Report - info2.zapto.org/baoxzver/indexxn/

Report Overview

Submitted URL
info2.zapto.org/baoxzver/indexxn/
IP
170.187.138.60
ASN
#63949 Linode, LLC
Submitted
2023-01-10 06:39:13
Access
Website Title
Final URL
Tags
bank_of_america financial phishing dyndns
urlquery detections
Phishing - Bank of America
Suspicious - DynDNS domain

Detections

urlquery
7
Network Intrusion Detection
13
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	66 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.9 kB	93.184.220.29
ocsp.entrust.net	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	16 kB	104.110.10.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	772 B	56 kB	69.16.175.10
ajax.aspnetcdn.com	693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	31 kB	152.199.19.160
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.215.55.199
secure.bankofamerica.com	9182	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.5 kB	182 kB	171.161.116.200
stackpath.bootstrapcdn.com	2467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	948 B	104.18.10.207
info2.zapto.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	93 kB	170.187.138.60
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	827 B	13 kB	104.17.24.14
origin-bac-assets.bankofamerica.com	287998	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	458 B	350 kB	171.159.116.101
www.bankofamerica.com	9710	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	474 B	1.9 kB	171.161.116.100
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.33.119.27
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-10 06:38:48	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.zapto .org
2023-01-10 06:38:48	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.zapto .org
2023-01-10 06:38:48	medium	Client IP	170.187.138.60	ET INFO HTTP Connection To DDNS Domain Zapto.org
2023-01-10 06:38:48	medium	Client IP	170.187.138.60	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain
2023-01-10 06:38:48	medium	170.187.138.60	Client IP	ET PHISHING Bank of America Phishing Landing Aug 19 2015
2023-01-10 06:38:48	medium	Client IP	170.187.138.60	ET INFO HTTP Connection To DDNS Domain Zapto.org
2023-01-10 06:38:48	medium	Client IP	170.187.138.60	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain
2023-01-10 06:38:48	medium	Client IP	170.187.138.60	ET INFO HTTP Connection To DDNS Domain Zapto.org
2023-01-10 06:38:48	medium	Client IP	170.187.138.60	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain
2023-01-10 06:38:49	medium	Client IP	170.187.138.60	ET INFO HTTP Connection To DDNS Domain Zapto.org
2023-01-10 06:38:49	medium	Client IP	170.187.138.60	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain
2023-01-10 06:38:50	medium	Client IP	170.187.138.60	ET INFO HTTP Connection To DDNS Domain Zapto.org
2023-01-10 06:38:50	medium	Client IP	170.187.138.60	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-09	medium	info2.zapto.org/baoxzver/indexxn/	Bank of America
2023-01-09	medium	info2.zapto.org/baoxzver/indexxn/	Bank of America

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-10	medium	info2.zapto.org/baoxzver/indexxn/	Phishing
2023-01-10	medium	info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/actions.js	Phishing
2023-01-10	medium	info2.zapto.org/baoxzver/indexxn/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js	20 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-26 07:35:43 Times Seen7691 Hash 6b08ddc901000d51fa1f06a35518f302 bafe987c18cbe0587de3e6360e7da40a2885614b 02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5 Loading...

	ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-26
Pretty URL ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-26 08:38:20 Times Seen106285 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	code.jquery.com/jquery-3.3.1.slim.min.js	70 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-3.3.1.slim.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-26 07:35:43 Times Seen8376 Hash 99b0a83cf1b0b1e2cb16041520e87641 bc5836992c0b260496ba520fe1336d499bf06eb7 dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1 Loading...

	info2.zapto.org/baoxzver/indexxn/	317 B	2023-03-10	2023-03-13
Pretty URL info2.zapto.org/baoxzver/indexxn/ IP 170.187.138.60 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:17:02 Last Seen2023-03-13 17:14:04 Times Seen1 Hash a7ba00855c0ef4e68bf9492c24159448 d71d27db3c1b955b3eb65e0a51aa1bd50c43f734 3fb587fe23709822484de8ae5804985c3a75dd292cbe9a84315b5ca2b303d738 Loading...

	info2.zapto.org/baoxzver/indexxn/	269 B	2023-03-07	2024-04-23
Pretty URL info2.zapto.org/baoxzver/indexxn/ IP 170.187.138.60 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-04-23 19:17:51 Times Seen443 Hash 9678fd11bd7c60e14caf05ff2b1925e6 ab1b4abd43e151663158be81c1a9cd04f2c846cd 8fc4e1e3c24d30d70225dd53e8e936af38f1472fb365181710f7b4a973c0c1d5 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-26 08:12:20 Times Seen3637 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	code.jquery.com/jquery-3.2.1.min.js	87 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-3.2.1.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 08:43:19 Times Seen62692 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js	51 kB	2023-03-07	2024-04-26
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-04-26 07:35:43 Times Seen6328 Hash ce6e785579ae4cb555c9de311d1b9271 5ef2c15b47d7290698c737676ba9c3056b45f2e8 0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339 Loading...

	origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/callsign.js	1.6 MB	2023-03-08	2023-06-06
Pretty URL origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/callsign.js IP 171.159.116.101 ASN #10794 BANKAMERICA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:51:50 Last Seen2023-06-06 01:13:18 Times Seen37 Hash 89aeca1ec54193227a5654178e00a81d 5595acbe40881cbd386df7c0d29a3f0abcf49adf 9e2273383e3ff624ab1b108fed720344188649c5ec425da9d4e67c6ae7ed76f5 Loading...

	info2.zapto.org/baoxzver/indexxn/	419 B	2023-03-12	2023-03-13
Pretty URL info2.zapto.org/baoxzver/indexxn/ IP 170.187.138.60 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 19:36:56 Last Seen2023-03-13 17:14:04 Times Seen1 Hash f519bf81be0094c69f37daafe74a9d87 88d3759215b2a8adb144bae849d06dbef88fe49e 4f0f3a4581bf8b9b645a3f2a7607782f0ab425cbcb6439871e1a81c58e1a4780 Loading...

	info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/actions.js	1.3 kB	2023-03-07	2024-04-06
Pretty URL info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/actions.js IP 170.187.138.60 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-04-06 05:47:03 Times Seen469 Hash baef84e203e58801d16d5d460360570e fc4e9a602bdb59fc7056cb6e53686ad6a992774e 8bcecbd1eeb6e999bc9583d1e35c12a74d044dba44ee22e185e138f05ca05414 Loading...

HTTP Transactions (53)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15056
Expires: Tue, 10 Jan 2023 10:49:58 GMT
Date: Tue, 10 Jan 2023 06:39:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eecebe0566883e33558e8e67beaccb29
acdd8fd09e2066ed5ecfbc3f11c4a2d61218ecc7
65e21170242bf41eb529fa422385dbe5af65a61e374e6dd5669e7e5f927948af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65E21170242BF41EB529FA422385DBE5AF65A61E374E6DD5669E7E5F927948AF"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17771
Expires: Tue, 10 Jan 2023 11:35:13 GMT
Date: Tue, 10 Jan 2023 06:39:02 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 10 Jan 2023 05:48:28 GMT
content-type: application/json
age: 3034
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89a058935fd04697c87e9441fbb466a9
59b5b08119374b1da34cff7e43a7c6dc80103f6e
3a3261f495323ff0f60067b2930b8d0e5e4e5cd6ae9b14929a88047587b735da

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A3261F495323FF0F60067B2930B8D0E5E4E5CD6AE9B14929A88047587B735DA"
Last-Modified: Sat, 07 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16315
Expires: Tue, 10 Jan 2023 11:10:57 GMT
Date: Tue, 10 Jan 2023 06:39:02 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: h5c+b4OBg6AtURHiK4q3UOweLZAfIcAlFzajcBa00RAU1I1LDYOMWAHc+KlnZ9Hrc7ToHbRG7AU=
x-amz-request-id: F0D9E92NPV4W60PH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 10 Jan 2023 06:16:31 GMT
age: 1351
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 10 Jan 2023 06:39:02 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

info2.zapto.org/baoxzver/indexxn/

170.187.138.60

206 Partial Content

52 kB

URL HTTP/1.1
info2.zapto.org/baoxzver/indexxn/
IP
170.187.138.60:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3785)
Size
52 kB (51763 bytes)
Hash
fb1668a9cc5c5c67b04f587891e5df85
c449a3f05a13b322597901de9ab02b4b901ed426
8400764e3cb93be85552a0510eaea05b08468e677dd052f5f37b02074cbfb44e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Bank of America
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain
suricata	medium	ET PHISHING Bank of America Phishing Landing Aug 19 2015
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain

HTTP Headers

GET /baoxzver/indexxn/ HTTP/1.1
Host: info2.zapto.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Range: bytes=43196-
If-Range: Mon, 18 Jul 2022 13:37:08 GMT

HTTP/1.1 206 Partial Content
Date: Tue, 10 Jan 2023 06:39:02 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2022 13:37:08 GMT
Accept-Ranges: bytes
Content-Length: 51763
Content-Range: bytes 43196-94958/94959
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 10 Jan 2023 06:17:24 GMT
age: 1298
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.24.14

200 OK

4.5 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.5 kB (4517 bytes)
Hash
e40e054c5726f042bad463e3774a2777
5c9413b72837a440b327444104830c35ae3b052c
fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 10 Jan 2023 06:39:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7137857
expires: Sun, 31 Dec 2023 06:39:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cEyxV6xeMn%2FQWt4%2B5b5cP1b1UF2JbhRzXXoMhc%2F67ND6NcoMkSMFPsLpUjlMonltkn5WLYlMWOvcimyHgpitCz5dVCnyS9yLBMaFKMmyQuKmcT0bBjlPKXRVfWLRRIV2iPb1NojV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 787369c88efdb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js

104.17.24.14

200 OK

6.5 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20322)
Size
6.5 kB (6458 bytes)
Hash
df9fe6d48e380554eb0ec9687bed3246
207263d754220200c1916edfbda262f62223ecf5
91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9

HTTP Headers

GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://info2.zapto.org
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 10 Jan 2023 06:39:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 6458
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-500f"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1557943
expires: Sun, 31 Dec 2023 06:39:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8tTs88XyfCKCznzMfwX01VWEIDNS2y6Ek6viToCeNBD6j37yASRl5jl%2FoHP8Le3ncaSEWIi4DVGfamp1jcGB6aURO2NJpFmBlSTa2uOyN%2Be3lpdlTdYF7jjyLpLZpdRd42cIVOjR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 787369c88f730afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/style.css

170.187.138.60

200 OK

465 B

URL HTTP/1.1
info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/style.css
IP
170.187.138.60:0
ASN
#63949 Linode, LLC

File type
ASCII text, with CRLF line terminators
Size
465 B (465 bytes)
Hash
93859029521cf693c71cfd968fc0cb91
554c30f2d6e32ecfb33a20b28a37b59bf0d87a92
95ed661fbb4145dc3c3590e2c54a5ccf67e71131680536ee1d70e8687612d938

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain

HTTP Headers

GET /baoxzver/indexxn/Connected/online/Banking/USA/style.css HTTP/1.1
Host: info2.zapto.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info2.zapto.org/baoxzver/indexxn/

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 06:39:02 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2022 13:37:08 GMT
Accept-Ranges: bytes
Content-Length: 465
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
8810f174697f3e81d7bbc68195169289
cb744e3d823e75527da980c6b57b7812c699e79e
38c3fd5a36d607d746294b99ff5f0f48bb1732f43f744639425dd2b9b6bd2b8a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 314
Cache-Control: max-age=159327
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 06:39:02 GMT
Etag: "63bcd22b-118"
Expires: Thu, 12 Jan 2023 02:54:29 GMT
Last-Modified: Tue, 10 Jan 2023 02:49:15 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

152.199.19.160

200 OK

30 kB

URL HTTP/2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
IP
152.199.19.160:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (65451)
Size
30 kB (30394 bytes)
Hash
a263be51483c81a54aa8c85104a93e55
555a54a73531c553bd2aede6abc25c128b63312e
b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66

HTTP Headers

GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 26334237
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 10 Jan 2023 06:39:02 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F7A8)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.slim.min.js

69.16.175.10

200 OK

24 kB

URL HTTP/2
code.jquery.com/jquery-3.3.1.slim.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65247)
Size
24 kB (24038 bytes)
Hash
0f2e7d37e730fdbb1d8a1e8638529ecb
c21d16978a858baa75be15cb7e799ff000929429
cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0

HTTP Headers

GET /jquery-3.3.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://info2.zapto.org
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 10 Jan 2023 06:39:02 GMT
content-encoding: gzip
content-length: 24038
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1111d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CJas9J0GEocBCiQxYWUyZjgwOC0zMGQ2LTQ0ODYtODJlNS1hODNkNTU1ZDY3NmIQ+OiCoKvU+wIaBgiGkPSdBiIMOTEuOTAuNDIuMTU0KJ7KAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkYTA0MjIxZDgtZjdjNi00MTBiLTg0NjktMzc1MzdlZjRiNTdkGOa7ASIYCAISFGNkczIzMC5zazEuaHdjZG4ubmV0.5BGRfRg4TWoIoCIzGpY2SjWWiADpRLPrwtnCmaH1rA4=
x-hw: 1673332742.dop018.sk1.t,1673332742.cds264.sk1.hn,1673332742.cds230.sk1.c
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.min.js

69.16.175.10

200 OK

30 kB

URL HTTP/2
code.jquery.com/jquery-3.2.1.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32058)
Size
30 kB (30125 bytes)
Hash
148f8d3ffd9cc02048c5f4d1cc83c407
9f2b89cfd151be6a29b4d43ad64d164fb8471046
4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e

HTTP Headers

GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 10 Jan 2023 06:39:02 GMT
content-encoding: gzip
content-length: 30125
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CJas9J0GEoYBCiQwNWQ3OTk1NC04MDMwLTRlODUtYjQ1ZS0xMjMxNWI2NmZiZWQQ+OiCoKvU+wIaBgiGkPSdBiIMOTEuOTAuNDIuMTU0KPwqMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaLAgBEiRlOGRiMzgwYS00ZmNlLTQ4YTAtOTEzYy1hOTFmZjgzZGNjOGQYresBIhgIAhIUY2RzMjIyLnNrMS5od2Nkbi5uZXQ=.0TxtA8WZJTS09qsW7DLKQxHZUS+OV3CbscRKD8iaWAU=
x-hw: 1673332742.dop211.sk1.t,1673332742.cds013.sk1.hn,1673332742.cds222.sk1.c
X-Firefox-Spdy: h2

info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/actions.js

170.187.138.60

200 OK

1.3 kB

URL HTTP/1.1
info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/actions.js
IP
170.187.138.60:0
ASN
#63949 Linode, LLC

File type
ASCII text, with CRLF line terminators
Size
1.3 kB (1291 bytes)
Hash
baef84e203e58801d16d5d460360570e
fc4e9a602bdb59fc7056cb6e53686ad6a992774e
8bcecbd1eeb6e999bc9583d1e35c12a74d044dba44ee22e185e138f05ca05414

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain

HTTP Headers

GET /baoxzver/indexxn/Connected/online/Banking/USA/actions.js HTTP/1.1
Host: info2.zapto.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info2.zapto.org/baoxzver/indexxn/

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 06:39:02 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2022 13:37:08 GMT
Accept-Ranges: bytes
Content-Length: 1291
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
8810f174697f3e81d7bbc68195169289
cb744e3d823e75527da980c6b57b7812c699e79e
38c3fd5a36d607d746294b99ff5f0f48bb1732f43f744639425dd2b9b6bd2b8a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 314
Cache-Control: max-age=159327
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 06:39:02 GMT
Etag: "63bcd22b-118"
Expires: Thu, 12 Jan 2023 02:54:29 GMT
Last-Modified: Tue, 10 Jan 2023 02:49:15 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e8e0c910ffff02061a1806b1aa8cf9d2
c5bf0e7ad96e89b17a657fcb1e1cd1aa6d15ab89
896f08fa0030a1313df1f05ef47c5d1f11caa9094380fc026b95193164005448

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6295
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 06:39:02 GMT
Last-Modified: Tue, 10 Jan 2023 04:54:07 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
91d11a99b03547132f60a2fd25fed643
4c915be5f7b1a3343f35d240027b6c6d7981fe66
900485779ecfa602505ff92c61105507ca9af35fc6640d690dc7b30b292d43cb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "900485779ECFA602505FF92C61105507CA9AF35FC6640D690DC7B30B292D43CB"
Last-Modified: Mon, 09 Jan 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2120
Expires: Tue, 10 Jan 2023 07:14:23 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
91d11a99b03547132f60a2fd25fed643
4c915be5f7b1a3343f35d240027b6c6d7981fe66
900485779ecfa602505ff92c61105507ca9af35fc6640d690dc7b30b292d43cb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "900485779ECFA602505FF92C61105507CA9AF35FC6640D690DC7B30B292D43CB"
Last-Modified: Mon, 09 Jan 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2050
Expires: Tue, 10 Jan 2023 07:13:13 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
91d11a99b03547132f60a2fd25fed643
4c915be5f7b1a3343f35d240027b6c6d7981fe66
900485779ecfa602505ff92c61105507ca9af35fc6640d690dc7b30b292d43cb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "900485779ECFA602505FF92C61105507CA9AF35FC6640D690DC7B30B292D43CB"
Last-Modified: Mon, 09 Jan 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2050
Expires: Tue, 10 Jan 2023 07:13:13 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
5054f53d598d140743b9e110df6da7b3
0b70c2b11a2935aa04a51950afa492898ba70087
4a4892c98f37a3fa034c5e6be3ade755c556cd6a88ed74d92e4b06f02cb5f26f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4A4892C98F37A3FA034C5E6BE3ADE755C556CD6A88ED74D92E4B06F02CB5F26F"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2100
Expires: Tue, 10 Jan 2023 07:14:03 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
5054f53d598d140743b9e110df6da7b3
0b70c2b11a2935aa04a51950afa492898ba70087
4a4892c98f37a3fa034c5e6be3ade755c556cd6a88ed74d92e4b06f02cb5f26f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4A4892C98F37A3FA034C5E6BE3ADE755C556CD6A88ED74D92E4B06F02CB5F26F"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2100
Expires: Tue, 10 Jan 2023 07:14:03 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
5054f53d598d140743b9e110df6da7b3
0b70c2b11a2935aa04a51950afa492898ba70087
4a4892c98f37a3fa034c5e6be3ade755c556cd6a88ed74d92e4b06f02cb5f26f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4A4892C98F37A3FA034C5E6BE3ADE755C556CD6A88ED74D92E4B06F02CB5F26F"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2118
Expires: Tue, 10 Jan 2023 07:14:21 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

push.services.mozilla.com/

34.215.55.199

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.215.55.199:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: w2R/Wb0ViXay619tIPb2Yg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /dReUZfWzubWgBQrQgLF76iu2oc=

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
603afaedfc1561fc6f4e0ef0171bacd9
e03b38dca90178d803b8f4eedb469a2cff3c1c07
5cfb8e4ac160aaf756cc5c019ba9ea073115ec18fffad2846e09135eb5524e8c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "5CFB8E4AC160AAF756CC5C019BA9EA073115EC18FFFAD2846E09135EB5524E8C"
Last-Modified: Mon, 09 Jan 2023 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Tue, 10 Jan 2023 07:38:24 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

171.161.116.200

200 OK

66 kB

URL HTTP/1.1
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65647 bytes)
Hash
c4325af4d60340e587840b3a85ebc333
901195d6cf765ba710a986f9ad148744d2a92dca
3782fd9d81acbf2f7e301f6076fc3f2fcea1505c68ee2826a5a5f25fe078f800

HTTP Headers

GET /pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 08:19:51 GMT
ETag: "1006f-5e6576997a901"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
X-BOA-RequestID: Y7yqhG2Fz7_kd7aG4oY2qQAAAf0
Content-Encoding: gzip
Keep-Alive: timeout=40, max=432
Content-Type: text/css
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: FcWNFTSUcx9AzHGZ/h/AyQ==--0VkEPQ96y/9C8ZDokDq2Tw==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:03 GMT
Expires: Wed, 10 Jan 2024 06:27:45 GMT
Age: 679
Content-Length: 65647

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2624
Expires: Tue, 10 Jan 2023 07:22:47 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2624
Expires: Tue, 10 Jan 2023 07:22:47 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2624
Expires: Tue, 10 Jan 2023 07:22:47 GMT
Date: Tue, 10 Jan 2023 06:39:03 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feebfbbfd-68f7-4ded-a474-c951cdd7773f.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feebfbbfd-68f7-4ded-a474-c951cdd7773f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7572 bytes)
Hash
56ae748c9316a1db699c71c07f74eccd
42d2c5cffa7040decca69a3cab8ecc936acebc43
2b613914077dcdd5f520a26362f717d06e5756dc103aaa7924055e2cab823548

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feebfbbfd-68f7-4ded-a474-c951cdd7773f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7572
x-amzn-requestid: 195485a7-598e-483d-9c89-a23bcf33bdc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0X8HosIAMFTQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3432-6984bf62713f6bd63fc8cdc8;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:10:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rttJ4c_pZrGzDdduW4GXN7_ijnd9V5j-yep38_6A-_jpnUZhYYJjlg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 03:28:24 GMT
age: 11439
etag: "42d2c5cffa7040decca69a3cab8ecc936acebc43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8bd889ec-302d-44e9-a290-89266ee38381.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7981 bytes)
Hash
db3c7aaa80c366124e52b9da9aa710e2
ac50f2b47dd387175f838d4606e33fb91fec37b1
d4e19635e7ad010d0bc8eb1c34084e9174026df4e36e9a972318b9f6b7957834

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8bd889ec-302d-44e9-a290-89266ee38381.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7981
x-amzn-requestid: aef01bcd-4752-4435-a6a8-a33c78cb7d42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ1FIFQVIAMFTmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3553-2d2e650374cb35a322f96153;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:15:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qB9_IbgBxOPhMFxZzxb5k2c32_TW4MTYKyOCwZZ07dqnmGP7sDl9cw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 03:49:54 GMT
age: 10149
etag: "ac50f2b47dd387175f838d4606e33fb91fec37b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafe713be-1c84-4820-ac74-bdcf12a854d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12190 bytes)
Hash
0fb07eed296f5106e7b0f40702adddc2
24f637156c37dce6ee8c94f40ce41c1f6ce57dca
ed656dadbcc659a4342b1c04d615adb92ef8a5f69092225e04890400951dddf3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafe713be-1c84-4820-ac74-bdcf12a854d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12190
x-amzn-requestid: 3ab3f00d-2464-445e-8004-9efc440798e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efo63HseIAMFgMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc8845-584746e11b0c570a215e5221;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:33:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cwz3dynd4J7K_JzcpnsqaU89GZTWoo6q7AccSalqORPJFT2Pm0hZwg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 21:58:29 GMT
age: 31234
etag: "24f637156c37dce6ee8c94f40ce41c1f6ce57dca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22aaa4ec-a3a2-40cd-b0a6-2727e078bd89.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9743 bytes)
Hash
e93c4504f211614e76206db4ef758cb2
933bd495fcfd2d39ad13f1f5d0aba5a0a3a677bf
f3bde37de7ecbfbcd7c52e39178625760af7c86ffeaa6a68eb2ad1462e9a8be6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22aaa4ec-a3a2-40cd-b0a6-2727e078bd89.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: d4290427-ed0d-4805-9e4e-57bf21ea8813
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efpx3FBroAMFZYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc89a5-6d54f5317723f2602860c410;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:39:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: vJmVzAh1Ski2XBZKCE80TrHilq12hEHlACMbKbM_rzPQDN9AO-I9Sw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 21:58:35 GMT
age: 31228
etag: "933bd495fcfd2d39ad13f1f5d0aba5a0a3a677bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc8e3798-004e-4393-91d7-0581321417a7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5595 bytes)
Hash
8e351685c57200ff97e77036c699cd09
1ff8bae6a44f911b369486e137e923b2e596b8c1
0a72cf94bdcd4819556cfacb690743ace708b4edca35b5efc328cc8aaf0f24ec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc8e3798-004e-4393-91d7-0581321417a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5595
x-amzn-requestid: fa40af0f-85a1-4abe-8c0d-c6a89cd8bf09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eT2W-EFFoAMFruA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7d0f9-7c38c961644029073b16217c;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 07:42:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Re4XcM4N35eXhs-10YFDJLiq_OaeZFkEXor08P_a5bETXffb6VMyBg==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 17:46:51 GMT
age: 46332
etag: "1ff8bae6a44f911b369486e137e923b2e596b8c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9052 bytes)
Hash
4753795f36012ff993f492314aa210ec
d5c8f6896fda40fc34dbc7554ce1ece173dd2d09
cbf28b1d51aae0e01fbe9228bfb1afead400ca7cc69875ffaef573f9e068a51f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9052
x-amzn-requestid: 51cb3d41-07e4-499a-b7a7-b4ee4963c587
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efp7aGB-oAMF-0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc89e2-7bb9960c3f0116240e5ba086;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:40:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Uj03bFs1JcsW67nDiC001HBFPRKWTas3EFwGDpU5LnGIKDINZ3mqQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 22:01:08 GMT
age: 31075
etag: "d5c8f6896fda40fc34dbc7554ce1ece173dd2d09"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png

171.161.116.200

200 OK

473 B

URL HTTP/1.1
secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 12 x 37, 8-bit/color RGBA, non-interlaced\012- data
Size
473 B (473 bytes)
Hash
f6f74792e7ce049e3a26a8a725dba8c8
ca49f42737d7566f1970eba7c437399821a614fb
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01

HTTP Headers

GET /pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 08:48:42 GMT
ETag: "1d9-5e657d0c8c396"
Accept-Ranges: bytes
X-BOA-RequestID: Y7XsrhUSO9mzwxx_HJkoFAAAASk
Server-Timing: dtSInfo;desc="1"
Keep-Alive: timeout=40, max=441
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: fs56UlvaSRWUcRZ/EMlZxQ==--dpRtaY7fpVyntLTJo7Oulg==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:03 GMT
Age: 186
Content-Length: 473

info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/loading.gif

170.187.138.60

200 OK

39 kB

URL HTTP/1.1
info2.zapto.org/baoxzver/indexxn/Connected/online/Banking/USA/loading.gif
IP
170.187.138.60:0
ASN
#63949 Linode, LLC

File type
GIF image data, version 89a, 200 x 200\012- data
Size
39 kB (38636 bytes)
Hash
d10ef01e81faa2c2d812bdf670b4e072
77d09a57b2091fd7665dff763a5eab23e0ff907e
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain

HTTP Headers

GET /baoxzver/indexxn/Connected/online/Banking/USA/loading.gif HTTP/1.1
Host: info2.zapto.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info2.zapto.org/baoxzver/indexxn/

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 06:39:03 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2022 13:37:08 GMT
Accept-Ranges: bytes
Content-Length: 38636
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

secure.bankofamerica.com/pa/global-assets/1.0/graphic/help-qm-fsd.png

171.161.116.200

200 OK

3.2 kB

URL HTTP/1.1
secure.bankofamerica.com/pa/global-assets/1.0/graphic/help-qm-fsd.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3243 bytes)
Hash
fbdc66e3616bc1540c6a5c64f8d676ce
3b7e4ee1dfb7ea41502a718dc54e3ac43b33fe0b
8ebffc01fd49f51925236d8c061b0386ea217d1ef5d5c9224eef1e341a430485

HTTP Headers

GET /pa/global-assets/1.0/graphic/help-qm-fsd.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 09:03:59 GMT
ETag: "c94-5e658076c55d3"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
X-BOA-RequestID: Y7trx81fgicnn5wotVjBCgAAADg
Keep-Alive: timeout=40, max=483
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: apWHfomPu4DW/DfcFIolrg==--dpRtaY7fpVyntLTJo7Oulg==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:04 GMT
Expires: Wed, 10 Jan 2024 06:37:43 GMT
Age: 82
Content-Length: 3243

secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png

171.161.116.200

200 OK

23 kB

URL HTTP/1.1
secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 1520 x 170, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23389 bytes)
Hash
0b11b36e2bdde4b8cf810a85296a5d99
b5a2027952f0bbd0cf0a829aa66b7911d3d6103c
b584c2c7997bf9f1810be40c537a064f152881981026cb5116388e0433dbfdc3

HTTP Headers

GET /content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 05 Feb 2019 20:28:24 GMT
ETag: "99fe-5812b73724a00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-BOA-RequestID: Y7tryG3OI9PrjIMuISaAYwAAAOU
Keep-Alive: timeout=40, max=500
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: GGdLPGgEupYl7LvCYOXFjw==--dwSpWFXF+tS7RTnbYGsLOQ==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:03 GMT
Age: 95
Content-Length: 23389

secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png

171.161.116.200

200 OK

19 kB

URL HTTP/1.1
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 298 x 416, 8-bit colormap, non-interlaced\012- data
Size
19 kB (19167 bytes)
Hash
178098b4327cb4e5407e4a69c8cd2d18
0be208356ff56bea3794ed175f3682c2b0701415
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a

HTTP Headers

GET /pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 08:36:34 GMT
ETag: "4adf-5e657a56463dd"
Accept-Ranges: bytes
X-BOA-RequestID: Y7mgB4KCKa04ULEulF6omgAAAK4
Keep-Alive: timeout=40, max=385
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: FcWNFTSUcx9AzHGZ/h/AyQ==--a9Id3AUjdxCjYoozVumTMQ==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:03 GMT
Age: 199
Content-Length: 19167

secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr-print.css

171.161.116.200

200 OK

1.2 kB

URL HTTP/1.1
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr-print.css
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
ASCII text, with very long lines (9953), with no line terminators
Size
1.2 kB (1186 bytes)
Hash
199bd9ddeb17d8fed59922cdc85f2b6d
db7d29791967eab182e34859c055f7adc844140e
094df781d8be2f136c59cf7758380c5fccc20a87481ab6fd61abcb1de41436c4

HTTP Headers

GET /pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr-print.css HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 06:39:04 GMT
Last-Modified: Tue, 16 Aug 2022 08:19:51 GMT
ETag: "4a2-5e65769970109"
Accept-Ranges: bytes
Content-Length: 1186
Cache-Control: max-age=31536000
Expires: Wed, 10 Jan 2024 06:39:04 GMT
X-BOA-RequestID: Y70ICAjdBleR_WjOdoLEUAAAASE
Content-Encoding: gzip
Keep-Alive: timeout=40, max=488
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: SPID=C1S1;Path=/;Domain=.bankofamerica.com;samesite=None;Secure
SID=000E0741410063BD0808;Path=/;Domain=.bankofamerica.com;samesite=None;Secure
TS01d7083a=01cca3fb3e84c581c320104b505b7e157098c4fca36841eae73ae85c28fc131755dac6f1fadae09edb77dcd1c92efc28c32413dc74; Path=/; Secure; HTTPOnly
TS01ab8143=01cca3fb3e3ff9a82343b7495955c1af91e15d24ef6841eae73ae85c28fc131755dac6f1faa49a4649451d009050ae15c1632a62460b98e3713f12a221192086af55b66c2595e229880ff3e0a3bcaee1ed28ee8b77; path=/; domain=.bankofamerica.com; HTTPonly; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: 4BT8/oATiw90IeHlmYKpzg==--dpRtaY7fpVyntLTJo7Oulg==

origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/callsign.js

171.159.116.101

200 OK

350 kB

URL HTTP/1.1
origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/callsign.js
IP
171.159.116.101:0
ASN
#10794 BANKAMERICA

File type
ASCII text, with very long lines (65536), with no line terminators
Size
350 kB (349688 bytes)
Hash
efb108b8132879ec156b59e87b01e2d2
e48224bed5c9c6fd7049e40d63f745aac05b35bf
567e3643d45b9ef0176cd039e002e86e43e8fe6794d5580873e818fa19805d97

HTTP Headers

GET /nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/callsign.js HTTP/1.1
Host: origin-bac-assets.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 06:39:03 GMT
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 22 May 2022 01:25:32 GMT
ETag: "185689-5df8f997d81ba"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=26920000, public
Expires: Tue, 10 Jan 2023 06:39:04 GMT
X-BOA-RequestID: Y70IB6J3p-zMB0V0mGvMNQAAARw
Keep-Alive: timeout=40, max=500
Connection: Keep-Alive
Content-Type: application/x-javascript
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: https://www.bankofamerica.com
Set-Cookie: TS01794157=01b1335154141fdf0f051429ce8c3bfc4e3ff60eeb3ba252d060c3062d7b3e99a896495c8e914b92fcb46b58c55381bc7e6ae28b92; Path=/; Secure; HTTPOnly
Transfer-Encoding: chunked

secure.bankofamerica.com/pa/global-assets/1.0/graphic/sign-in-sprite.png

171.161.116.200

200 OK

3.1 kB

URL HTTP/1.1
secure.bankofamerica.com/pa/global-assets/1.0/graphic/sign-in-sprite.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 9 x 135, 8-bit/color RGBA, non-interlaced\012- data
Size
3.1 kB (3142 bytes)
Hash
c8056d44f1a6ddc85da9079d3131c314
745a2467eb3536874b558caa96d343c08ce995e2
6dcf79813b7d15584a7de25d5dc6915dbf5dc87599a71e9f514e2e21ab6233ab

HTTP Headers

GET /pa/global-assets/1.0/graphic/sign-in-sprite.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 09:04:08 GMT
ETag: "c2f-5e65807f90d15"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
X-BOA-RequestID: Y7oi58eOg-SINIBJEdNciQAAAII
Keep-Alive: timeout=40, max=497
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: lqk+5GX3zqzcwB63MGMjjQ==--dpRtaY7fpVyntLTJo7Oulg==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:04 GMT
Expires: Wed, 10 Jan 2024 06:36:08 GMT
Age: 177
Content-Length: 3142

secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png

171.161.116.200

200 OK

144 B

URL HTTP/1.1
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 14 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
144 B (144 bytes)
Hash
1f1d3a49189d9ff1e1b99d83e8a36be5
713bfd8a0cc4acb57d41ed3b82c6e601936018e7
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452

HTTP Headers

GET /pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 08:47:37 GMT
ETag: "90-5e657cce98aed"
Accept-Ranges: bytes
X-BOA-RequestID: Y7WmI-ImFpjBqGoe6VIZuAAAAQ0
Keep-Alive: timeout=40, max=447
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: sHjD/p+DIGYmQBd5YX5VEQ==--+z58B0atc09RsiEqEpJ4KQ==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:04 GMT
Age: 198
Content-Length: 144

secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png

171.161.116.200

200 OK

49 kB

URL HTTP/1.1
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type
PNG image data, 14 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
49 kB (48667 bytes)
Hash
fbf368512d6de369ecf24f2778db0aa1
ad621d647f845c66d1780e44e5495e606605c5fa
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4

HTTP Headers

GET /pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 08:47:38 GMT
ETag: "be1b-5e657ccf790c0"
Accept-Ranges: bytes
X-BOA-RequestID: Y7u40620zXiyAU9FzcZAtgAAACo
Keep-Alive: timeout=40, max=493
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: /00I6t/Ta/Z0R60cuPjO9w==--6Xupa1qjGByQKFbP1ZzNPw==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:04 GMT
Age: 201
Content-Length: 48667

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
a6828b8298155d7676b01c83db52ab58
66133cd878c7918938e38134d448a4bb44cacbde
e4436921164c188781a44301eed598c3936771d12bb8b15841fec4c734ac5a33

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "E4436921164C188781A44301EED598C3936771D12BB8B15841FEC4C734AC5A33"
Last-Modified: Mon, 09 Jan 2023 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2065
Expires: Tue, 10 Jan 2023 07:13:30 GMT
Date: Tue, 10 Jan 2023 06:39:05 GMT
Connection: keep-alive

www.bankofamerica.com/pa/global-assets/1.0/graphic/favicon.ico?ts=20151018

171.161.116.100

200 OK

429 B

URL HTTP/1.1
www.bankofamerica.com/pa/global-assets/1.0/graphic/favicon.ico?ts=20151018
IP
171.161.116.100:0
ASN
#10794 BANKAMERICA

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
429 B (429 bytes)
Hash
196b078e54a631d79ba6f560d4acb0c6
5889f5149ff0eef44b3efde200eaf1c66139992a
525151028a13175812d197c81dc5337898aaaebecff184b430fc94c94e470053

HTTP Headers

GET /pa/global-assets/1.0/graphic/favicon.ico?ts=20151018 HTTP/1.1
Host: www.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info2.zapto.org/
Cookie: SPID=C1S1; SID=000E0741410063BD0808
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 09:03:59 GMT
ETag: "47e-5e658076a32f3"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
X-BOA-RequestID: Y7dj8BpNblVapUNpG5tAGQAAAhQ
Keep-Alive: timeout=40, max=451
Content-Type: image/x-icon
X-Serviced-By: /pa/global-assets/1.0/graphic/favicon.ico--Lzmq47Av0jomZrHlGrwKaw==--8hLf1Q4yyaptJrHjPLy6QQ==
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' *.bac-assets.com cdn.cookielaw.org *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com api.boldchat.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:06 GMT
Expires: Wed, 10 Jan 2024 06:37:21 GMT
Age: 106
Content-Length: 429

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99067107-51cd-49b3-acf1-6adcfb52426d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6201 bytes)
Hash
5fd9808497597d6a5d05b998f31af317
09799d0045a418cc62825558e3dd5658350763fc
0507f6411777ad5773efa8fda81f3fd09a1543c58fd45a0b011342c947ce6f1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99067107-51cd-49b3-acf1-6adcfb52426d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6201
x-amzn-requestid: ce7c5c1e-8e06-4163-88a1-0c5968263f6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0giEiMoAMFRwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3469-76291ed321ed2a713fed0811;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:11:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4mdJKskKGZuN0ICWOlcFuvYlHuoEHOkuZ-l6Akr2e0h7xtZQASp2Rw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 03:56:45 GMT
age: 9745
etag: "09799d0045a418cc62825558e3dd5658350763fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

info2.zapto.org/baoxzver/indexxn/

170.187.138.60

200 OK

0 B

URL HTTP/1.1
info2.zapto.org/baoxzver/indexxn/
IP
170.187.138.60:0
ASN
#63949 Linode, LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Bank of America
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain
suricata	medium	ET PHISHING Bank of America Phishing Landing Aug 19 2015
suricata	medium	ET INFO HTTP Connection To DDNS Domain Zapto.org
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.zapto .org Domain

HTTP Headers

GET /baoxzver/indexxn/ HTTP/1.1
Host: info2.zapto.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 06:39:01 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2022 13:37:08 GMT
Accept-Ranges: bytes
Content-Length: 94959
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js

104.18.10.207

200 OK

0 B

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://info2.zapto.org
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 10 Jan 2023 06:39:02 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ce6e785579ae4cb555c9de311d1b9271"
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-cachedat: 11/15/2022 10:39:35
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1054
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2f948001fb21d372b9748c38b9bab15f
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 787369c90a62fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

secure.bankofamerica.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf

171.161.116.200

200 OK

0 B

URL HTTP/1.1
secure.bankofamerica.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://info2.zapto.org
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 09:03:48 GMT
ETag: "2e974-5e65806c878d0"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
X-BOA-RequestID: Y7k_kqHYd4qYvR8JrMNxiAAAAHg
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
X-Serviced-By: gkjmIZBXmYDsBqLGwMWsjg==--6Xupa1qjGByQKFbP1ZzNPw==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:05 GMT
Expires: Wed, 10 Jan 2024 06:31:10 GMT
Age: 476
Content-Length: 85483

secure.bankofamerica.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff

171.161.116.200

200 OK

0 B

URL HTTP/1.1
secure.bankofamerica.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff
IP
171.161.116.200:0
ASN
#10794 BANKAMERICA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff HTTP/1.1
Host: secure.bankofamerica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info2.zapto.org
Connection: keep-alive
Referer: http://info2.zapto.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 16 Aug 2022 09:03:48 GMT
ETag: "149f8-5e65806c87cb8"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Vary: Accept-Encoding
X-BOA-RequestID: Y7dZZ2G9Uo7PgVIdKpx9zgAAAn0
Keep-Alive: timeout=40, max=301
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-Serviced-By: +69mU8e/o7QvL9wvDSo9YA==--0VkEPQ96y/9C8ZDokDq2Tw==
Connection: Keep-Alive
Date: Tue, 10 Jan 2023 06:39:04 GMT
Expires: Wed, 10 Jan 2024 06:30:09 GMT
Age: 536
Content-Length: 84472

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations