33ef-7983-46bb-9758-beb8b0593d31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13556
x-amzn-requestid: 71031d93-d8e8-4283-a6fc-b7d5cba06ee9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2tjFCkoAMF0tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e37f0-09aef00c4fdb703a282676a8;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:43:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jF5QEL373s6PG5rTKegMkKAJtgikeC4wECdL_zbJEbNii40vQ2wmQA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:54:10 GMT
etag: "34c817327586272e8a6145d66ea94ff64a6516f6"
content-type: image/jpeg
age: 11026
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bf1c00-912e-4885-8447-de9d4662e95c.png
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bf1c00-912e-4885-8447-de9d4662e95c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9f123305838f751806534e09e06c290c
11187fd75e00056a24d3291028b27fec48a2307c
fe2f370bc79c8941fbcd4a8f4cb2af9e72a70a2bf19c4073253fdf04b4280bc7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bf1c00-912e-4885-8447-de9d4662e95c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6671
x-amzn-requestid: c45adf76-3278-4dad-a60b-a9097d7d56e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGqxLEi_oAMFj3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398f1a0-5d517bcc7a40b06e46eb611d;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:41:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -sqiPFG1rz216LGT5GGMYg-i7k-zLKH6dZCV5WDO4LmVPA6ZxyYl-A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 13:27:04 GMT
age: 41452
etag: "11187fd75e00056a24d3291028b27fec48a2307c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
89.23.103.7200 OK 0 B URL HTTP/2 www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
IP 89.23.103.7:0
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso= HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4; path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PHP/8.0.26, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/css/global.css
89.23.103.7200 OK 0 B URL HTTP/2 www.wls-fargo-account.com/Spox/Files/css/global.css
IP 89.23.103.7:0
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/css/global.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 01:34:34 GMT
etag: W/"5d69ceaa-408a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/css/content.css
89.23.103.7200 OK 0 B URL HTTP/2 www.wls-fargo-account.com/Spox/Files/css/content.css
IP 89.23.103.7:0
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/css/content.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 01:28:06 GMT
etag: W/"5d69cd26-568"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.wls-fargo-account.com/Spox/Files/css/enhanced-footer.css
89.23.103.7200 OK 0 B URL HTTP/2 www.wls-fargo-account.com/Spox/Files/css/enhanced-footer.css
IP 89.23.103.7:0
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /Spox/Files/css/enhanced-footer.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 01:28:32 GMT
etag: W/"5d69cd40-b64"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2