Report - mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile

Report Overview

Submitted URL
mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile
IP
54.224.73.73
ASN
#14618 AMAZON-AES
Submitted
2022-10-06 10:32:39
Access
Website Title
Final URL
Tags
None
urlquery detections
DynDNS domain detected

Detections

urlquery
28
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.161.6.128
cdn.schemaapp.com	12078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	18 kB	54.230.111.100
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	3.7 kB	93.184.220.29
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	172.64.155.188
pdx-col.eum-appdynamics.com	4816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	494 B	937 B	34.211.16.148
mail.zitic.duckdns.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	19 kB	1.4 MB	54.224.73.73
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	54.230.111.7
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.9 kB	34.160.144.191
www01.wellsfargomedia.com	20259	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	448 B	2.5 kB	104.110.5.8
resources.digital-cloud-prem.medallia.com	21249	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	2.2 kB	151.101.85.230
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.2 kB	1.5 kB	35.241.45.82
edge.adobedc.net	8934	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	564 B	677 B	13.36.218.177
www04.wellsfargomedia.com	54757	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	443 B	1.2 kB	104.110.5.8
static.wellsfargo.com	12306	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.1 kB	404 kB	159.45.2.178
data.schemaapp.com	11806	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.3 kB	54.230.111.53
rubicon.wellsfargo.com	11786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	563 B	1.0 kB	23.36.79.9
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www17.wellsfargomedia.com	76964	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.9 kB	50 kB	104.110.27.78
api.rlcdn.com	791	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	403 B	192 B	34.120.133.55
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	57 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-10-05	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/shared/media-player-custom.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/jquery.min.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/jq/jquery-ui.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/slick01.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/video.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js	Phishing
2022-10-06	medium	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/global/global.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (42)

	URL	Size	First Seen	Last Seen
	static.wellsfargo.com/tracking/main/utag.129.js?utv=ut4.48.202207272202	15 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.129.js?utv=ut4.48.202207272202 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen85 Hash 479fee1497e8ed53fe632cd4110af660 42ff77f5fe23ac8aff0d4837f9e5cb0fb8a918c0 00153616bcd7e705949fa43e3573c41b7808dfe57255d1dcc42e24c4dad5efa8 Loading...

	static.wellsfargo.com/tracking/main/utag.505.js?utv=ut4.48.202209131956	6.5 kB	2023-03-07	2023-03-13
Pretty URL static.wellsfargo.com/tracking/main/utag.505.js?utv=ut4.48.202209131956 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:47:21 Last Seen2023-03-13 06:40:20 Times Seen1 Hash 735658e345bcccb2e9b4f8436a45bcd3 94969ac03a39f4e244376817f674405e38b4a054 01a8d4c81581707d3d7a663057b6635f1d6bc4fcc1c49ba0d21ae4f57146d81f Loading...

	static.wellsfargo.com/tracking/main/utag.471.js?utv=ut4.48.202209271731	6.7 kB	2023-03-08	2023-05-21
Pretty URL static.wellsfargo.com/tracking/main/utag.471.js?utv=ut4.48.202209271731 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:23 Last Seen2023-05-21 08:37:02 Times Seen76 Hash 36ebda59de9fa37cbea1f48593d20eb1 e175622005a38183dd0c33deb423a1fb02d2ba5e d257a14d93cafce44ecdb34393fadbe76117819c7de517aff08925cfee9bfbf4 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	152 B	2023-03-08	2024-04-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/ IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2024-04-08 03:26:08 Times Seen28 Hash afa56f934ec858025328b1699356dd02 d1f72151b21676534d5d063a45b6629aa105dfcb ebea6e5e1db6eb572f25ff1cda99007a155c362d69ac3f70da13086d96a1effe Loading...

	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/slick01.js	63 kB	2023-03-08	2024-04-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/slick01.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2024-04-08 03:26:08 Times Seen34 Hash 0c8184819332ec4f72f81aaf7e225ae2 4e0dc10b41812b30f74e2b183e19966a525de6a2 11dea6f8a3c56ae01aeff3bd061c0b746ddf9297258c2d18c86481b3a3c10b64 Loading...

	static.wellsfargo.com/tracking/main/utag.249.js?utv=ut4.48.202103111723	4.9 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.249.js?utv=ut4.48.202103111723 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen70 Hash 373195f42e45544150714cf15c2e1b6b 628200927b2b0f9125cf9e2f59e134ea0c00b55c a846aca7c9641d8d211b69b9f63c5c394eba8a53b27a75f5bdea3dc09a3284db Loading...

	static.wellsfargo.com/tracking/main/utag.js	326 kB	2023-03-08	2023-03-08
Pretty URL static.wellsfargo.com/tracking/main/utag.js IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:23 Last Seen2023-03-08 07:42:42 Times Seen1 Hash 7b4ba84ab0e2728a5ab460d07d2ac628 3067acb47d78a4630389f9017e467849de044461 b3f7e20d4377aaf99d7f96583d265be6a3ef34fefac4f7072e6bd0597649ff5c Loading...

	cdn.schemaapp.com/javascript/highlight.js	32 kB	2023-03-07	2023-03-10
Pretty URL cdn.schemaapp.com/javascript/highlight.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:47 Last Seen2023-03-10 11:24:14 Times Seen1 Hash a75cfd2d41ac714329a4fc6895bb082d fc0712f2a046bebe006eb92279383b4f659b6b64 6f7298ad8b3f1b09f9454047ef159a3c943b93adbf93dce07a76a1152b76f136 Loading...

	static.wellsfargo.com/tracking/main/utag.136.js?utv=ut4.48.202208102110	56 kB	2023-03-07	2023-04-20
Pretty URL static.wellsfargo.com/tracking/main/utag.136.js?utv=ut4.48.202208102110 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-04-20 19:47:50 Times Seen62 Hash 41191acbeb53131c44ad4b17b97622cf 051e9ef1d5f33662109b4d4cfc253edaebf9f3aa eaeccba3d96e1fe1f6a600ab5b9ebb2dc6bf06cac27ce733ce5b74bf3c85887f Loading...

	static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js	2.4 kB	2023-03-07	2023-03-17
Pretty URL static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-03-17 09:43:25 Times Seen1 Hash 3e75b97d91e2ac07972bd84b4b260fdc 003e8e223077086f1d634da73000252f1b724672 c6b012226d1f061a86a7a176fae93e55d7976d97afad14aa805aa3f5df2cb221 Loading...

	static.wellsfargo.com/tracking/main/utag.328.js?utv=ut4.48.202207272202	17 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.328.js?utv=ut4.48.202207272202 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen87 Hash f8ed7a36884e442c03847e482647b8e1 bae9cc143bf67dfeb1a99270b8f82666290b98c2 a69e6fb58df72540553b75552e4721c8e1d57086789f1d0a84c1bf49db0b1956 Loading...

	static.wellsfargo.com/tracking/main/utag.397.js?utv=ut4.48.202209192301	10 kB	2023-03-08	2023-03-08
Pretty URL static.wellsfargo.com/tracking/main/utag.397.js?utv=ut4.48.202209192301 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:23 Last Seen2023-03-08 07:42:42 Times Seen1 Hash 0e0ff10ca293ac96202da292e0f05087 d89bbbba6a1faef3d7cc06be60bcff48ec6ee9b3 52def0dd339c631d8a4fe5320c61e38ce6f8239d0d290725e7780aac112b3d46 Loading...

	static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1649789670809.js	359 kB	2023-03-07	2023-03-08
Pretty URL static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1649789670809.js IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-03-08 08:37:51 Times Seen1 Hash 715c89a07de4ffd82947e57d0809a2b4 ab6c19329d498be0888af0974e9b8b5df583a13a c73ee926afebcfb5d8f974cd1f3f595e18298a724b7ed41ebf564414fed6d6d7 Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/jq/jquery-ui.js	339 kB	2023-03-07	2023-05-21
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/jq/jquery-ui.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-05-21 08:37:02 Times Seen9 Hash 9726560d23e8100d33456702719491d1 1c64bfa8088fc04d7b6633a3479cb57ec9969d3a d65fdc6b62a5f7a8a9cbc7a756b75ed80b81cf828295d507aeec9878e908ad4d Loading...

	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	32 kB	2023-03-07	2023-11-04
Pretty URL mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-11-04 00:29:39 Times Seen29 Hash 162100f507af8b50f1406bf3fc405ce5 cf0a2bf9b914710962e0dd7899b93ba5ceb5134d e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279 Loading...

	cdn.schemaapp.com/javascript/schemaFunctions.min.js	1.7 kB	2023-03-07	2023-03-17
Pretty URL cdn.schemaapp.com/javascript/schemaFunctions.min.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-03-17 09:43:25 Times Seen1 Hash fa714262345ea0338a058d93199f56ed 81c3f8901938669975ad01a3ae3e4b0156de6a2f fe7b9f29a6a10cc36627e652af40af6381e2900f87eba0d348a8ef92f66ebd89 Loading...

	static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-07	2023-03-26
Pretty URL static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-03-26 09:22:04 Times Seen2 Hash 17324c64926790e7068528ee285677e0 5f7c9d7694dfa9e92d5ae871cb0ea0cc5b4776c3 79f666407709e82d49c80fc330a5a34952fc56f30de257ccc3ae432d87c6fedc Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/shared/media-player-custom.js	4.3 kB	2023-03-07	2023-03-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/js/shared/media-player-custom.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-03-08 08:37:51 Times Seen1 Hash 450744f087d3aa87a28395c107742acc c8a3e69e3b1287f65b72b9de8a553d4f309d4d99 cde7904316679ef5aa42b66a914d46fdae6d0e07d11bbc28f2dcb3a64012cdd6 Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	252 B	2023-03-07	2024-04-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/ IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen2498 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	928 B	2023-03-08	2023-03-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/ IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:14:03 Last Seen2023-03-08 07:14:56 Times Seen1 Hash 2c1440ae2af545245c946ef424fd7d2d 87a9479fb0633d014f1ca6662da56fa21220e43b cf66afd09cf88c03bcda75d6fa64d5a25a5eddd52f9b351ccccccc00caa1db46 Loading...

	static.wellsfargo.com/tracking/main/utag.117.js?utv=ut4.48.202112070053	8.6 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.117.js?utv=ut4.48.202112070053 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen81 Hash ca611e1ad5ce488baf7e687e039008f9 2152db6945b63d78a718aa87e1f1ccea350b8809 0abd344691477db2ac8e91cf0ce28160bad6b8b4ba6d192dfc000bb2e63f83e4 Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/jquery.min.js	98 kB	2023-03-07	2024-04-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/jquery.min.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:17 Last Seen2024-04-08 03:26:09 Times Seen142 Hash d49f5bd057488231fdcc675e2fe9f568 c81be8cda5beab5bd767a63bee8aafc08e037ce4 3c536cede8c67b4bda531f82b77f3678e52026398492010245d3870c87a1623e Loading...

	static.wellsfargo.com/tracking/main/utag.431.js?utv=ut4.48.202107202150	2.5 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.431.js?utv=ut4.48.202107202150 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen82 Hash 47057e93093059b6ae4917b6015bd8fe c6b654398fc654f415bcd1cff05f926d9193fc65 2c7310c0bbcf2becb50249819d7d0d68636930bab7307962d020cebf0d9de42c Loading...

	static.wellsfargo.com/tracking/main/utag.403.js?utv=ut4.48.202104051735	2.6 kB	2023-03-07	2023-05-21
Pretty URL static.wellsfargo.com/tracking/main/utag.403.js?utv=ut4.48.202104051735 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-05-21 08:37:02 Times Seen74 Hash 211205c31f696e1bb7eee132a746fa45 f97ced5d992cf340c530a244639eb581d0767965 0cb89661317d3e3c5072364afb0da53fc3d43bb5edf3ac43327b1a57f993a251 Loading...

	static.wellsfargo.com/tracking/main/utag.319.js?utv=ut4.48.202209142209	7.0 kB	2023-03-08	2023-03-29
Pretty URL static.wellsfargo.com/tracking/main/utag.319.js?utv=ut4.48.202209142209 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:23 Last Seen2023-03-29 22:00:36 Times Seen47 Hash 3193265899115fcee583c2662559f250 22d60605121c7dc621b04edb46f2539d98fdcf9c 2e8b86b25ab5fb19b62a69f5ca7bb0f242136e3883b688670595ba896b7e53c8 Loading...

	unknown	0 B	2023-03-07	2024-04-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 04:32:30 Times Seen36969593 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.wellsfargo.com/tracking/main/utag.384.js?utv=ut4.48.202208101746	30 kB	2023-03-07	2023-03-17
Pretty URL static.wellsfargo.com/tracking/main/utag.384.js?utv=ut4.48.202208101746 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-03-17 09:43:24 Times Seen1 Hash ec515d2e0f8c06d5ce0a340cd3797fd4 7835986cd764c52d1ca821917fca951cb3081af7 cc86fbdc1bc9b57a54d136018fd8ec9006c062e65f944b4c51c90f1762986bf7 Loading...

	static.wellsfargo.com/tracking/main/utag.396.js?utv=ut4.48.202209192333	8.5 kB	2023-03-08	2023-03-08
Pretty URL static.wellsfargo.com/tracking/main/utag.396.js?utv=ut4.48.202209192333 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:23 Last Seen2023-03-08 07:42:42 Times Seen1 Hash bfc7b10a98d0b83c34b9c5215e59acb3 c822f6bbd3dfebedd4dc5673c7abb5c9f233085b 713a7b27c18080ecb4665dab3036ae266329f318ccc648336564bb8c24e5e40c Loading...

	static.wellsfargo.com/tracking/main/utag.413.js?utv=ut4.48.202207272202	3.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.413.js?utv=ut4.48.202207272202 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen82 Hash 6aedb7426c48b548874c016faf3f6e24 e3e8420bd3e75e7e6319a3f00a8c2aff6e33961a 8221ff8f89f7c212ab6cb02b5edf294ca06322a313ccd0fa8f5d17356cb07d88 Loading...

	static.wellsfargo.com/tracking/alloy/alloy.js	77 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/alloy/alloy.js IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:09 Times Seen87 Hash dd67ef7bf5d168e7123d934cfd21ac80 eb66ab8b5ed10640c50c460c271be086f63e0ffb 5466d536089d3af772430020c62a83dc680cd9169200840742e51181ba81fd75 Loading...

	mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js	48 kB	2023-03-07	2023-05-21
Pretty URL mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-05-21 08:37:02 Times Seen11 Hash adc6bafd6d346973c15f80f542fa008f ec1f94d5fe65f25d7119488ffc067446b7af82b9 7a17bf7ddc09f705c34b0bdefe2a12142ae1702bf904a731f48cd4652c1036eb Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	387 B	2023-03-08	2023-03-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/ IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:14:03 Last Seen2023-03-08 07:14:56 Times Seen1 Hash 176bc4fb9f8491744b14859d74c0c0c9 095dbc8c39697e5ffe5d5adbc0383b7bdf40e6d9 85cc03d2d9af9bac42bd53c0981d53061064292851caa9f1007f7229a6a00c5e Loading...

	static.wellsfargo.com/tracking/main/utag.225.js?utv=ut4.48.202208301942	16 kB	2023-03-07	2023-05-21
Pretty URL static.wellsfargo.com/tracking/main/utag.225.js?utv=ut4.48.202208301942 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-05-21 08:37:02 Times Seen79 Hash ede450a69bfad8ba8be6c09afec643d9 525ca9fbebba307f6a5d5c4c8ab2a3ba9afa70c2 d4c3ac2df676fc3c4c0662d5635b8078cbea41051632004adeee5e17ba9337b8 Loading...

	static.wellsfargo.com/tracking/main/utag.379.js?utv=ut4.48.202207272202	2.2 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/main/utag.379.js?utv=ut4.48.202207272202 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2024-04-08 03:26:08 Times Seen84 Hash f4d859c7b49fa343d9c8b25c689d837e c571cf8c4aa455cd656785571a398b03bda70254 49e726aa41e4128560776f794aeae8f9648b7045769cf240ab3ff4f5d002d529 Loading...

	static.wellsfargo.com/tracking/main/utag.381.js?utv=ut4.48.202209121603	94 kB	2023-03-07	2023-03-08
Pretty URL static.wellsfargo.com/tracking/main/utag.381.js?utv=ut4.48.202209121603 IP 159.45.2.178 ASN #10837 WELLSFARGO-10837 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:47:21 Last Seen2023-03-08 07:42:42 Times Seen1 Hash b90cbacc71e1ae0a741626c87a25d013 00bf09b1f99fa67c51fd7cfba73951a9a710a424 f20359b2efae06d66e63fbd2e0ffb187fab7c9e2953e08306a0bf69ac8a5aa36 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	67 B	2023-03-08	2023-03-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/ IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2023-03-08 08:37:51 Times Seen1 Hash 0e9c3fb282a3102bbc12edc089f21223 0638c5489670be5aac1dee3ffe5bdde31a260c9b 9af7f6ee055e1a99fcbcb6247d08c3c2544e6bc091501f8bb3685aac98f7773e Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/js/global/global.js	230 kB	2023-03-08	2023-03-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/js/global/global.js IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:23 Last Seen2023-03-08 08:14:13 Times Seen1 Hash a6d222867ebc1b0e6a57eddc8bd7418b be0c5877af0cf33abf8de5c793935c7c94c5fe7e 77d1d5f3d877905d3f0f5a434b77be2e3cf34887e0022ad9cae1b5d39150f827 Loading...

	mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/	102 B	2023-03-08	2023-03-08
Pretty URL mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/ IP 54.224.73.73 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:14:03 Last Seen2023-03-08 07:14:56 Times Seen1 Hash a280b96e04a2ac97a0f57df3ba655bad 4adec05a20e5ef7dc2dca13279f361bba15d0d77 81829338e8c3668660123329ee31561c0c67c520ba1a3640952ce7dbfb83c0a2 Loading...

	static.wellsfargo.com/tracking/main/utag.166.js?utv=ut4.48.202208100004	15 kB	2023-03-07	2023-05-21
Pretty URL static.wellsfargo.com/tracking/main/utag.166.js?utv=ut4.48.202208100004 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:45 Last Seen2023-05-21 08:37:02 Times Seen79 Hash 80f41e3e9de3719de7b98e3fd6e0f727 70d1b9891e6f319b0f3f29adbc2832f493ac3b61 cb1b454a046f8f46ee3e5ea389d3648e46bf0973db9f61faa2724162ef850b03 Loading...

HTTP Transactions (102)

URL IP Response Size

mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile

54.224.73.73

301 Moved Permanently

266 B

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
266 B (266 bytes)
Hash
0bd562f2cc6b4f4802410899a6302a25
c728b14858b848072918cf61ebfca54fd7b58adf
afca14125269bddbe48c5e5eceb3356dd4ee6620a1d426681e7042fc5e79266a

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/mobile HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Location: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Content-Length: 266
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/

54.230.111.7

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wH8izWAsmeiKtDfbOWIJnSQyvaVmDc4pU2h3CPJjFR0OREchyC6O0Q==
Age: 67510

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7630
Expires: Thu, 06 Oct 2022 12:39:38 GMT
Date: Thu, 06 Oct 2022 10:32:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10466
Expires: Thu, 06 Oct 2022 13:26:54 GMT
Date: Thu, 06 Oct 2022 10:32:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: uK5H7HTElcVygEoJZ8b9ITH/SWPR28YidDa9CJ9VbxirkUap6r9yzTHQbzHUoA5y5F8oaw6+c1p9YpqeCrzeKg==
x-amz-request-id: EB3DVNY07W46KAZB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 10:30:45 GMT
age: 103
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 10:32:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/

54.224.73.73

200 OK

32 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1350), with CRLF, LF line terminators
Size
32 kB (31890 bytes)
Hash
8c8629852ba0b9fd40315326defccb60
1aeb7f95db53ca8e5dd4c67bce9179d67afe3316
a45be5ca91c7d0283fc90f6a3b9581498dac3abe6fed322e48dbaf48aa40e8d1

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/mobile/ HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 22:58:30 GMT
Accept-Ranges: bytes
Content-Length: 31890
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

www01.wellsfargomedia.com/assets/images/css/template/homepage/homepage-horz-logo.svg

104.110.5.8

200 OK

2.0 kB

URL HTTP/2
www01.wellsfargomedia.com/assets/images/css/template/homepage/homepage-horz-logo.svg
IP
104.110.5.8:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4948)
Size
2.0 kB (1977 bytes)
Hash
e56e5d0c3a6c91daa9c9e3cb35de49ec
1ac827e855541f5059c9122c624f7b5144c5faa8
6d046903ea56f94f8a7d998d662f03035b015d3019c57d88e091f16d1bd175e8

HTTP Headers

GET /assets/images/css/template/homepage/homepage-horz-logo.svg HTTP/1.1
Host: www01.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
etag: "15b8-5895bfcbfa2c0"
last-modified: Mon, 24 May 2021 14:15:37 GMT
server: Akamai Resource Optimizer
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 1977
unused62: 8096267
cache-control: max-age=3127825
expires: Fri, 11 Nov 2022 15:22:53 GMT
date: Thu, 06 Oct 2022 10:32:28 GMT
X-Firefox-Spdy: h2

www04.wellsfargomedia.com/assets/images/css/template/homepage/homepage-lock.svg

104.110.5.8

200 OK

668 B

URL HTTP/2
www04.wellsfargomedia.com/assets/images/css/template/homepage/homepage-lock.svg
IP
104.110.5.8:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
668 B (668 bytes)
Hash
de6fd1f7ffea13b855770b5dc54daf72
0e4ab6e3433c7607280e977fd9e9c5442eb30344
deab472180f1d0240b8f200d69c896d68ddf08eba1928ef3d2f2fbd4beefbbfa

HTTP Headers

GET /assets/images/css/template/homepage/homepage-lock.svg HTTP/1.1
Host: www04.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
etag: "6f8-554880386bac0"
last-modified: Wed, 25 Aug 2021 22:12:55 GMT
server: Akamai Resource Optimizer
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 668
unused62: 8096267
cache-control: max-age=3127825
expires: Fri, 11 Nov 2022 15:22:53 GMT
date: Thu, 06 Oct 2022 10:32:28 GMT
X-Firefox-Spdy: h2

mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

54.224.73.73

200 OK

2.0 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (1952), with no line terminators
Size
2.0 kB (1952 bytes)
Hash
e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Thu, 20 Jan 2022 03:38:26 GMT
Accept-Ranges: bytes
Content-Length: 1952
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/www.wellsfargo.com/js/shared/media-player-custom.js

54.224.73.73

200 OK

4.3 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/js/shared/media-player-custom.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (4348), with no line terminators
Size
4.3 kB (4348 bytes)
Hash
450744f087d3aa87a28395c107742acc
c8a3e69e3b1287f65b72b9de8a553d4f309d4d99
cde7904316679ef5aa42b66a914d46fdae6d0e07d11bbc28f2dcb3a64012cdd6

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/js/shared/media-player-custom.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:20 GMT
Accept-Ranges: bytes
Content-Length: 4348
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/global.css

54.224.73.73

200 OK

185 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/global.css
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (8262)
Size
185 kB (185441 bytes)
Hash
14d9a697a170e9accf9d8dca7ca7f869
c9e83fd2642cbb67ec5648fa04fb5850ba952a18
6d8bb4f75f6eb8608fc500cb23a7d6a09db009c91707584c1cc4f629e422d3ff

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www.wellsfargo.com/css/template/global.css HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:24 GMT
Accept-Ranges: bytes
Content-Length: 185441
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/ui-lightness/jquery-ui.custom.css

54.224.73.73

200 OK

18 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/ui-lightness/jquery-ui.custom.css
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (7491)
Size
18 kB (18459 bytes)
Hash
adacfb4b14fb1a108752d26f5c02ac5c
c86acc17d8ba331340c83d3426ac4b3561a51689
4cba34e0b3855598696d187bbcefc04326cfa6e79c4c4a035efab4017e40e4d3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www.wellsfargo.com/css/template/ui-lightness/jquery-ui.custom.css HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:24 GMT
Accept-Ranges: bytes
Content-Length: 18459
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.7

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 10:29:41 GMT
Expires: Thu, 06 Oct 2022 10:49:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: I_RjHYFPLr5phg0BEoXreeXlTOsm17AkSsuOBqbx_uBoM6dQl6SeMQ==
Age: 167

mail.zitic.duckdns.org/v/www.wellsfargo.com/css/vendor/video-js.css

54.224.73.73

200 OK

44 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/css/vendor/video-js.css
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (19597)
Size
44 kB (43928 bytes)
Hash
f8682704b21d1ed262ec8b90bb0c18d4
71e1bc05a39e85f299d5ecd5194e440f2a3d9fae
521ebc30fb48d89b4ac4808ef7e6fba9110684eb37751ad00a977ada5e74b0ef

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www.wellsfargo.com/css/vendor/video-js.css HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:24 GMT
Accept-Ranges: bytes
Content-Length: 43928
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js

54.224.73.73

200 OK

48 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 text, with very long lines (48287)
Size
48 kB (48367 bytes)
Hash
adc6bafd6d346973c15f80f542fa008f
ec1f94d5fe65f25d7119488ffc067446b7af82b9
7a17bf7ddc09f705c34b0bdefe2a12142ae1702bf904a731f48cd4652c1036eb

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Sat, 13 Aug 2022 14:50:04 GMT
Accept-Ranges: bytes
Content-Length: 48367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/jquery.min.js

54.224.73.73

200 OK

98 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/jquery.min.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (8077)
Size
98 kB (97628 bytes)
Hash
d49f5bd057488231fdcc675e2fe9f568
c81be8cda5beab5bd767a63bee8aafc08e037ce4
3c536cede8c67b4bda531f82b77f3678e52026398492010245d3870c87a1623e

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/js/vendor/jquery.min.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:20 GMT
Accept-Ranges: bytes
Content-Length: 97628
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/jq/jquery-ui.js

54.224.73.73

200 OK

339 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/jq/jquery-ui.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (8185)
Size
339 kB (339170 bytes)
Hash
9726560d23e8100d33456702719491d1
1c64bfa8088fc04d7b6633a3479cb57ec9969d3a
d65fdc6b62a5f7a8a9cbc7a756b75ed80b81cf828295d507aeec9878e908ad4d

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/js/frameworks/jq/jquery-ui.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:18 GMT
Accept-Ranges: bytes
Content-Length: 339170
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

54.224.73.73

200 OK

32 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 text, with very long lines (31790)
Size
32 kB (31841 bytes)
Hash
162100f507af8b50f1406bf3fc405ce5
cf0a2bf9b914710962e0dd7899b93ba5ceb5134d
e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Sat, 12 Feb 2022 18:58:28 GMT
Accept-Ranges: bytes
Content-Length: 31841
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/slick01.js

54.224.73.73

200 OK

63 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/js/frameworks/slick01.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 text, with very long lines (8157)
Size
63 kB (63057 bytes)
Hash
0c8184819332ec4f72f81aaf7e225ae2
4e0dc10b41812b30f74e2b183e19966a525de6a2
11dea6f8a3c56ae01aeff3bd061c0b746ddf9297258c2d18c86481b3a3c10b64

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/js/frameworks/slick01.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:18 GMT
Accept-Ranges: bytes
Content-Length: 63057
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2572
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 10:32:29 GMT
Last-Modified: Thu, 06 Oct 2022 09:49:37 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/video.js

54.224.73.73

200 OK

420 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/js/vendor/video.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (8169)
Size
420 kB (419580 bytes)
Hash
efce68f045d0687df715b0ec9634accf
1b15d7dba57fed7ca7f041ea15d87f6d709a4458
d94e88dfb3c418dc2d7f7f4464faed1788ecc8407ef1694d824330279262b834

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/js/vendor/video.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:20 GMT
Accept-Ranges: bytes
Content-Length: 419580
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/print.css

54.224.73.73

200 OK

570 B

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/print.css
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (570), with no line terminators
Size
570 B (570 bytes)
Hash
95b4de8b86db5e33fc29372eb35bf21a
e75af300af9a609a69e3c11e8c4325637b1a0284
8dee9644ead3af242cdb9c56bfa5a795cc33154be20a7fac97d4357238ad7243

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www.wellsfargo.com/css/template/print.css HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:24 GMT
Accept-Ranges: bytes
Content-Length: 570
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/male_inside-looking-at-phone_burgandy-sweater_147x91.jpg

54.224.73.73

200 OK

4.2 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/male_inside-looking-at-phone_burgandy-sweater_147x91.jpg
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 147x91, components 3\012- data
Size
4.2 kB (4218 bytes)
Hash
bd16da34beb40a055fb441e1500f451d
bf9c119db023411a4f0a2ef7b33f66f874a63c54
e73409322abc6cd2b4d639ed348e7d100f11739da70d60e2df446bc42bec99c6

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/male_inside-looking-at-phone_burgandy-sweater_147x91.jpg HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 26 Aug 2021 02:34:28 GMT
Accept-Ranges: bytes
Content-Length: 4218
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

mail.zitic.duckdns.org/v/www04.wellsfargomedia.com/assets/images/photography/lifestyle/mobile/dw_ms_cafe_0067_debit-card_147x65.png

54.224.73.73

200 OK

20 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www04.wellsfargomedia.com/assets/images/photography/lifestyle/mobile/dw_ms_cafe_0067_debit-card_147x65.png
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 147 x 65, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (19938 bytes)
Hash
3703c14e3e7748e36151c400f433fe1d
a74499e2a804aea7a6cee4a0366958fc559edc73
0c8603a1db6e9ef8465cb728e9c8742f74a52a7a1808f62caca4b3806f5d02c2

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www04.wellsfargomedia.com/assets/images/photography/lifestyle/mobile/dw_ms_cafe_0067_debit-card_147x65.png HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 20:37:34 GMT
Accept-Ranges: bytes
Content-Length: 19938
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

mail.zitic.duckdns.org/v/www04.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_mobile-phone_outdoors_control-tower_147x91.jpg

54.224.73.73

200 OK

5.5 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www04.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_mobile-phone_outdoors_control-tower_147x91.jpg
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 147x91, components 3\012- data
Size
5.5 kB (5457 bytes)
Hash
d4f504864a1e067d500403ed85200b85
cab6664c7e6c3ff2da8af1647ef65902599fa8a5
a20e9a39c1a746f333580a0be193ab7546db27fcee3c08e5a47e1331c25bc025

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www04.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_mobile-phone_outdoors_control-tower_147x91.jpg HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 26 Aug 2021 02:32:36 GMT
Accept-Ranges: bytes
Content-Length: 5457
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_hand-only_holding-mobile-phone-zelle_147x91.jpg

54.224.73.73

200 OK

5.2 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_hand-only_holding-mobile-phone-zelle_147x91.jpg
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 147x91, components 3\012- data
Size
5.2 kB (5189 bytes)
Hash
456d6ed7d617be425fab97d0e45dfcf6
f99f19f0ab02f2fca3aa49f9b1f6b37cc090802c
58dc0492c32e3191f96bd0f2eb72a238b32bedb4f545c9f5568a3d8ceeddad96

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_hand-only_holding-mobile-phone-zelle_147x91.jpg HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 26 Aug 2021 02:32:04 GMT
Accept-Ranges: bytes
Content-Length: 5189
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

mail.zitic.duckdns.org/v/www.wellsfargo.com/assets/images/global/s97e4.gif?log=1&cb=1664575109202&event=PageLoad&pid=tcm:222-17596-64&ptid=tcm:222-170471-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fmobile%2F&clist=182-151380-16~223-4119-32|84-7805-16~91-6216-32|182-155274-16~223-6259-32|84-142296-16~91-1924-32|84-164790-16~91-1924-32|84-218522-16~91-1924-32|84-205395-16~91-1924-32|84-172233-16~91-1924-32|84-159874-16~91-1924-32|84-212724-16~91-1924-32|84-161919-16~91-1924-32|84-20661-16~91-1924-32|84-230087-16~91-1924-32|84-226384-16~91-1924-32|84-8259-16~91-1865-32|84-36594-16~91-2830-32|182-203399-16~223-122394-32|182-203400-16~223-122392-32|182-152931-16~223-122392-32|182-155155-16~223-3750-32|182-219155-16~223-3750-32|182-155989-16~223-3750-32|182-219531-16~223-3750-32|182-168578-16~223-3750-32|84-8253-16~91-1866-32

54.224.73.73

200 OK

43 B

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/assets/images/global/s97e4.gif?log=1&cb=1664575109202&event=PageLoad&pid=tcm:222-17596-64&ptid=tcm:222-170471-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fmobile%2F&clist=182-151380-16~223-4119-32|84-7805-16~91-6216-32|182-155274-16~223-6259-32|84-142296-16~91-1924-32|84-164790-16~91-1924-32|84-218522-16~91-1924-32|84-205395-16~91-1924-32|84-172233-16~91-1924-32|84-159874-16~91-1924-32|84-212724-16~91-1924-32|84-161919-16~91-1924-32|84-20661-16~91-1924-32|84-230087-16~91-1924-32|84-226384-16~91-1924-32|84-8259-16~91-1865-32|84-36594-16~91-2830-32|182-203399-16~223-122394-32|182-203400-16~223-122392-32|182-152931-16~223-122392-32|182-155155-16~223-3750-32|182-219155-16~223-3750-32|182-155989-16~223-3750-32|182-219531-16~223-3750-32|182-168578-16~223-3750-32|84-8253-16~91-1866-32
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www.wellsfargo.com/assets/images/global/s97e4.gif?log=1&cb=1664575109202&event=PageLoad&pid=tcm:222-17596-64&ptid=tcm:222-170471-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fmobile%2F&clist=182-151380-16~223-4119-32|84-7805-16~91-6216-32|182-155274-16~223-6259-32|84-142296-16~91-1924-32|84-164790-16~91-1924-32|84-218522-16~91-1924-32|84-205395-16~91-1924-32|84-172233-16~91-1924-32|84-159874-16~91-1924-32|84-212724-16~91-1924-32|84-161919-16~91-1924-32|84-20661-16~91-1924-32|84-230087-16~91-1924-32|84-226384-16~91-1924-32|84-8259-16~91-1865-32|84-36594-16~91-2830-32|182-203399-16~223-122394-32|182-203400-16~223-122392-32|182-152931-16~223-122392-32|182-155155-16~223-3750-32|182-219155-16~223-3750-32|182-155989-16~223-3750-32|182-219531-16~223-3750-32|182-168578-16~223-3750-32|84-8253-16~91-1866-32 HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Fri, 24 May 2013 21:08:06 GMT
Accept-Ranges: bytes
Content-Length: 43
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_looking-at-mobile_city_147x91.jpg

54.224.73.73

200 OK

6.1 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_looking-at-mobile_city_147x91.jpg
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 147x91, components 3\012- data
Size
6.1 kB (6079 bytes)
Hash
768c39d39b538c30555b17efafa16b9b
66a74797f8890e84a52310c737a8faf1aad24186
d97a7600bed4255f3d547bb5b2ab19c6df4da3e9433e1118aa129b1d67c004dd

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/147x91/female_looking-at-mobile_city_147x91.jpg HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 26 Aug 2021 02:34:06 GMT
Accept-Ranges: bytes
Content-Length: 6079
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/global/btn-close-x.png

54.224.73.73

200 OK

1.5 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/global/btn-close-x.png
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1453 bytes)
Hash
9921173323f53b9e476d01269ce6bc2b
41e125b4a816f5c346159ce28c32659a3ab4d80f
869e94fbe314e86261ff0dcfd5a52175d02298b8c6633140cdc0a544bb7721c5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www01.wellsfargomedia.com/assets/images/global/btn-close-x.png HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 26 Aug 2021 02:32:58 GMT
Accept-Ranges: bytes
Content-Length: 1453
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/413x185/female_pink-blouse_using-mobile-phone_outside_413x185.jpg

54.224.73.73

200 OK

18 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/413x185/female_pink-blouse_using-mobile-phone_outside_413x185.jpg
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 413x185, components 3\012- data
Size
18 kB (18357 bytes)
Hash
7ce80541da79c899aa941227fe27dc37
11f249d618d8c00bdfe21435346611ff9665b961
8ae19d195e9f233dd7d0c4db2bbfa876d7b0a05163dc0ccc8fc43004050e7e1c

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www01.wellsfargomedia.com/assets/images/photography/lifestyle/413x185/female_pink-blouse_using-mobile-phone_outside_413x185.jpg HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 26 Aug 2021 02:32:04 GMT
Accept-Ranges: bytes
Content-Length: 18357
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

www17.wellsfargomedia.com/assets/images/css/template/homepage/homepage-magnifying-glass.png

104.110.27.78

200 OK

236 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/homepage/homepage-magnifying-glass.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
236 B (236 bytes)
Hash
8cf6735df721c60affadb70ad95732eb
ae8a42ebbd6b60630e2c612e924c4fd66a4aca33
8dc5436dce4423f0e53e85904b6dc0552c1c8bbde0dd4ec1c929a1c272201c4c

HTTP Headers

GET /assets/images/css/template/homepage/homepage-magnifying-glass.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "59c2114b-12e"
last-modified: Sat, 23 Jul 2022 13:52:11 GMT
server: Akamai Image Manager
content-length: 236
content-type: image/webp
cache-control: private, no-transform, max-age=674008
expires: Fri, 14 Oct 2022 05:45:57 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/bg-footer.png

104.110.27.78

200 OK

481 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/bg-footer.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 9 x 60\012- data
Size
481 B (481 bytes)
Hash
a396c960e8b70984da1bbfe391e57e74
6963daf90a847a7383d69bd1b34f84c748614945
6060d85ee1d931efbe90cf1f903f53a63b506eb1e6b16c9a7a0feb3b5dcb9c69

HTTP Headers

GET /assets/images/css/template/bg-footer.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "5a7f02f5-393"
last-modified: Mon, 25 Jul 2022 06:04:23 GMT
server: Akamai Image Manager
x-serial: 1720
x-check-cacheable: YES
content-length: 481
content-type: image/gif
cache-control: private, no-transform, max-age=815984
expires: Sat, 15 Oct 2022 21:12:13 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/chevron-right-grey.png

104.110.27.78

200 OK

82 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/chevron-right-grey.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 8x9, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
82 B (82 bytes)
Hash
8a64ca48888869867604fec4ca5a2300
05ecffa2687820e76c82f487d0347a5120615dd1
fb39d6b03e532d8c65acd85e6be42ac3fd7d781451a4bb1c616286a231c80cfa

HTTP Headers

GET /assets/images/css/template/chevron-right-grey.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "519fc766-3ed"
last-modified: Sat, 23 Jul 2022 13:52:12 GMT
server: Akamai Image Manager
x-serial: 612
x-check-cacheable: YES
content-length: 82
content-type: image/webp
cache-control: private, no-transform, max-age=628201
expires: Thu, 13 Oct 2022 17:02:30 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/chevron-right-blue.png

104.110.27.78

200 OK

140 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/chevron-right-blue.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
140 B (140 bytes)
Hash
7838430f8f3db208f1791d12275f882c
f099b34e9cd7bb9b8ccfbe0284cf818ef1747a9a
15edc68516d9016f5df0651edcd4eedfd5c2f440d85f932f7a2b973b70d37883

HTTP Headers

GET /assets/images/css/template/chevron-right-blue.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "519fc766-3fc"
last-modified: Mon, 25 Jul 2022 06:04:22 GMT
server: Akamai Image Manager
x-serial: 1189
x-check-cacheable: YES
content-length: 140
content-type: image/webp
cache-control: private, no-transform, max-age=779899
expires: Sat, 15 Oct 2022 11:10:48 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/arrow-right-gray.png

104.110.27.78

200 OK

102 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/arrow-right-gray.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
102 B (102 bytes)
Hash
24a47218c6a6be92ed8ddc28b0365af7
837d6923fda7215a73ce3050aa03673504907f88
303132675de7ecc1ad7822db460c6c6c30a72fb102620c4ca489c3fbb41e9e8f

HTTP Headers

GET /assets/images/css/template/arrow-right-gray.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "519fc73e-40c"
last-modified: Mon, 25 Jul 2022 06:04:23 GMT
server: Akamai Image Manager
content-length: 102
content-type: image/webp
cache-control: private, no-transform, max-age=821346
expires: Sat, 15 Oct 2022 22:41:35 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/chevron-right-white.png

104.110.27.78

200 OK

124 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/chevron-right-white.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
124 B (124 bytes)
Hash
db82aa1ed6e1bc5e2ddb5228a70ec851
b62dd87f25611c7a96e25c0fcd69fc5e0c4a1146
d80aa92d8d7c520e03972f3add3a09b229d9d4ffaa15fd71ce52b304742f6f73

HTTP Headers

GET /assets/images/css/template/chevron-right-white.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "519fc768-425"
last-modified: Mon, 25 Jul 2022 08:20:27 GMT
server: Akamai Image Manager
content-length: 124
content-type: image/webp
cache-control: private, no-transform, max-age=674888
expires: Fri, 14 Oct 2022 06:00:37 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=7251289
expires: Thu, 29 Dec 2022 08:47:18 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=7228083
expires: Thu, 29 Dec 2022 02:20:32 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.161.6.128

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.6.128:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CHJDiEt5qx6d6iDA7OxFEw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KEBifTmdp62iVe9obTijVdlO0hg=

mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js

54.224.73.73

404 Not Found

315 B

URL HTTP/1.1
mail.zitic.duckdns.org/v/static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 404 Not Found
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

mail.zitic.duckdns.org/v/www17.wellsfargomedia.com/assets/images/css/template/img_print.png

54.224.73.73

200 OK

134 B

URL HTTP/1.1
mail.zitic.duckdns.org/v/www17.wellsfargomedia.com/assets/images/css/template/img_print.png
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 14 x 12, 8-bit grayscale, non-interlaced\012- data
Size
134 B (134 bytes)
Hash
ed07b484af73610193cb8c7850a060d3
6acdb6fa2eb7890a132b7e24938a27b548ccb544
d6d272e61ccf4d57b23962568358f87656a7f820f580ab071d11fde58f6e45e6

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www17.wellsfargomedia.com/assets/images/css/template/img_print.png HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/css/template/global.css
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Mon, 25 Jul 2022 22:08:46 GMT
Accept-Ranges: bytes
Content-Length: 134
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

www17.wellsfargomedia.com/assets/images/css/template/img_facebook.png

104.110.27.78

200 OK

158 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/img_facebook.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 20x20, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
158 B (158 bytes)
Hash
2b29e2ab0a181b675c3a91a5daf2322c
7986adeec12fb7dfb3386f793662f634c842eb66
73b31bddb3e9b9e841725f10be78071daae55db39b60719eb73ffa94186edbbf

HTTP Headers

GET /assets/images/css/template/img_facebook.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "55209ab9-52d"
last-modified: Mon, 08 Aug 2022 16:03:34 GMT
server: Akamai Image Manager
content-length: 158
content-type: image/webp
cache-control: private, no-transform, max-age=2146768
expires: Mon, 31 Oct 2022 06:51:57 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/img_twitter.png

104.110.27.78

200 OK

186 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/img_twitter.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 20x20, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
186 B (186 bytes)
Hash
bf36c83f327f106b40a4a25396f68892
a47a4d66d99520946122236f23ec139c2252cae3
8bda07b34e5b9b98bc5b1609c1cb4327f829ec74484a558ae3873dd19b75953b

HTTP Headers

GET /assets/images/css/template/img_twitter.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "55209ab9-5a4"
last-modified: Mon, 25 Jul 2022 07:26:18 GMT
server: Akamai Image Manager
x-serial: 1787
x-check-cacheable: YES
content-length: 186
content-type: image/webp
cache-control: private, no-transform, max-age=713828
expires: Fri, 14 Oct 2022 16:49:37 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/css/template/social_show.png

104.110.27.78

200 OK

84 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/css/template/social_show.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 16x16, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
84 B (84 bytes)
Hash
6550aa7b280e5283194471eb87085983
b76e2eaf71fb1ae900ece375e4f0be5b23bc1ed0
daf8f3105a0bae551331bc9859b06561b50313d2cc0e3aa1b1aee9b7acd09cd4

HTTP Headers

GET /assets/images/css/template/social_show.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "55209ab9-3ca"
last-modified: Mon, 25 Jul 2022 08:19:23 GMT
server: Akamai Image Manager
content-length: 84
content-type: image/webp
cache-control: private, no-transform, max-age=944794
expires: Mon, 17 Oct 2022 08:59:03 GMT
date: Thu, 06 Oct 2022 10:32:29 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee9e15db28c6c174de4e0f2922e2b25c
9df4ed69f087ce66e15dec440470706a0b548474
3c2acc9d0d0eb77f7bb2e28a662473040984c2b2fe36be30b7acd45a45c504b3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5095
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 10:32:29 GMT
Last-Modified: Thu, 06 Oct 2022 09:07:34 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60e15c331eace6c365b7907684305d5b
0bd2b17c8e69678b43b2beb1beb81cb059f848b7
9fba594974e3d01120b06149dbe25cbdd65a33f81a5a362283146b3472aa0aaa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6066
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 10:32:29 GMT
Last-Modified: Thu, 06 Oct 2022 08:51:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

mail.zitic.duckdns.org/v/www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

54.224.73.73

200 OK

2.5 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
2.5 kB (2507 bytes)
Hash
47110b47911b785cd36f5a35379eb99c
39ec47a3fa466348e787c21de6dedbb217f8a1e3
9ada0ef473cc526ec17a25f7729960acb965a5c2bfd22688b0252421c1b833d5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2022 03:02:38 GMT
Accept-Ranges: bytes
Content-Length: 2507
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

mail.zitic.duckdns.org/v/www.wellsfargo.com/favicon.ico

54.224.73.73

200 OK

3.8 kB

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/favicon.ico
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type
MS Windows icon resource - 1 icon, 48x48, 8 bits/pixel\012- data
Size
3.8 kB (3774 bytes)
Hash
fc6d7821d387a8d5e630daa63ec39f10
91d3962918d4caf70de23cdf245f85881883c789
2420e2dd77fbe0494070da2c201f6fcdd613c7652c06d086137e8c41d129f254

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected

HTTP Headers

GET /v/www.wellsfargo.com/favicon.ico HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:30:50 GMT
Accept-Ranges: bytes
Content-Length: 3774
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/x-icon

static.wellsfargo.com/tracking/main/utag.js

159.45.2.178

200 OK

54 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.js
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
Unicode text, UTF-8 text, with very long lines (21397)
Size
54 kB (53864 bytes)
Hash
26bb07cb24ec9407cc5e5b66a69874ba
3b7a1b1f6e96cccdd1eb3cd04e81598619eb94fc
35d1ca2c89af89baebef9b8a93866f5a90ab51831cc3b8db9718e276ab28c0d4

HTTP Headers

GET /tracking/main/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:29 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 04 Oct 2022 20:01:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633c9124-4fa06"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
da760bd41ef8ff9370254bfa22f58538
d2913d670acf488ba2460758095e8238c1d47966
92af768a29358479e72788fbbb20cfd27aad26588b07a3218968710da11a2d37

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 13:42:54 GMT
Expires: Wed, 12 Oct 2022 13:42:53 GMT
Etag: "d2913d670acf488ba2460758095e8238c1d47966"
Cache-Control: max-age=529222,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755dbbc5aa770b51-OSL

api.rlcdn.com/api/identity/idl?pid=1317

34.120.133.55

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
api.rlcdn.com/api/identity/idl?pid=1317
IP
34.120.133.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 06 Oct 2022 10:32:30 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1

159.45.2.178

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.249.js?utv=ut4.48.202103111723

159.45.2.178

200 OK

2.0 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.249.js?utv=ut4.48.202103111723
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (1280)
Size
2.0 kB (1971 bytes)
Hash
028aad0d319ba7357204d8bc9bfca330
6d391340b147026435eed039b322b297195d976f
8ea1397b96ad59126143e4ce576d94d1193772eefc90ef06acd785fcef164592

HTTP Headers

GET /tracking/main/utag.249.js?utv=ut4.48.202103111723 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 25 Mar 2021 21:15:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"605cfd72-133d"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
da760bd41ef8ff9370254bfa22f58538
d2913d670acf488ba2460758095e8238c1d47966
92af768a29358479e72788fbbb20cfd27aad26588b07a3218968710da11a2d37

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 13:42:54 GMT
Expires: Wed, 12 Oct 2022 13:42:53 GMT
Etag: "d2913d670acf488ba2460758095e8238c1d47966"
Cache-Control: max-age=529222,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755dbbc69bc70b51-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15042
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 10:32:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15042
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 10:32:30 GMT
Connection: keep-alive

cdn.schemaapp.com/highlighter/prod/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmc

54.230.111.100

200 OK

0 B

URL HTTP/2
cdn.schemaapp.com/highlighter/prod/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmc
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /highlighter/prod/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmc HTTP/1.1
Host: cdn.schemaapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-account-id,x-api-key
Referer: http://mail.zitic.duckdns.org/
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Thu, 06 Oct 2022 10:32:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-headers: x-account-id, x-api-key
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XzQVWzABey4PS8LjMcqtDNJ13MYiMVu7BqRW1L75w8f-5p9eSBETeg==
X-Firefox-Spdy: h2

data.schemaapp.com/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLw

54.230.111.53

200 OK

0 B

URL HTTP/2
data.schemaapp.com/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLw
IP
54.230.111.53:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLw HTTP/1.1
Host: data.schemaapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-api-key
Referer: http://mail.zitic.duckdns.org/
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 0
date: Thu, 06 Oct 2022 10:32:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-headers: x-api-key
access-control-expose-headers: x-amz-meta-source
access-control-max-age: 3000
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains;
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I26EUV7CE_8o1JcwawUfkiCHlVq9hPc3MOkpdpxiNA-4ygVR_WpOOQ==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15042
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 10:32:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7270 bytes)
Hash
e238ccaa3b9fa88476a8514855e8232f
447cbf348ef10d0136a1811e843c46937defbba1
43dce3c1eb388dfaddca4176acb6eb32f76fc4c03fca18e7a315c9ddb43d2b02

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7270
x-amzn-requestid: e5d0bb7a-b9d5-49b1-b51c-8db019da641f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQOGEQloAMFjgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfa5a-519d91fb0b83920960da479d;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:42:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: l1HGT5ycH36vVojsOPFptRSU1YJFvLbBsgiWJqzRlRIGgm2o5vf6jg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:58:56 GMT
etag: "447cbf348ef10d0136a1811e843c46937defbba1"
content-type: image/jpeg
age: 45214
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15042
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 10:32:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15042
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 10:32:30 GMT
Connection: keep-alive

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5b87135-538c-4c9f-b146-1da5b13ce157.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8360 bytes)
Hash
a7bcc50ecfeeca47de68cb437e966f29
e98c870fd29b56fa4c3847008bedc0f01f222744
47a82bb40ead4346323b68c886cb88528cb2162666e9549b2ab215b86a499985

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5b87135-538c-4c9f-b146-1da5b13ce157.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8360
x-amzn-requestid: c1f21bfa-3ceb-4661-97b8-0d7475f0e911
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLlLG0joAMFQqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f2ed-43993b1377e9fbaf4e9443d2;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kyp8p-Jm92bA3VDbsKDiD_JnS2eekJFUkMjYXquZ1D15WthqXoSlsA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:57:01 GMT
age: 45329
etag: "e98c870fd29b56fa4c3847008bedc0f01f222744"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9044 bytes)
Hash
70ea26af79226e9ff06d6198e2c019dc
ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 05:04:17 GMT
age: 19693
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7511 bytes)
Hash
9e520f87cae411cfc2ed1c8a14184385
69ad212cb7ae309d4f02019552887135bfae67da
723b10bfbcde201b5811e3bd0560f02f90775e4d18b28d19e6c814899f2da71a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7511
x-amzn-requestid: 995b51dd-5484-4b4c-ad40-550f7fd85930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uG70IAMFjBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-70f17f6f24dce0003d03902a;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: BddSUzh-PKiFmfw2p9gPW-B0qtrXWxCXfee29Pk-wLqN7RO21Yic6g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
age: 46524
etag: "69ad212cb7ae309d4f02019552887135bfae67da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11080 bytes)
Hash
2277f8f2d93b4bc3b05d348343177892
531d9e4ec9078cd2d7376a19fcb287084af36c82
62907648de4a2ed390232a71ab7dce49f1e9c3363cde6a2f30ecae10ab67f93a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11080
x-amzn-requestid: 8fa4d19d-87a5-46c5-96c5-4aec793daad9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO7xE5eoAMFQLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df84b-5c422c7a168c014f57559037;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:34:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: LySueW1si-yWLwecUILV1s57IEV2FdcQ9_pH1Aoe4AYISi7QXXfd3A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:39:28 GMT
age: 46382
etag: "531d9e4ec9078cd2d7376a19fcb287084af36c82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feda182b7-6bc8-4aea-82c3-d9fa08748b61.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7385 bytes)
Hash
e5a5ee14d41747f46e71f04782e1a3d3
b0205176a58913f57056b91674097bfb58046e97
b3bae0b56b50374cb85fc7fe4c9b551383d1969bf31e7adccb867e3467c59269

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feda182b7-6bc8-4aea-82c3-d9fa08748b61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7385
x-amzn-requestid: 7ada8e43-9cb5-4793-9289-e308e9565e7d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjOZoF7aIAMF43A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df770-73da01595d32809e08b93a83;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:30:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: 14qQi5wDI-_EgyghHCMjRtdZliSj3L6veSqIeBoEjCTfdZfrKb-UzA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
etag: "b0205176a58913f57056b91674097bfb58046e97"
content-type: image/jpeg
age: 46524
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/main/utag.319.js?utv=ut4.48.202209142209

159.45.2.178

200 OK

2.6 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.319.js?utv=ut4.48.202209142209
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (2571)
Size
2.6 kB (2613 bytes)
Hash
270dd8154d461df44b468039bd358e3d
75cfff528bf6a5b8cf3f2b186c06bf3facb78538
591ddca6ea1ce23bccb267ca1e5fc99ce9c4a463361905e8dc2ff7d544710c0b

HTTP Headers

GET /tracking/main/utag.319.js?utv=ut4.48.202209142209 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632cc04d-1b84"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.117.js?utv=ut4.48.202112070053

159.45.2.178

200 OK

1.5 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.117.js?utv=ut4.48.202112070053
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (8097)
Size
1.5 kB (1541 bytes)
Hash
98ea64d15274eed87401b2a479775049
54835f985edf79c1911926f35a454eed5462d672
ca6044266cd44788cd4fa4910c8bcae5bef1bc1c213eafb436c00cea0db2c79b

HTTP Headers

GET /tracking/main/utag.117.js?utv=ut4.48.202112070053 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 18 Feb 2021 22:15:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"602ee6f8-2166"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.129.js?utv=ut4.48.202207272202

159.45.2.178

200 OK

2.0 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.129.js?utv=ut4.48.202207272202
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (14899)
Size
2.0 kB (2012 bytes)
Hash
3955ea8eef1163d5a03b223080bb369b
afdc4ffc48f5b5454bec0d211d81bf5a29a88300
773e4bda27c4b159fa2f2ddfc6b0a940fe149e1b2d6e9d68af4798d80f453b94

HTTP Headers

GET /tracking/main/utag.129.js?utv=ut4.48.202207272202 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 28 Jul 2022 20:08:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62e2eca7-3bf8"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

cdn.schemaapp.com/javascript/schemaFunctions.min.js

54.230.111.100

200 OK

2.6 kB

URL HTTP/2
cdn.schemaapp.com/javascript/schemaFunctions.min.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (14389), with CRLF line terminators
Size
2.6 kB (2625 bytes)
Hash
5f8036fed16e18310c02330e3cd14e51
428353328b4926216275c9a80bd72bf890f08f12
ef5f56965eb242a52c3989029355bf6ae5895d429ae66e071a67a33a8fec70e3

HTTP Headers

GET /javascript/schemaFunctions.min.js HTTP/1.1
Host: cdn.schemaapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
x-amz-replication-status: COMPLETED
last-modified: Thu, 03 Jun 2021 19:02:30 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ebtKiJ.k06e6HWGVnUjCEswYzQTrKhD5
server: AmazonS3
content-encoding: gzip
date: Thu, 29 Sep 2022 21:19:59 GMT
cache-control: max-age=699840
etag: W/"fa714262345ea0338a058d93199f56ed"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PoKAp4Z1xfCHhqvHagln4h99PRPKzs92ITRYPL91kWtRxWDWeZQDxg==
age: 565971
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/main/utag.136.js?utv=ut4.48.202208102110

159.45.2.178

200 OK

4.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.136.js?utv=ut4.48.202208102110
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (55064), with CRLF line terminators
Size
4.3 kB (4329 bytes)
Hash
d0411178a32feb6cf283839f7d2adc0f
b48614403124421a7c1072238276d834c8c16fbc
9d4f430c94cc8de26993a0b05eaaedc4c5121f5c69a47aa13cb7ddf44cd1521f

HTTP Headers

GET /tracking/main/utag.136.js?utv=ut4.48.202208102110 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 Aug 2022 20:02:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f56058-d8e3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

cdn.schemaapp.com/javascript/highlight.js

54.230.111.100

200 OK

13 kB

URL HTTP/2
cdn.schemaapp.com/javascript/highlight.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (32642), with CRLF line terminators
Size
13 kB (12913 bytes)
Hash
67886e88d5d3aae591c191f5801cab35
55978d4e2a07f43cb1200eb978d403846b1e54fa
f3a2a68e9bf6c9366258e3f3023b9bd9fba5106c8e4cc3020136305380abf9b3

HTTP Headers

GET /javascript/highlight.js HTTP/1.1
Host: cdn.schemaapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
date: Thu, 29 Sep 2022 17:49:18 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 13 Sep 2022 13:00:40 GMT
etag: W/"a75cfd2d41ac714329a4fc6895bb082d"
x-amz-server-side-encryption: AES256
cache-control: max-age=699840
x-amz-version-id: yuc1pGbDhqDdI_gLgLi7faeJw6LKcbDu
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nyFGIS9biPja4ju6ZOL5CsEXEjwO90jFQPeaMV7UVSOT6_7Qaic-6Q==
age: 578593
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/main/utag.328.js?utv=ut4.48.202207272202

159.45.2.178

200 OK

2.2 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.328.js?utv=ut4.48.202207272202
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (15058)
Size
2.2 kB (2248 bytes)
Hash
420683ca7854e6bef9d5433124c6040e
aad1b9f71f2c30deee478658bb6e453c2c7f3a5a
8851d5126d7413e67465c2cb8bc2adaba4dd4b39deac58a33c9dc2e4d53f8268

HTTP Headers

GET /tracking/main/utag.328.js?utv=ut4.48.202207272202 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 28 Jul 2022 20:08:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62e2eca5-413e"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.379.js?utv=ut4.48.202207272202

159.45.2.178

200 OK

1.1 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.379.js?utv=ut4.48.202207272202
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (1071)
Size
1.1 kB (1132 bytes)
Hash
be33c3150315d92aaae2dd3f471f7e4e
e8807f0617c3f06b238aec8ebcf93ab846e619af
15ee0686aeb15b05f562cd16166152540f132425c01ed5268d70a53d8a81cb7a

HTTP Headers

GET /tracking/main/utag.379.js?utv=ut4.48.202207272202 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 28 Jul 2022 20:08:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62e2eca5-86e"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.381.js?utv=ut4.48.202209121603

159.45.2.178

200 OK

8.9 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.381.js?utv=ut4.48.202209121603
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (53448)
Size
8.9 kB (8905 bytes)
Hash
fa32a86db1201fd16a1ffad9bd9f7227
d03c84e85b4ecdfb12c65ad199d2ea35a4218fd7
6f152dcff72a37369ae8eac535bc29ed8ff4575fc220b9362535a1c5c1ab0ee9

HTTP Headers

GET /tracking/main/utag.381.js?utv=ut4.48.202209121603 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Sep 2022 20:12:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6323871b-16edd"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.384.js?utv=ut4.48.202208101746

159.45.2.178

200 OK

4.5 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.384.js?utv=ut4.48.202208101746
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (20219), with CRLF line terminators
Size
4.5 kB (4498 bytes)
Hash
4c0349dd734ccb6d8e8e7623b1f7ae6d
b7b4c964104051333ba40303abf04653021319e7
78cb0c0a2e99cba235f7f99b436f3175f27f45872905afaffbae7a278c53e09b

HTTP Headers

GET /tracking/main/utag.384.js?utv=ut4.48.202208101746 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 Aug 2022 20:02:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f56055-74c7"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.431.js?utv=ut4.48.202107202150

159.45.2.178

200 OK

1.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.431.js?utv=ut4.48.202107202150
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (1071)
Size
1.3 kB (1302 bytes)
Hash
6b1893e708596451fe24ba0542af6968
64f6d916c0fa5d4ed53d7af241edc228403f7733
d02ba9b5bff6d6dd10c51121cfa90bee0a178af4fd5bc5b7d2401e4717c2fbc0

HTTP Headers

GET /tracking/main/utag.431.js?utv=ut4.48.202107202150 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 29 Jul 2021 21:00:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"610316f8-9eb"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.396.js?utv=ut4.48.202209192333

159.45.2.178

200 OK

1.6 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.396.js?utv=ut4.48.202209192333
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (6813), with CRLF line terminators
Size
1.6 kB (1628 bytes)
Hash
b0eaf99033dacb91df01cca9f18c5efd
c36cef3a700b34b9d1298bf2c93e396b95a27222
916f35f839cc40c2eccad5d01538ed4adb46de9d51e9b95bdb9dd3598a3c8d0f

HTTP Headers

GET /tracking/main/utag.396.js?utv=ut4.48.202209192333 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632cc033-2110"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.397.js?utv=ut4.48.202209192301

159.45.2.178

200 OK

1.8 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.397.js?utv=ut4.48.202209192301
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (8790), with CRLF line terminators
Size
1.8 kB (1799 bytes)
Hash
83ec4867fa7d7a18fe8379520ca7c873
549c4bc01430a3a6aeddf8e235438bcd19d4d40a
88bb418f969436f16382dca8ded387c0513dda2648a6e11f61ff338e28d16f35

HTTP Headers

GET /tracking/main/utag.397.js?utv=ut4.48.202209192301 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632cc032-28c9"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.403.js?utv=ut4.48.202104051735

159.45.2.178

200 OK

1.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.403.js?utv=ut4.48.202104051735
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (1071)
Size
1.3 kB (1298 bytes)
Hash
d9e09275c6f22e92f2ba7f907f9d1c31
712ff938b4ae788338fa1d926af874b7fbe7ab58
15c605e2b2babb99517d3b0f36ef52191d80d7a448b0089d0f254ac52559d217

HTTP Headers

GET /tracking/main/utag.403.js?utv=ut4.48.202104051735 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Apr 2021 21:15:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6078ace7-a3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.413.js?utv=ut4.48.202207272202

159.45.2.178

200 OK

1.4 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.413.js?utv=ut4.48.202207272202
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (1317)
Size
1.4 kB (1352 bytes)
Hash
7d2d9e509acf171d299a8fd31ef8ca0d
64cd01f823e796aa972ba0bd3349b21847dee603
c47666bd3cde639619863664b81db5e312723c4e87287993b4ebb1f12af0733c

HTTP Headers

GET /tracking/main/utag.413.js?utv=ut4.48.202207272202 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 28 Jul 2022 20:08:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62e2eca1-b91"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

data.schemaapp.com/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLw

54.230.111.53

200 OK

0 B

URL HTTP/2
data.schemaapp.com/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLw
IP
54.230.111.53:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLw HTTP/1.1
Host: data.schemaapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-api-key: XPJKP-GI7DG-FVNWZ-45W51
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: x-amz-meta-source
access-control-max-age: 3000
date: Thu, 06 Oct 2022 10:32:30 GMT
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: max-age=14400
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HeR3yrjdSQgbBFOBJf1SyTZu0aoUZqeuk1TAK7m7eYKEFWUNVUsQUw==
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/main/utag.505.js?utv=ut4.48.202209131956

159.45.2.178

200 OK

2.8 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.505.js?utv=ut4.48.202209131956
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (1430)
Size
2.8 kB (2760 bytes)
Hash
b2e03f6d954a4357a7268c29f963c4f0
33e8f489c2444aa2ac08b82d692c995836020fcf
7ed82ca71abf90288110fed75cb12480d77721dca21fc258f21d3e6536df8db8

HTTP Headers

GET /tracking/main/utag.505.js?utv=ut4.48.202209131956 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Sep 2022 20:12:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6323871b-197d"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/main/utag.471.js?utv=ut4.48.202209271731

159.45.2.178

200 OK

2.5 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/main/utag.471.js?utv=ut4.48.202209271731
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (995)
Size
2.5 kB (2457 bytes)
Hash
5245bcf67d3ef6caa0e9c2185d20c08a
aa2ad19ae558fe7f58b3770873c8683ce91fba4c
343bc115dd405111bb74587ffb571d9c0f7fe4c9da381b88109998c2c7cf5f48

HTTP Headers

GET /tracking/main/utag.471.js?utv=ut4.48.202209271731 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 04 Oct 2022 20:01:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633c9122-19fb"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

159.45.2.178

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip

cdn.schemaapp.com/highlighter/prod/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmc

54.230.111.100

200 OK

2 B

URL HTTP/2
cdn.schemaapp.com/highlighter/prod/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmc
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /highlighter/prod/WellsFargo/aHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmc HTTP/1.1
Host: cdn.schemaapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.zitic.duckdns.org/
x-account-id: WellsFargo
x-api-key: XPJKP-GI7DG-FVNWZ-45W51
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Tue, 11 Dec 2018 16:01:38 GMT
x-amz-version-id: 4FsmemwQuur.Z0jxvea6XGJagB0M87fi
accept-ranges: bytes
server: AmazonS3
date: Thu, 06 Oct 2022 10:11:08 GMT
etag: "99914b932bd37a50b983c5e7c90ae93b"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Error from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lRUSV3xgSqA3cgrDEQLv2bi5RrEC7LAmye8EctZwgy2j5RM9Ff2LFg==
age: 2116
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js

159.45.2.178

200 OK

961 B

URL HTTP/1.1
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (577)
Size
961 B (961 bytes)
Hash
fdb41e651caf483e7aef91805f810c24
91fc1ceef8d8466f20133e680e77b4dc6de9e8f4
ffd6d341df741ab75634dc5345d0bb8b489fb84de377ef4c2445c4e355fc9cc3

HTTP Headers

GET /tracking/medallia/wdcusprem/57907/onsite/medallia-digital-embed.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 28 Apr 2022 00:53:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6269e590-96c"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/gb/detector-dom.min.js

159.45.2.178

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632cbfa4-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

static.wellsfargo.com/tracking/alloy/alloy.js

159.45.2.178

200 OK

25 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/alloy/alloy.js
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
Unicode text, UTF-8 text, with very long lines (65505)
Size
25 kB (24609 bytes)
Hash
9a021c3b9dea16b9bedb216b6b195cdd
f767ed7dba6d08b08ffc5b35fb0468eb00c66a25
54b94b3b7c4900d7012f824d21f9fa94928055f6cae6c59c23d88a10eaa79e95

HTTP Headers

GET /tracking/alloy/alloy.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 25 Aug 2022 20:01:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6307d531-12d93"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cd4b79bba0fd50aa52ce7651c802a4c2
f2c9a468baeee591930a52768f69d03b32a6f9d9
895dd9332f266d5e1fd15b2ad883fe80d0fdfbd4fe61e85942b2785da969fd90

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 10:32:31 GMT
Last-Modified: Thu, 06 Oct 2022 09:33:06 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=fd6f46a8-f83a-49b5-9e62-79311eb1676f%3A0&_cls_v=c0afa68a-842a-4183-ad6f-ba322ae368f8&pv=2&f_cls_s=true

23.36.79.9

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=fd6f46a8-f83a-49b5-9e62-79311eb1676f%3A0&_cls_v=c0afa68a-842a-4183-ad6f-ba322ae368f8&pv=2&f_cls_s=true
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
d881bc446c50d1af27b987660bedaa9f
a7c449714046ce0c7eb85692b8063687e8cc664c
aeafff73c69e3e5993300421030cd111d4945f2d255cb3a5272defa413c8c493

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=fd6f46a8-f83a-49b5-9e62-79311eb1676f%3A0&_cls_v=c0afa68a-842a-4183-ad6f-ba322ae368f8&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: http://mail.zitic.duckdns.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Thu, 06 Oct 2022 10:32:31 GMT
Connection: keep-alive
Set-Cookie: _cls_v=c0afa68a-842a-4183-ad6f-ba322ae368f8; Secure; SameSite=None;HttpOnly;Secure
_cls_s=fd6f46a8-f83a-49b5-9e62-79311eb1676f:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!dFPOsGqvOYBoy0PjbMKMZ0gdoDa2eRNkSpvTC1h0RIm8QSfuUrDQXkarAHyru/54ZU6hFdta2tZD7VM=; path=/; Httponly; Secure
DCID=YRyyZrSR645kxuBmpbifmJ8ikTmcV%2fV78v39+lusW54%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Thu, 06 Oct 2022 10:47:31 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1649789670809.js

159.45.2.178

200 OK

82 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1649789670809.js
IP
159.45.2.178:0
ASN
#10837 WELLSFARGO-10837

File type
Unicode text, UTF-8 text, with very long lines (11631)
Size
82 kB (81476 bytes)
Hash
94d4aed186bc1e91168480ab7abe9623
086e008f5989cfd43dbb39a4506013a3e458319b
f8b0db24893cab8e4a951ea60ac3c65b7803b9ca558ca7527df58d534d8d8b08

HTTP Headers

GET /tracking/medallia/wdcusprem/57907/onsite/generic1649789670809.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 28 Apr 2022 00:53:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6269e590-57c18"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: max-age=1800
Content-Encoding: gzip

resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/onsiteData.json

151.101.85.230

200 OK

1.5 kB

URL HTTP/2
resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/onsiteData.json
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text, with very long lines (2056)
Size
1.5 kB (1456 bytes)
Hash
c9e0528f64d1e24fbfea3ed57c48a781
5c68095e947a74761541c7e78517e5ec7da48f99
edbcc863269fbfbc0aa044b7a54a4c06538f254869b87c25ab24628a40a97560

HTTP Headers

GET /wdcusprem/57907/onsite/onsiteData.json HTTP/1.1
Host: resources.digital-cloud-prem.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: uxyB8aCGqOqiMLhWek+ms91byROlBpG+9oq5B0LY6ylUg7kYIVfv07w3RqBrNKkmulBF4oq8yuo=
x-amz-request-id: 6Q220M36ZA4Q7HGT
last-modified: Mon, 29 Aug 2022 14:36:24 GMT
etag: "4dd8128146b81339a1aabe91b5ddbafa"
x-amz-version-id: h0XCleBJUwMzYgUwLc_VpXobL_hX1j6f
content-type: application/json
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
date: Thu, 06 Oct 2022 10:32:31 GMT
age: 1083496
x-served-by: cache-pao12023-PAO, cache-bma1680-BMA
x-cache: HIT, HIT
x-cache-hits: 193, 1
x-timer: S1665052352.790500,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 1456
X-Firefox-Spdy: h2

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYmVmb3JlX2h0dHBfZ2V0X3JlcXVlc3QiLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2NTA1MjM1MTczOSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzYWNkYTljZjk2Ny0wYzNkYzJhOTAxMjAyZDgtMzA2ZDQ2NGEtMTQwMDAwLTE4M2FjZGE5Y2ZhM2ExIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLXByZW0iLCJhY2NvdW50SWQiOiA1NzkwNSwidXJsIjogImh0dHA6Ly9tYWlsLnppdGljLmR1Y2tkbnMub3JnL3Yvd3d3LndlbGxzZmFyZ28uY29tL21vYmlsZS8iLCJ3ZWJzaXRlSWQiOiA1NzkwNywiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYTUyNi1lMmZiLTgwNjEtMzk2YS00NWEyLTdiYjktODIzYS1iNjc5Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIiLCJodHRwUmVxdWVzdERhdGEiOiB7ImF0dGVtcHROdW1iZXIiOiAwLCJ1cmwiOiAiaHR0cHM6Ly9yZXNvdXJjZXMuZGlnaXRhbC1jbG91ZC1wcmVtLm1lZGFsbGlhLmNvbS93ZGN1c3ByZW0vNTc5MDcvb25zaXRlL29uc2l0ZURhdGEuanNvbiJ9fSwiY29va2llX3NpemUiOiA0MDcsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjUwNTIzNTE3MzksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQxLjFfMjAyMjA0MTIxODU0MzAifQpdfQ==

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYmVmb3JlX2h0dHBfZ2V0X3JlcXVlc3QiLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2NTA1MjM1MTczOSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzYWNkYTljZjk2Ny0wYzNkYzJhOTAxMjAyZDgtMzA2ZDQ2NGEtMTQwMDAwLTE4M2FjZGE5Y2ZhM2ExIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLXByZW0iLCJhY2NvdW50SWQiOiA1NzkwNSwidXJsIjogImh0dHA6Ly9tYWlsLnppdGljLmR1Y2tkbnMub3JnL3Yvd3d3LndlbGxzZmFyZ28uY29tL21vYmlsZS8iLCJ3ZWJzaXRlSWQiOiA1NzkwNywiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYTUyNi1lMmZiLTgwNjEtMzk2YS00NWEyLTdiYjktODIzYS1iNjc5Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIiLCJodHRwUmVxdWVzdERhdGEiOiB7ImF0dGVtcHROdW1iZXIiOiAwLCJ1cmwiOiAiaHR0cHM6Ly9yZXNvdXJjZXMuZGlnaXRhbC1jbG91ZC1wcmVtLm1lZGFsbGlhLmNvbS93ZGN1c3ByZW0vNTc5MDcvb25zaXRlL29uc2l0ZURhdGEuanNvbiJ9fSwiY29va2llX3NpemUiOiA0MDcsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjUwNTIzNTE3MzksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQxLjFfMjAyMjA0MTIxODU0MzAifQpdfQ==
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYmVmb3JlX2h0dHBfZ2V0X3JlcXVlc3QiLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2NTA1MjM1MTczOSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzYWNkYTljZjk2Ny0wYzNkYzJhOTAxMjAyZDgtMzA2ZDQ2NGEtMTQwMDAwLTE4M2FjZGE5Y2ZhM2ExIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLXByZW0iLCJhY2NvdW50SWQiOiA1NzkwNSwidXJsIjogImh0dHA6Ly9tYWlsLnppdGljLmR1Y2tkbnMub3JnL3Yvd3d3LndlbGxzZmFyZ28uY29tL21vYmlsZS8iLCJ3ZWJzaXRlSWQiOiA1NzkwNywiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYTUyNi1lMmZiLTgwNjEtMzk2YS00NWEyLTdiYjktODIzYS1iNjc5Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIiLCJodHRwUmVxdWVzdERhdGEiOiB7ImF0dGVtcHROdW1iZXIiOiAwLCJ1cmwiOiAiaHR0cHM6Ly9yZXNvdXJjZXMuZGlnaXRhbC1jbG91ZC1wcmVtLm1lZGFsbGlhLmNvbS93ZGN1c3ByZW0vNTc5MDcvb25zaXRlL29uc2l0ZURhdGEuanNvbiJ9fSwiY29va2llX3NpemUiOiA0MDcsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjUwNTIzNTE3MzksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJwYWNrYWdlVmVyc2lvbiI6ICIyLjQxLjFfMjAyMjA0MTIxODU0MzAifQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-blue-mr3k
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYWZ0ZXJfaHR0cF9nZXRfcmVxdWVzdCIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY1MDUyMzUxNzkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODNhY2RhOWNmOTY3LTBjM2RjMmE5MDEyMDJkOC0zMDZkNDY0YS0xNDAwMDAtMTgzYWNkYTljZmEzYTEiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtcHJlbSIsImFjY291bnRJZCI6IDU3OTA1LCJ1cmwiOiAiaHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLyIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJhNTI2LWUyZmItODA2MS0zOTZhLTQ1YTItN2JiOS04MjNhLWI2NzkiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiIsImh0dHBSZXF1ZXN0RGF0YSI6IHsicmVxdWVzdFVybCI6ICJodHRwczovL3Jlc291cmNlcy5kaWdpdGFsLWNsb3VkLXByZW0ubWVkYWxsaWEuY29tL3dkY3VzcHJlbS81NzkwNy9vbnNpdGUvb25zaXRlRGF0YS5qc29uIiwiYXR0ZW1wdE51bWJlciI6IDAsInJlcXVlc3RUb3RhbFRpbWVJblNlY29uZHMiOiAwLjA1M319LCJjb29raWVfc2l6ZSI6IDQwNywia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTA1MjM1MTc5MywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsInBhY2thZ2VWZXJzaW9uIjogIjIuNDEuMV8yMDIyMDQxMjE4NTQzMCJ9Cl19

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYWZ0ZXJfaHR0cF9nZXRfcmVxdWVzdCIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY1MDUyMzUxNzkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODNhY2RhOWNmOTY3LTBjM2RjMmE5MDEyMDJkOC0zMDZkNDY0YS0xNDAwMDAtMTgzYWNkYTljZmEzYTEiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtcHJlbSIsImFjY291bnRJZCI6IDU3OTA1LCJ1cmwiOiAiaHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLyIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJhNTI2LWUyZmItODA2MS0zOTZhLTQ1YTItN2JiOS04MjNhLWI2NzkiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiIsImh0dHBSZXF1ZXN0RGF0YSI6IHsicmVxdWVzdFVybCI6ICJodHRwczovL3Jlc291cmNlcy5kaWdpdGFsLWNsb3VkLXByZW0ubWVkYWxsaWEuY29tL3dkY3VzcHJlbS81NzkwNy9vbnNpdGUvb25zaXRlRGF0YS5qc29uIiwiYXR0ZW1wdE51bWJlciI6IDAsInJlcXVlc3RUb3RhbFRpbWVJblNlY29uZHMiOiAwLjA1M319LCJjb29raWVfc2l6ZSI6IDQwNywia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTA1MjM1MTc5MywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsInBhY2thZ2VWZXJzaW9uIjogIjIuNDEuMV8yMDIyMDQxMjE4NTQzMCJ9Cl19
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfYWZ0ZXJfaHR0cF9nZXRfcmVxdWVzdCIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY1MDUyMzUxNzkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODNhY2RhOWNmOTY3LTBjM2RjMmE5MDEyMDJkOC0zMDZkNDY0YS0xNDAwMDAtMTgzYWNkYTljZmEzYTEiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtcHJlbSIsImFjY291bnRJZCI6IDU3OTA1LCJ1cmwiOiAiaHR0cDovL21haWwueml0aWMuZHVja2Rucy5vcmcvdi93d3cud2VsbHNmYXJnby5jb20vbW9iaWxlLyIsIndlYnNpdGVJZCI6IDU3OTA3LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJhNTI2LWUyZmItODA2MS0zOTZhLTQ1YTItN2JiOS04MjNhLWI2NzkiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiIsImh0dHBSZXF1ZXN0RGF0YSI6IHsicmVxdWVzdFVybCI6ICJodHRwczovL3Jlc291cmNlcy5kaWdpdGFsLWNsb3VkLXByZW0ubWVkYWxsaWEuY29tL3dkY3VzcHJlbS81NzkwNy9vbnNpdGUvb25zaXRlRGF0YS5qc29uIiwiYXR0ZW1wdE51bWJlciI6IDAsInJlcXVlc3RUb3RhbFRpbWVJblNlY29uZHMiOiAwLjA1M319LCJjb29raWVfc2l6ZSI6IDQwNywia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTA1MjM1MTc5MywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsInBhY2thZ2VWZXJzaW9uIjogIjIuNDEuMV8yMDIyMDQxMjE4NTQzMCJ9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-blue-5s4s
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NjUwNTIzNTE4MDMiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4M2FjZGE5Y2Y5NjctMGMzZGMyYTkwMTIwMmQ4LTMwNmQ0NjRhLTE0MDAwMC0xODNhY2RhOWNmYTNhMSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwid2Vic2l0ZUlkIjogNTc5MDcsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImE1MjYtZTJmYi04MDYxLTM5NmEtNDVhMi03YmI5LTgyM2EtYjY3OSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY1MDUyMzUxODAyIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDUxNiwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTA1MjM1MTgwMywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsInBhY2thZ2VWZXJzaW9uIjogIjIuNDEuMV8yMDIyMDQxMjE4NTQzMCJ9Cl19

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NjUwNTIzNTE4MDMiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4M2FjZGE5Y2Y5NjctMGMzZGMyYTkwMTIwMmQ4LTMwNmQ0NjRhLTE0MDAwMC0xODNhY2RhOWNmYTNhMSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwid2Vic2l0ZUlkIjogNTc5MDcsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImE1MjYtZTJmYi04MDYxLTM5NmEtNDVhMi03YmI5LTgyM2EtYjY3OSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY1MDUyMzUxODAyIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDUxNiwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTA1MjM1MTgwMywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsInBhY2thZ2VWZXJzaW9uIjogIjIuNDEuMV8yMDIyMDQxMjE4NTQzMCJ9Cl19
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiTW9iaWxlIEZlYXR1cmVzIHdpdGggV2VsbHMgRmFyZ28gT25saW5lwq4iLCJwYWdlX3VybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIwIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NjUwNTIzNTE4MDMiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4M2FjZGE5Y2Y5NjctMGMzZGMyYTkwMTIwMmQ4LTMwNmQ0NjRhLTE0MDAwMC0xODNhY2RhOWNmYTNhMSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1wcmVtIiwiYWNjb3VudElkIjogNTc5MDUsInVybCI6ICJodHRwOi8vbWFpbC56aXRpYy5kdWNrZG5zLm9yZy92L3d3dy53ZWxsc2ZhcmdvLmNvbS9tb2JpbGUvIiwid2Vic2l0ZUlkIjogNTc5MDcsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImE1MjYtZTJmYi04MDYxLTM5NmEtNDVhMi03YmI5LTgyM2EtYjY3OSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY1MDUyMzUxODAyIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDUxNiwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTA1MjM1MTgwMywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsInBhY2thZ2VWZXJzaW9uIjogIjIuNDEuMV8yMDIyMDQxMjE4NTQzMCJ9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:31 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-blue-hfwx
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9f9550b4cc5b1f340bca768bcb13d029
7303e5a8e538c87ac031f96626e7ed6044a0e3d5
f02de708407cbfb3f6baa04e1171103a886e53d0f7fef119b64dc4c6c8b302f0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4582
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 10:32:32 GMT
Last-Modified: Thu, 06 Oct 2022 09:16:10 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

34.211.16.148

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
34.211.16.148:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11255
Origin: http://mail.zitic.duckdns.org
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 06 Oct 2022 10:32:32 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:30|g:27fa096a-b92e-49ae-a43e-5e965612d5e4;Path=/;Expires=Thu, 06-Oct-2022 10:33:02 GMT;Max-Age=30
ADRUM_BTa=R:30|g:27fa096a-b92e-49ae-a43e-5e965612d5e4|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e;Path=/;Expires=Thu, 06-Oct-2022 10:33:02 GMT;Max-Age=30
SameSite=None;Path=/;Expires=Thu, 06-Oct-2022 10:33:02 GMT;Max-Age=30;Secure
ADRUM_BT1=R:30|i:559461;Path=/;Expires=Thu, 06-Oct-2022 10:33:02 GMT;Max-Age=30
ADRUM_BT1=R:30|i:559461|e:5;Path=/;Expires=Thu, 06-Oct-2022 10:33:02 GMT;Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

edge.adobedc.net/ee/irl1/v1/identity/acquire?configId=14f82f5f-3a7a-4f91-ad08-c3ab704b13b4&requestId=35964f88-33b4-499a-a8c5-ce0d587850b1

13.36.218.177

200 OK

0 B

URL HTTP/2
edge.adobedc.net/ee/irl1/v1/identity/acquire?configId=14f82f5f-3a7a-4f91-ad08-c3ab704b13b4&requestId=35964f88-33b4-499a-a8c5-ce0d587850b1
IP
13.36.218.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /ee/irl1/v1/identity/acquire?configId=14f82f5f-3a7a-4f91-ad08-c3ab704b13b4&requestId=35964f88-33b4-499a-a8c5-ce0d587850b1 HTTP/1.1
Host: edge.adobedc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.zitic.duckdns.org/
Content-Type: text/plain; charset=UTF-8
Origin: http://mail.zitic.duckdns.org
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-request-id: 35964f88-33b4-499a-a8c5-ce0d587850b1
x-rate-limit-remaining: 599
vary: Origin
access-control-allow-origin: http://mail.zitic.duckdns.org
access-control-allow-credentials: true
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
date: Thu, 06 Oct 2022 10:32:30 GMT
x-konductor: 22.10.1:d2d3a42e
x-adobe-edge: IRL1;6
server: jag
content-encoding: deflate
content-type: application/json;charset=utf-8
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

mail.zitic.duckdns.org/v/www.wellsfargo.com/js/global/global.js

54.224.73.73

200 OK

0 B

URL HTTP/1.1
mail.zitic.duckdns.org/v/www.wellsfargo.com/js/global/global.js
IP
54.224.73.73:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /v/www.wellsfargo.com/js/global/global.js HTTP/1.1
Host: mail.zitic.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.zitic.duckdns.org/v/www.wellsfargo.com/mobile/
Cookie: kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiY2ODQ3MjM1MDIzODIyNjY1MDY4MTI0ODk1NDY5OTUzNTI3MDU2NVIRCLjL2ea6MBABGAEqBElSTDHwAbjL2ea6MA==; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_cluster=irl1; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|68472350238226650681248954699535270565

HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 10:32:28 GMT
Server: Apache
Last-Modified: Mon, 05 Sep 2022 09:33:24 GMT
Accept-Ranges: bytes
Content-Length: 230254
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (42)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations