fidelityoksecure.duckdns.org Open in urlscan Pro
147.182.232.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Submission: On November 20 via automatic, source openphish (November 20th 2021, 12:36:36 am UTC) — Scanned from DE

Summary HTTP 92 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 5 domains to perform 92 HTTP transactions. The main IP is 147.182.232.99, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is fidelityoksecure.duckdns.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 19th 2021. Valid for: 3 months.

This is the only time fidelityoksecure.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	147.182.232.99 147.182.232.99	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2.16.186.162 2.16.186.162	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
20	91.235.133.67 91.235.133.67	30286 (THM) (THM)
1	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
59	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2.18.232.194 2.18.232.194	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
92	9

2 147.182.232.99 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

fidelityoksecure.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.186.162 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-162.deploy.static.akamaitechnologies.com

assets.fidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 91.235.133.67 (United States)

ASN30286 (THM, US)

cfa.fidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-194.deploy.static.akamaitechnologies.com

sjc1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 91.235.132.130 (United States) 1 redirects

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

5h8i3ud8z4geip3rk35pkq5po53l7yi23j6bhuclfb3bdf46e1c3dc6fam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	qualtrics.com zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com siteintercept.qualtrics.com sjc1.qualtrics.com	159 KB
23	fidelity.com assets.fidelity.com cfa.fidelity.com	299 KB
5	online-metrix.net 1 redirects h.online-metrix.net 5h8i3ud8z4geip3rk35pkq5po53l7yi23j6bhuclfb3bdf46e1c3dc6fam1.e.aa.online-metrix.net	16 KB
2	duckdns.org fidelityoksecure.duckdns.org	45 KB
0	Failed function sub() { [native code] }. Failed
92	5

	Domain	Requested by
59	siteintercept.qualtrics.com	fidelityoksecure.duckdns.org zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com siteintercept.qualtrics.com
20	cfa.fidelity.com	fidelityoksecure.duckdns.org cfa.fidelity.com
4	h.online-metrix.net	1 redirects cfa.fidelity.com
3	assets.fidelity.com	fidelityoksecure.duckdns.org
2	sjc1.qualtrics.com	fidelityoksecure.duckdns.org siteintercept.qualtrics.com
2	fidelityoksecure.duckdns.org	fidelityoksecure.duckdns.org
1	5h8i3ud8z4geip3rk35pkq5po53l7yi23j6bhuclfb3bdf46e1c3dc6fam1.e.aa.online-metrix.net
1	zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com	fidelityoksecure.duckdns.org
0	ghbmnnjooekpmoecnnnilnnbdlolhkhi Failed	cfa.fidelity.com
92	9

This site contains links to these domains. Also see Links.

Domain
www.fidelity.com
login.fidelity.com
fps.fidelity.com
guest.fidelity.com
scs.fidelity.com

Subject Issuer	Validity	Valid
fidelityoksecure.duckdns.org cPanel, Inc. Certification Authority	`2021-11-19` - `2022-02-17`	3 months	crt.sh
dpcs.fidelity.com Entrust Certification Authority - L1M	`2021-04-13` - `2022-05-08`	a year	crt.sh
CFA.febtest.com Entrust Certification Authority - L1K	`2021-07-19` - `2022-08-18`	a year	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-24` - `2022-09-24`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-01-21` - `2022-01-21`	a year	crt.sh
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-07-30` - `2022-08-01`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Frame ID: E636BD35E3AF58FF151B790354FA2B0B
Requests: 72 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 22AAE1C2C6F4DBCA30671BDADD6D96A8
Requests: 3 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/check.js;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jb=343924266a7167773f4c6b667578246873673d4c6966757a2462736275354368726f6f6526687b603f436a7a6f6d672732383936
Frame ID: 2D8D20F1EB15D5BF08E375AAEB7D41E8
Requests: 13 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 081ACCB46F4A3505A2D2653E2AD76135
Requests: 3 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f
Frame ID: C6A925E5D0DE80D55E2C1ED25DA0CBB2
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f
Frame ID: 9846E51A1B1FEEF2885F7EA1F17335F4
Requests: 2 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/top_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f
Frame ID: 02E19D871055A224F3A4F18C1F3EE199
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page Statistics

92
Requests

98 %
HTTPS

0 %
IPv6

5
Domains

9
Subdomains

9
IPs

3
Countries

519 kB
Transfer

1891 kB
Size

3
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.fidelity.com/

Search URL Search Domain Scan URL

URL: https://login.fidelity.com/ftgw/pages/retail/html/include/RememberIDInfo.html
Title: Remember username

Search URL Search Domain Scan URL

URL: https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/Resolve/InitNUR
Title: Register Now

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/customer-service/need-help-logging-in
Title: Frequently Asked Questions

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/security/overview
Title: Online Security

Search URL Search Domain Scan URL

URL: https://login.fidelity.com/ftgw/Fas/Fidelity/CgfCust/Login/Init
Title: Log in to Fidelity CharitableSM

Search URL Search Domain Scan URL

URL: https://guest.fidelity.com/GA/profile
Title: Log in or sign up for Guest Access

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/open-account/overview
Title: Open an account

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/customer-service/nfs-statement-financial-condition
Title: National Financial Services LLC Statement of Financial Condition

Search URL Search Domain Scan URL

URL: https://scs.fidelity.com/webxpress/electronic_services_agreement.shtml
Title: Electronic Services Customer Agreement

Search URL Search Domain Scan URL

URL: https://scs.fidelity.com/webxpress/license_agreement.html
Title: License Agreement

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/sitemap/overview
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/accessibility/overview
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/terms-of-use#For
Title: This is for persons in the U.S. only.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&gttl=155520000 HTTP 302
https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&k=2

92 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.php Show response
fidelityoksecure.duckdns.org/Fidelity/ 45 KB
45 KB 718ms
180ms Document
text/html 147.182.232.99
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 147.182.232.99 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: ed45b866ae2d245825fdb7ddab7c553586a5feb1598f6fd4e916f0bdd4a5ca85

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Sat, 20 Nov 2021 00:36:30 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 170c22b59d68deed748cc0b577f49a828d751cb5b201fabee8f5b2eb515d4998

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 585 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39aac9dc37e49220013d6bfda6483629e9658764582168758db8cf4426b25db0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK FidelitySans-Light.woff2
assets.fidelity.com/fonts/ 40 KB
41 KB 64ms
24ms Font
font/woff2 2.16.186.162
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.fidelity.com/fonts/FidelitySans-Light.woff2
Requested by: Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.186.162 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-162.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7aa0292c8b5387df9165be7dec812d4636f0848f97093801e7c0d2d89d0ce62b

Request headers

Referer: https://fidelityoksecure.duckdns.org/
Origin: https://fidelityoksecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: rmoOPMlBTN4tSHbjfZXPBKRE8RWzeRcl
ETag: "fd6b0d7667a12e684bd5a0208f653f0e"
x-amz-request-id: QSCMG6SZEERKKW9W
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 40980
x-amz-id-2: vNRJCglVbannQtJxx2XqEBJtydDPYu8T7oNDAPyqfV9tYgR7YLuSGMb/sI7hid4dyyqDUPy5P28=
Last-Modified: Thu, 06 Dec 2018 21:21:19 GMT
Server: AmazonS3
Date: Sat, 20 Nov 2021 00:36:31 GMT
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-XSRF-TOKEN
Cache-Control: max-age=571
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: appid, appname, content-type, X-XSRF-TOKEN
Expires: Sat, 20 Nov 2021 00:46:02 GMT

GET
H/1.1 200
OK FidelitySans-Regular.woff2
assets.fidelity.com/fonts/ 38 KB
39 KB 65ms
33ms Font
font/woff2 2.16.186.162
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.fidelity.com/fonts/FidelitySans-Regular.woff2
Requested by: Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.186.162 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-162.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe

Request headers

Referer: https://fidelityoksecure.duckdns.org/
Origin: https://fidelityoksecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: cpgqIAHuy6FoHTLc0oJM1uJOyTbiLcLT
ETag: "cd5a50acd18c4f6fab4076cdc9133e9a"
x-amz-request-id: REQD5KCJNCG2NMRQ
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 38612
x-amz-id-2: WgNEUWxk6hlCyi2ntJsiyS8NfVJo5uwB5hkzpkv/KZwQxClRFTTImNbBcQeEjtb8eh+ya5cxlDA=
Last-Modified: Thu, 06 Dec 2018 21:21:15 GMT
Server: AmazonS3
Date: Sat, 20 Nov 2021 00:36:31 GMT
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-XSRF-TOKEN
Cache-Control: max-age=1577
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: appid, appname, content-type, X-XSRF-TOKEN
Expires: Sat, 20 Nov 2021 01:02:48 GMT

GET
DATA 200
OK truncated
/ 352 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6dc80a145e5abd531738f66c8c38e48aa38205440f14772046df37e5605323a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK FidelitySans-Bold.woff2
assets.fidelity.com/fonts/ 35 KB
36 KB 44ms
14ms Font
font/woff2 2.16.186.162
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.fidelity.com/fonts/FidelitySans-Bold.woff2
Requested by: Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.186.162 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-162.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487

Request headers

Referer: https://fidelityoksecure.duckdns.org/
Origin: https://fidelityoksecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: CumvHJLSFkOz7Pue9MInRl2Za8_2YyXs
ETag: "60c67bd3120a745a1c4fcadd68d304c9"
x-amz-request-id: A9E7C65Y86N66STE
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 35812
x-amz-id-2: W4npIchuVCyAHITcXServo1AQUHKR9x65TH+dyl/WxW43Zfo1jEqwLeiPzEOnJGmvq4iu33D6VQ=
Last-Modified: Thu, 06 Dec 2018 21:21:16 GMT
Server: AmazonS3
Date: Sat, 20 Nov 2021 00:36:31 GMT
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-XSRF-TOKEN
Cache-Control: max-age=829
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: appid, appname, content-type, X-XSRF-TOKEN
Expires: Sat, 20 Nov 2021 00:50:20 GMT

GET
H/1.1 200
OK tags.js Show response
cfa.fidelity.com/fp/ 79 KB
11 KB 45ms
16ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/tags.js?org_id=5h8i3ud8&session_id=D021478374785EC619A50956785409DA

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

2c1d1e54a3176825dc3bd6b3589e8be5443771a3bbd918b19193fc812b22bd0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 404
Not Found 45299d6b9a0ti190698a987b283a4a6e7
fidelityoksecure.duckdns.org/staticweb/ 0
0 163ms
162ms Script
text/html 147.182.232.99
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://fidelityoksecure.duckdns.org/staticweb/45299d6b9a0ti190698a987b283a4a6e7
Requested by: Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 147.182.232.99 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 / Show response
zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 54ms
35ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_cvGJH8lmjxbKyln&Q_LOC=https%3A%2F%2Fdigital.fidelity.com%2Fprgw%2Fdigital%2Flogin%2Ffull-page%3FerrorCode%3Derror-tryagain%26AuthRedUrl%3Dhttps%253A%252F%252Foltx.fidelity.com%252Fftgw%252Ffbc%252Fofsummary%252FdefaultPage%26AuthOrigUrl%3Dhttps%253A%252F%252Fscs.fidelity.com%252Fcustomeronly%252Fportfolio.shtml&t=1613578539608

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d2c022ab32baeb79d0fd1e7cfbb0efd41ba112e22b006cbb3fd39fcea8716ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 167955
cf-polished: origSize=8435
cf-ray: 6b0d9ac0487e7039-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 19
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-vg0lxmn53Y7h/qImvdBnjVd6Erw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 91 KB
29 KB 43ms
25ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.44.0&Q_CLIENTTYPE=web

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

8efac7087552def0e358b8896dbbe43b7ffe2d961746cdc4aea60f7eed3e1384

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 144553
cf-polished: origSize=94137
cf-ray: 6b0d9ac04a4b4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
last-modified: Wed, 10 Feb 2021 18:48:49 GMT
server: cloudflare
x-powered-by: Express
etag: W/"16fb9-1778d464668"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 EmbeddedTargetModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 7 KB
3 KB 51ms
34ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.44.0&Q_CLIENTTYPE=web

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 115841
cf-polished: origSize=8463
cf-ray: 6b0d9ac04a4c4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 7
vary: Accept-Encoding
last-modified: Wed, 10 Feb 2021 18:48:49 GMT
server: cloudflare
x-powered-by: Express
etag: W/"210f-1778d464668"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 FeedbackLinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 3 KB
1 KB 52ms
35ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.44.0&Q_CLIENTTYPE=web

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 115841
cf-polished: origSize=3553
cf-ray: 6b0d9ac04a4d4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 10 Feb 2021 18:48:49 GMT
server: cloudflare
x-powered-by: Express
etag: W/"de1-1778d464668"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 PopOverModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 9 KB
3 KB 43ms
26ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/PopOverModule.js?Q_CLIENTVERSION=1.44.0&Q_CLIENTTYPE=web

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0d67fb1e900ac570b160aaf2200d35ab1d41f00d0979ade72034289e9d3ab262

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 115841
cf-polished: origSize=10441
cf-ray: 6b0d9ac04a4e4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 6
vary: Accept-Encoding
last-modified: Wed, 10 Feb 2021 18:48:49 GMT
server: cloudflare
x-powered-by: Express
etag: W/"28c9-1778d464668"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 PopUpModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 4 KB
2 KB 40ms
23ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/PopUpModule.js?Q_CLIENTVERSION=1.44.0&Q_CLIENTTYPE=web

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

54383cb2f70247578458b930aa303a88d1298890285b4c03eed4fc04de93aeca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 115841
cf-polished: origSize=4653
cf-ray: 6b0d9ac04a504a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 10 Feb 2021 18:48:49 GMT
server: cloudflare
x-powered-by: Express
etag: W/"122d-1778d464668"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 Graphic.php
sjc1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
2 KB 29ms
9ms Image
image/png 2.18.232.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sjc1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_3yKp2nFO4GPtXrD

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-232-194.deploy.static.akamaitechnologies.com

Software

envoy /

Resource Hash

261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 163
date: Sat, 20 Nov 2021 00:36:31 GMT
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
x-envoy-upstream-service-time: 15
content-disposition: inline; filename=Feedback+tab+small
content-length: 1595
x-request-id: 160e25da-0b9f-44b6-b001-2793a56b25fd
referrer-policy: strict-origin-when-cross-origin
server: envoy
etag: "a97234fecb8fb711964fd6941188e385"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 4b28261f-252c-409e-965a-93b4cbcc1d5b
cache-control: public, max-age=10
x-robots-tag: noindex
expires: Sat, 20 Nov 2021 00:36:41 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b2ced9a0548a82ecb57df60ab6d1ca8ac7e7584f64f2b9e64cbf4ad0c3483a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 12.59a7acb124733d888c69.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 55 KB
17 KB 23ms
23ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.59a7acb124733d888c69.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fidelityoksecure.duckdns.org

Requested by

Host: zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com
URL: https://zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_cvGJH8lmjxbKyln&Q_LOC=https%3A%2F%2Fdigital.fidelity.com%2Fprgw%2Fdigital%2Flogin%2Ffull-page%3FerrorCode%3Derror-tryagain%26AuthRedUrl%3Dhttps%253A%252F%252Foltx.fidelity.com%252Fftgw%252Ffbc%252Fofsummary%252FdefaultPage%26AuthOrigUrl%3Dhttps%253A%252F%252Fscs.fidelity.com%252Fcustomeronly%252Fportfolio.shtml&t=1613578539608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e65e5ab701115114072ff2c9e28b0a533c8d3cbe3eb541af8b9ede34f9f80c6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168947
cf-polished: origSize=57365
cf-ray: 6b0d9ac13b3c4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"e015-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H/1.1 200
OK HP Show response
cfa.fidelity.com/fp/ Frame 22AA 19 KB
6 KB 14ms
14ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Requested by

Host: fidelityoksecure.duckdns.org
URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

6f024b85ed9eaf9e7d7c3e6fd342087f0e662e3ceee5cb7fe20472dd8f881623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/

Response headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: de-DE
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5788
Keep-Alive: timeout=2, max=99

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 98 KB
7 KB 228ms
228ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_cvGJH8lmjxbKyln&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.59a7acb124733d888c69.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fidelityoksecure.duckdns.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2911c3ab9d06cbcfd14dfd39782cf9934922247b822ed88e0b1927ffdc58253b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fidelityoksecure.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 20 Nov 2021 00:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://fidelityoksecure.duckdns.org
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 44896a0b9f0e55d7
cf-ray: 6b0d9ac17b784a61-FRA

GET
H/1.1 200
OK check.js Show response
cfa.fidelity.com/fp/ Frame 22AA 200 KB
28 KB 20ms
19ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/check.js?&pageid=99998&session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

762e942eadd48dffc798ee8cb93677220ad4da66933f5e6474af1c4703d1ca06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 37009b10692389b9
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=98
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK check.js;CIS3SID=75C74836506EAD0224AB233226DE73E6 Show response
cfa.fidelity.com/fp/ Frame 2D8D 408 KB
75 KB 25ms
24ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/check.js;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jb=343924266a7167773f4c6b667578246873673d4c6966757a2462736275354368726f6f6526687b603f436a7a6f6d672732383936

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/tags.js?org_id=5h8i3ud8&session_id=D021478374785EC619A50956785409DA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

998a59ce949b5f7af676a139bf3b9fb517029f744c97f895a5372dbfe9f64d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: fb3bdf46e1c3dc6f
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=97
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
cfa.fidelity.com/fp/ Frame 2D8D 81 B
475 B 40ms
13ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
cfa.fidelity.com/fp/ Frame 2D8D 81 B
475 B 41ms
13ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK HP Show response
cfa.fidelity.com/fp/ Frame 081A 19 KB
6 KB 15ms
14ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/check.js;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jb=343924266a7167773f4c6b667578246873673d4c6966757a2462736275354368726f6f6526687b603f436a7a6f6d672732383936

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

bc0cfefcdab63bf8eb475849e2d72562c23e634d79d07f4f3dd664ce6587c01f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/

Response headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: de-DE
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5788
Keep-Alive: timeout=2, max=99

GET
H/1.1 200
OK clear.png Show response
cfa.fidelity.com/fp/ Frame 2D8D 81 B
544 B 42ms
13ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 5h8i3ud8/fb3bdf46e1c3dc6fd021478374785ec619a50956785409da
Referer: https://fidelityoksecure.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Last-Modified: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Etag: 062ff1f770284993ae8419b9b9d46006
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://fidelityoksecure.duckdns.org
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Thu, 19 Nov 2026 00:36:31 GMT

GET
H/1.1

204
No Content

clear.png Show response
h.online-metrix.net/fp/ Frame 2D8D
Redirect Chain

https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&gttl=155520000
https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&k=2

0
387 B

13ms
12ms

Script
text/javascript

91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&k=2

Protocol

HTTP/1.1

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Location: https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&k=2
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=2, max=100
Content-Length: 323

GET
H/1.1 200
OK ls_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6 Show response
cfa.fidelity.com/fp/ Frame C6A9 82 KB
13 KB 17ms
16ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

f2e2d53f8562f1d2ada59bebefece7abc5f32b35f4b74d992ec40cb26934426c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/

Response headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame 2D8D 0
387 B 17ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jb=3336246c736335663261316c61653131613039343430353a3a6c6336666963383361313165323b

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6 Show response
h.online-metrix.net/fp/ Frame 9846 95 KB
15 KB 38ms
15ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

89238517342e76f8c7dbab3c3ad2251fc202b5fc8af025f658c8d1c6864e8b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/

Response headers

Date: Sat, 20 Nov 2021 00:36:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame 2D8D 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jd=353824266a64663f3138246266683f36643e336330303031616d3736393b396266626163663b306067353339373334246a6e746e3d383a3033383a3338

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:31 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 2D8D 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6 Show response
cfa.fidelity.com/fp/ Frame 02E1 82 KB
12 KB 16ms
15ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/top_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

710da14f5cfb2e49a1f523699521ffd8921f2ff2558d77272df55fea0481717a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/

Response headers

Date: Sat, 20 Nov 2021 00:36:32 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
cfa.fidelity.com/fp/ Frame 2D8D 0
218 B 15ms
15ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&ja=3230313126246b3f322678353026643f313e303078393232322e61663d3936303078333230322e717a793f3878302466707a3d312c3936323224313230382c313630322c313038322e313438302c333030382c313638302e333a30302c382c30266d763d613a30306362616c63373566646e6466396d613a363931343738366239613561266f663f3626716b643d30362664683d687c7472712d3341253a4625324664696467646b76796d6373656177726d2e64756b6b666c7b2e6f726f253246466b64656e61767b25304e6c6f656b6e267068702d3344727a696d617a796d656d6065725d61662733466a31303634663e39633230663b33693964613a61313834643426667a3f24706e353326726a3d3f386632306163346a6366626d313133623533383569673264316a64623066342e68683d3d646733306264653961323331633065336d673437663965663235386c6134392e6a716d354c696e7d78266a73603d436a7a6d6f65273a303934246a7b6f753d44696c7770266a736a753d4368706f6d672e6c6a633f3c266e666f3d3026747a6c3d47766b2532465d6e6b6e6f756e266f69766a723f3c30303166316b3262656b3030673e6363353e30303832636431373d363231646c34353a3a313c3164366d6163303c6463393c61666264353233333b333b36632e703d726e756f696e5f6e6c6371605e666164736521706e75676b665d75696c6c6f77715d6d6d64696157706e637165725e6e616c736523706c776f6b6c5f636c6f62675d616b726f6269745c64696c736529706c75676b6e5f737d6b616b76616d655c646164736521786c7765616e5f73606f636b776376655c6e636e736729706c776569665f7265696c726e697965725666616c736721706e7d656b6e5d7e6c635d726c697965725666636e7b652170647567696e5d646574696e74725c6e616c716721786c7567616e5d717e675f7661657765725c66616e7b6723706e7d67696c5d6a6976615e6e616e716d2665783b3d623731323462333a3b31383b6c34373431336b6334353e313a346d3332666d633662663b3431356d24656c5d6b3d77676067645765624f4c273038312e302d3230284f72656e4544273030475b253232302e382532304b68706d6569756d21576562474e2532324f4e514c273a304551273238312e302d32322a4770656e4f4c2532304753253038454e534e2d32304751253a30312e382530324b68726f6569756d295565624961765565604369742730305f65624744414c4544455f69667374616e6165645d697070617b7b25334027323845585457626e6766645f6d616e6d6178273342273a3247585657636f6e6d72576275666e65705d60616c6657666c6f61762533402d3032455a5c5f666e6d617c5f626c6d6e66273b422532384558545f6472616557666770766025334027323845585457736a636c65725f7c6578747570655f6e67662733402d3230475a54577465787c75706757636f6d78726573736b6f6e5d6a727663273b422530324550545f746d7876777a655f63676d7072657173696d665d7067766b2533402732384558545774677a7c7572655766696c7467725f63666b716f767a6f706b61253b422532385747404349545f4d58545f74677874777a675d666b647465705d616669736f7c726d72616325334a253230455a545f715a454025314a25323249485a5f70617a616e6e6d6c5f7360616465725d636f6f786b6e65273b422530324f4d535f6564656f6766745f69666465785f77696e762d31402530384f45515d666a6f5f726d6e66677a5f6d69786d61702531422530384d47535d7b74616c66617a645f646d726b74697469766d732533422732304d4d515d746770747570675f6e6c6f617c2531402d32304f4d535f74657a7475706d5d646c6d69745f6e6b6e6d6172253b422730384f455357746578747772655d60636e665d6e6c6f6376253b422532384f4751577465787c7572655f6a616c6457646e6f637c5f6c6b6c65697225334a2530324745535f7e657274657a5f61707a637b5f6d6a6a656176253b422532385747404f4c5f63676c6f725f607566646d705d666e6761742731422d3230574d42454e57636f6d787265737367645f766d7a7675706d5f617176632d3342253a3055474a474c5f6b6f6d7072677373676c5d76657a7c7572675d657c6325334a2530325f454247445f636f6d727265717b67665f766d787477706557657463392531402d3230574d42474c5f616f6d727a677173676c5f74677a747d72655f7b3376612d3342253a305745424949545d5f4740474e57636f6f72726d7373656c5f7667707475726d5f733374612533402d303257474a474c5d616f657072657b736766577465787c7572655f7133746157717067602d33422730305f454247445f66676a75675f7a656e64657065725d616c646f273b42253032574d42474c576467727c685f746d78747572672533402d303257474a4b49565d574d42474c576467727c685f746d78747572672533402d303257474a474c5d667269775f627d6664677a7325334a253230574742474e576e6d736757636f6c7665707425334a2530325f45424b41545f574540474c5d646d71655d6b6f6e7667787c2533422d3232554d42474c576d756c746b5f647069753336246f6c5f6a3f306a3035316b6160343a3830313c32353563676332633f673734643037623a36366c363535383467247f676c7635496e74656e253232416c612e247f676c703f496674656c2d32324b7a6973253a304f70656c474c273a32476e65616e652461636c3d33&jb=313531266c73354f6d7a6b646c612730463d2e30253a302a55616e646f7f732532304c5425303833322e322d33422730305f696e363c2531402d3230783e342925323241707264675565604369742730463d33372e3b36273038284b485c4d4c253241253232646b6965273a304767616b6729253238436a70676d65253a4639362e322e34343e362c34372d3230516366697269253a4637313f2e3336

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 20 Nov 2021 00:36:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
5h8i3ud8z4geip3rk35pkq5po53l7yi23j6bhuclfb3bdf46e1c3dc6fam1.e.aa.online-metrix.net/fp/ Frame 2D8D 81 B
438 B 62ms
15ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://5h8i3ud8z4geip3rk35pkq5po53l7yi23j6bhuclfb3bdf46e1c3dc6fam1.e.aa.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ARF;CIS3SID=3ACC724C9B39508D6593F7F26A74BD0A Show response
cfa.fidelity.com/fp/ Frame 22AA 35 B
557 B 15ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/ARF;CIS3SID=3ACC724C9B39508D6593F7F26A74BD0A?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=37009b10692389b9&pageid=99998&sera_parametere=VUcNAQsDBlUAWwpQC1sADFJSAQYJUwUAVQ4CUQ0MUQ8KDgUCW1QBCFUAABVLSl9QXUdFREpHAnQTDnAWD31HCwNdQ1VVB1xVWE1BFgt9Rw5xBxUHfUcDAF5WQUdLHFF9FgByFQ4mF1RfBAELDlpRCwAECQkJBwZVBw0BCgAPB1gEBVUCXVYBAVMLUwQMAVYIAA4WXlYMUlULCgUDCAAACAMBCQIKWghSDx9YQAUJGloDBFMCDARTBVRdUwsLW1ZdBQ8ICAwHCAdTDQZSXlhTD1JWA1NaVFcWV1APAggKVgoVXlkNFFMXQF8ECwoBAFofW1wNFltfclhEVl9WHlsUBAoBFlJWEQx8X1dHSx5aAARHU0pvWgNdXFRYUVgeXBYEBQ4%3D&count=0&max=0

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/check.js?&pageid=99998&session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

dac1bcfebd04a20d42f389e6c7eeabb64188b0b732ce5fb72a7da30b36407fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=37009b10692389b9&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=96
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 99 KB
31 KB 24ms
24ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

588683fcfb9b148f145a58b2e9c935a6ef3684b2942d2dbc49eac4fa5133094d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168948
cf-polished: origSize=102584
cf-ray: 6b0d9ac51f654a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"190b8-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H/1.1 200
OK check.js Show response
cfa.fidelity.com/fp/ Frame 081A 200 KB
28 KB 20ms
19ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/check.js?&pageid=99998&session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

aefe6c1aafedcdc56471ee8ce6227e39ea1fa63d052e032e7a52f43bd2639958

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: fb3bdf46e1c3dc6f
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=96
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame C6A9 0
387 B 14ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jf=3336246c7360353a6737376d6466603a31306534363d333a3a6c3734666e303364623066646669

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=75C74836506EAD0224AB233226DE73E6
cfa.fidelity.com/fp/ Frame 2D8D 0
400 B 15ms
15ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfa.fidelity.com/fp/clear1.png;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jf=34313426736b6c5d706e66357464705d53507a55783f4133756c494a5941614226736b645f666976673d333e33373134383d3932267b69665d7c797065357765623a676364716924716966576b657b3f3338353933383131323e30373269383634386165336638303231323e30383063383e3438636d3366323b3031303f303334323230303639633a36343b39346167636e6461366b313132396564373f376332653b3139646a303365313f66353764383d36363569663136316336666e34363566676233373c343436356d38623664663c366666393467346d3864653d39636437673765613e303462343163366731396e3866626b363a3a6d3666346d30316138333865302e716b645d7b69673f31303c3530323a3132326c3565363139313337603336313c6136363b3138346633643c3465383b3666663d333232303633323131393734693a603461386330353b38696264343e346035383232303e303138373132323338356335643e62346761643a3137376931333a3e3764313e396136613761363a3b3334313a3832636461333c3163646a3167676d3035382e736966723f30

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=3966C7998EA78E10190B4F67CE275008
h.online-metrix.net/fp/ Frame 9846 0
400 B 16ms
15ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=3966C7998EA78E10190B4F67CE275008?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jf=34313a26736b6c5d706e66357464705d785c6e6a4f3f4574507952434559644426736b645f666976673d333e33373134383d3932267b69665d7c797065357765623a676364716924716966576b657b3f3338353933383131323e30373269383634386165336638303231323e30383063383e3438636d3366323b3031303f30333432323030366b316736356d64353632363a6337663f3466353d3364626c66616461373733316c6061303b3e653233606139323938693561313c3339393d65613537363832323c643b623a6a65653766346b3639323a62303b6c3039373836326436303465343b3261623b6a62646435303f323066316632643a3039663831663566673338352e716b645d7b69673f31303c3630323a3132326a3036386d663632346763653a6c663464326965623433383b313936306533676b3765346934363762663638373a333a32326d36633a3338696234386d313131383232313830626131336335663a343a3135696133316464316233306d39663b693835313839346636606466323a3766633b6c65613432383c3630343b393060303439363b3426736964723d33

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 4.3f24d299e0044d5872df.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
896 B 24ms
24ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/4.3f24d299e0044d5872df.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

11fe7d5ae550735b14a986e7f9ea6a61f04965a55b2bc2d1a09c5352a2dcc31f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168948
cf-polished: origSize=2539
cf-ray: 6b0d9ac5f8474a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"9eb-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.0a35fd27ba387ad30f65.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 22ms
22ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.0a35fd27ba387ad30f65.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

5c6b0b5df929b352bc190dec76813ed7765edd16f4eb898eb2a1015daa026282

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168948
cf-polished: origSize=29269
cf-ray: 6b0d9ac5f8494a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"7255-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 PopUpModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 4 KB
2 KB 24ms
23ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/PopUpModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54383cb2f70247578458b930aa303a88d1298890285b4c03eed4fc04de93aeca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 167954
cf-polished: origSize=4652
cf-ray: 6b0d9ac5f84a4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 29
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 03 Nov 2021 17:52:58 GMT
server: cloudflare
etag: W/"122c-17ce6eebc90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 FeedbackLinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 3 KB
1 KB 22ms
22ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168374
cf-polished: origSize=3552
cf-ray: 6b0d9ac5f84c4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"de0-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 EmbeddedTargetModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 7 KB
3 KB 26ms
26ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168381
cf-polished: origSize=8462
cf-ray: 6b0d9ac5f84d4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"210e-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 PopOverModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 9 KB
3 KB 26ms
26ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/PopOverModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0d67fb1e900ac570b160aaf2200d35ab1d41f00d0979ade72034289e9d3ab262

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168942
cf-polished: origSize=10440
cf-ray: 6b0d9ac5f84e4a61-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 7
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:58 GMT
server: cloudflare
x-powered-by: Express
etag: W/"28c8-17ce6eebc90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 78ms
60ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_bmvqwK4G0RfqFHn&Version=6&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a169cc782012d9a5ece8cf798f618fdb59bcbd85da9576b80fd419399c1c225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 15
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619d14414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
290 B 61ms
43ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_bmvqwK4G0RfqFHn&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a104414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 87ms
69ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_6tg8PWOi1frIFut&Version=3&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

053f6f7de2dc83b0efa801d03de4f0f1b15cc6c43146f2f97484ee7384e05f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 12
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a124414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
281 B 76ms
59ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_6tg8PWOi1frIFut&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619d34414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 85ms
68ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aWusZd3gjeTf5gq&Version=4&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d62ca817b668e2e7fe40448059352566ecf10985548312f7a24a9c8b83fa3813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 13
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a0b4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
762 B 58ms
41ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_aWusZd3gjeTf5gq&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a0a4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 84ms
67ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aYqf0yaiHxFK3tQ&Version=4&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84694d83725e88328f1e12e509d9fd4244bbf60162859af52dee3e89917a5dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 13
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a0c4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
272 B 77ms
60ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_aYqf0yaiHxFK3tQ&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619d24414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 85ms
68ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_8lgMP25Ikgjv0we&Version=4&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc8721a1adc4924783894d6a7ffc53ec2b6a9f1d434f6105fe0bfe632de8eb2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a0f4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
272 B 85ms
69ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_8lgMP25Ikgjv0we&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a144414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 85ms
69ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AsPpi6JZXIjgMZ&Version=62&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e10d554f075c4d2f34a9b816377bda9d82c571953a611ccf685e52a965d113b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 20
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a154414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 328 B
321 B 59ms
43ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_0ia68TaWR1dbtn7&Version=4&Q_InterceptID=SI_0AsPpi6JZXIjgMZ&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1953b94ba034ab9ad857a51e0b28bb70b57a73a7fe51753d05df1cbdf0fb775b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a164414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 64ms
48ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_dgsx9hrWB3K6913&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b376e7247f7b6432d3bd4f87c3598250819e31dfac7b17fa11f14ad568c35be1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a094414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 298 B
300 B 74ms
59ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_bOXDLte5ExB3fcV&Version=1&Q_InterceptID=SI_dgsx9hrWB3K6913&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d17ea77190820fb8045de841be49d7ca27100343608eddfc073513d676d932b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619eb4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 88ms
73ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_6JrOieTJRaQjNt3&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80215e4d119951a2bdbb49d39524be4f7c8af7daeb0cd692ab70a90c9691889a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 32
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a014414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 295 B
748 B 86ms
71ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_9tyxYsdHImRttqd&Version=1&Q_InterceptID=SI_6JrOieTJRaQjNt3&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f544d59c46dc9e521b38e634b51cbdfc4c010e92aa2bb00a75b31681859873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a084414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 80ms
65ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aavOQmPi2QSZKE5&Version=3&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c057703e7565118ba2084013ce7b26196eb48eb1103925bc9f703b2b251fbbb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 13
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619ec4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 304 B
282 B 85ms
71ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_9zBaZSEe4Cd5tiJ&Version=1&Q_InterceptID=SI_aavOQmPi2QSZKE5&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a8c79033d6f51d9221602443e34d42e174fd3d9fedd49be51747a5217ac01d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 15
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a064414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 56ms
42ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9slyRRmuwUZ9tfT&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb55d122ba0e3370c1d5c52c60f16db655f997c045402c2e52187615ce580477

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac629fb4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
270 B 86ms
72ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_9slyRRmuwUZ9tfT&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a034414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
939 B 78ms
64ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9NSjltynMtHhMFf&Version=1&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6b4a6124675203780f1883d16d012e98448f6dceec35da99e980c073fcf1e71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619f64414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1017 B 80ms
67ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_9NSjltynMtHhMFf&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619d74414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 83ms
70ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_6KILeGGAuPslJ7n&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e07bd958925ada74f41859021ac752ddc2c7da287a426e8e5ebf8ae3d3073abe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 26
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a044414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
270 B 75ms
62ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_6KILeGGAuPslJ7n&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619e24414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 79ms
66ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_20upoDg7GIYGuyh&Version=3&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

459da4c8a9f2a70da8e894d10a363dea41b4d4cdb435af95186da4031da26464

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619f04414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
281 B 71ms
58ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_20upoDg7GIYGuyh&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619e84414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 76ms
63ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aYq2S2L9WYVHefz&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06938dd593b945d6da6fe382a54eb2f8798be00d2f67281c8c16529a35bf9193

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 14
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619e64414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
290 B 77ms
65ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_aYq2S2L9WYVHefz&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619db4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 79ms
66ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9YUbswnCF6g4k05&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2451f78cdf73cb2817ec2a124bc1a77b9c7100f5c30bdb521b824a83677c83a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 12
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619f24414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
281 B 80ms
68ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_9YUbswnCF6g4k05&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac629fd4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 57ms
45ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0qryPRAlBXczdTD&Version=6&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b2502073850d32d0771c4f2c5c405d7855e61fad3719bd4efc12687523e3402

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac629fc4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
272 B 83ms
71ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_0qryPRAlBXczdTD&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619f94414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 72ms
61ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0vaYdwthIHVvh6R&Version=11&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef8b37a63474996a7a2a5f1b20464bdcfda70740b292737fd1369a4c814b155

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619e74414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1007 B 76ms
64ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_0vaYdwthIHVvh6R&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619f14414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 74ms
63ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_5ndFaivuSQRQAmh&Version=6&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8596f3beb992852b9e2f1bf8bb2460a8b416637203316575786f7efbf9894829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619f84414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
281 B 71ms
59ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_5ndFaivuSQRQAmh&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619d54414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 73ms
62ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_2oDT1dKLOgeFIGN&Version=2&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0efcff5e42f48dc59be55debd3f3debb3258a7c37b7d71bb22adb50ab10b450

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619d84414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1016 B 83ms
72ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_2oDT1dKLOgeFIGN&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac629ff4414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 70ms
60ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_bw1hblXpnxk5GYZ&Version=9&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e72d30c589782e1029538ee2906d6c5f28f30f877e49e617002a16a434a7d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619ea4414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1011 B 72ms
61ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_bw1hblXpnxk5GYZ&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619dc4414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 76ms
66ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eUPgeLMEq5Uop2B&Version=7&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fac61e050d5eb05f5b913840d0d65423757b34191c2dd41f434f4256dc54aa86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619e54414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1016 B 83ms
73ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_eUPgeLMEq5Uop2B&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a024414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 52ms
42ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_bgaRAZcFBOJ6zwV&Version=9&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75130c88fd45f06e63bc933339fde630f4d3aa270150e5f07ebc0934f1c98295

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 17 Nov 2031 20:46:04 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac619ef4414-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1016 B 82ms
72ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_bgaRAZcFBOJ6zwV&Q_ORIGIN=https://fidelityoksecure.duckdns.org&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13828
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
last-modified: Fri, 19 Nov 2021 20:46:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6b0d9ac62a004414-FRA
servershortname
expires: Mon, 17 Nov 2031 20:46:04 GMT

GET
H/1.1 200
OK ARF;CIS3SID=5C167C5AEE633EB1B0E52B8D2231E47E Show response
cfa.fidelity.com/fp/ Frame 081A 35 B
557 B 15ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/ARF;CIS3SID=5C167C5AEE633EB1B0E52B8D2231E47E?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&pageid=99998&sera_parametere=ABIOA1IABw5UV1oCAVdUUgIDBVQAXlEDVlIBCwcAAldeAABSVVJXAgNUUhUXEAsPCBJGFhdDB3JABiEWUycTVFYIQAcIA1lTC0UQFlcnE1EkUhZVIEMGBg1eEEcXRgUiQ1VxR1MiElIMDFALUgAFVFVRCltUAwNTVAVQClxVUwdRUFZQAFIEBwADAgRQWwJXVVsVDAsIV1NYVwEABgdQUlAHAgFXAlcAAxcJQFlTTldSVlZRUwIGB1EDUFJQAVRfVVcEUAFSB1JQCAIHVlVVXlAHVlVQBQUQBFheAlRQAlVAC1pfSVcSRgwMWgpdWg5ADgkORAZbd14XXg5WQgFAW19UFQALFQl6DF8WS0IAVFsSBkk9BwdYWgdQAFhCBkJbUVQ%3D&count=0&max=0

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/check.js?&pageid=99998&session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

6dc5fc4dabac7a81011d470f0bcec73f22276a87628c3673215c82115879238a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/HP?session_id=d021478374785ec619a50956785409da&org_id=5h8i3ud8&nonce=fb3bdf46e1c3dc6f&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=95
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 Graphic.php
sjc1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
2 KB 9ms
9ms Image
image/png 2.18.232.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sjc1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_3yKp2nFO4GPtXrD

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-232-194.deploy.static.akamaitechnologies.com

Software

envoy /

Resource Hash

261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 163
date: Sat, 20 Nov 2021 00:36:32 GMT
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
x-envoy-upstream-service-time: 15
content-disposition: inline; filename=Feedback+tab+small
content-length: 1595
x-request-id: 160e25da-0b9f-44b6-b001-2793a56b25fd
referrer-policy: strict-origin-when-cross-origin
server: envoy
etag: "a97234fecb8fb711964fd6941188e385"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 4b28261f-252c-409e-965a-93b4cbcc1d5b
cache-control: public, max-age=9
x-robots-tag: noindex
expires: Sat, 20 Nov 2021 00:36:41 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
225 B 33ms
33ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_0ia68TaWR1dbtn7&Q_SIID=SI_0AsPpi6JZXIjgMZ&Q_ASID=AS_0AqVa5fIQp7ktXT&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&r=1637368592506

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fidelityoksecure.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 20 Nov 2021 00:36:32 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://fidelityoksecure.duckdns.org
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
trace-id: beb563abf5a27860
cf-ray: 6b0d9ac72b944414-FRA
vary: Accept-Encoding
content-length: 45

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame 2D8D 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jac=1&je=313135262672653f6c6f246a617471763d73226c657e656e2032312e30382c227374637475712a3820636a6972676b6c672a7d26617d646a3f6b61376231653665363a3163616961346630693763333b32313336333c3660376b33313731366234643a64643630343230313066653664303b6663643034373b

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Nov 2021 00:36:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear3.png;CIS3SID=75C74836506EAD0224AB233226DE73E6 Show response
cfa.fidelity.com/fp/ Frame 2D8D 0
219 B 39ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear3.png;CIS3SID=75C74836506EAD0224AB233226DE73E6?org_id=5h8i3ud8&session_id=d021478374785ec619a50956785409da&nonce=fb3bdf46e1c3dc6f&jac=1&je=null

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fidelityoksecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 20 Nov 2021 00:36:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cfa.fidelity.com/	1970-01-21 18:01:28	Name: thx_guid Value: 8e69056e634040b6a1d4a0b8d4ded9a4
cfa.fidelity.com/	1970-01-21 18:01:28	Name: tmx_guid Value: ABCf7EXqDe8-mn0qwfyxHVtqF9gqrDGRQAN7e5-YxTH5lBJuBz-6Stj4kXUq5QwrUNMyINpll0ue9FzpNiYafmUQ5z4Q2wwDXtQ
h.online-metrix.net/	1970-01-21 18:01:28	Name: thx_global_guid Value: 50a8df2e99f947bb9ef2b9eec06e7455

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fidelityoksecure.duckdns.org/staticweb/45299d6b9a0ti190698a987b283a4a6e7 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://fidelityoksecure.duckdns.org/Fidelity/login.php?primarymember_id=b1046f69c28f91a9da2a184f4 Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'https://fidelityoksecure.duckdns.org' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5h8i3ud8z4geip3rk35pkq5po53l7yi23j6bhuclfb3bdf46e1c3dc6fam1.e.aa.online-metrix.net
assets.fidelity.com
cfa.fidelity.com
fidelityoksecure.duckdns.org
ghbmnnjooekpmoecnnnilnnbdlolhkhi
h.online-metrix.net
siteintercept.qualtrics.com
sjc1.qualtrics.com
zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
104.17.208.240
104.17.209.240
147.182.232.99
2.16.186.162
2.18.232.194
91.235.132.130
91.235.133.67
91.235.134.131
053f6f7de2dc83b0efa801d03de4f0f1b15cc6c43146f2f97484ee7384e05f21
06938dd593b945d6da6fe382a54eb2f8798be00d2f67281c8c16529a35bf9193
0b2502073850d32d0771c4f2c5c405d7855e61fad3719bd4efc12687523e3402
0d67fb1e900ac570b160aaf2200d35ab1d41f00d0979ade72034289e9d3ab262
11fe7d5ae550735b14a986e7f9ea6a61f04965a55b2bc2d1a09c5352a2dcc31f
170c22b59d68deed748cc0b577f49a828d751cb5b201fabee8f5b2eb515d4998
1953b94ba034ab9ad857a51e0b28bb70b57a73a7fe51753d05df1cbdf0fb775b
1ef8b37a63474996a7a2a5f1b20464bdcfda70740b292737fd1369a4c814b155
2451f78cdf73cb2817ec2a124bc1a77b9c7100f5c30bdb521b824a83677c83a0
261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0
2911c3ab9d06cbcfd14dfd39782cf9934922247b822ed88e0b1927ffdc58253b
294394f3b1b6ebe8e536343efb15bb35964899ebce1f52ce37c7389594079987
2c1d1e54a3176825dc3bd6b3589e8be5443771a3bbd918b19193fc812b22bd0c
33f544d59c46dc9e521b38e634b51cbdfc4c010e92aa2bb00a75b31681859873
39aac9dc37e49220013d6bfda6483629e9658764582168758db8cf4426b25db0
3a8c79033d6f51d9221602443e34d42e174fd3d9fedd49be51747a5217ac01d7
459da4c8a9f2a70da8e894d10a363dea41b4d4cdb435af95186da4031da26464
54383cb2f70247578458b930aa303a88d1298890285b4c03eed4fc04de93aeca
55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b
588683fcfb9b148f145a58b2e9c935a6ef3684b2942d2dbc49eac4fa5133094d
5c6b0b5df929b352bc190dec76813ed7765edd16f4eb898eb2a1015daa026282
67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487
6b2ced9a0548a82ecb57df60ab6d1ca8ac7e7584f64f2b9e64cbf4ad0c3483a4
6dc5fc4dabac7a81011d470f0bcec73f22276a87628c3673215c82115879238a
6e72d30c589782e1029538ee2906d6c5f28f30f877e49e617002a16a434a7d6b
6f024b85ed9eaf9e7d7c3e6fd342087f0e662e3ceee5cb7fe20472dd8f881623
710da14f5cfb2e49a1f523699521ffd8921f2ff2558d77272df55fea0481717a
75130c88fd45f06e63bc933339fde630f4d3aa270150e5f07ebc0934f1c98295
762e942eadd48dffc798ee8cb93677220ad4da66933f5e6474af1c4703d1ca06
7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe
7aa0292c8b5387df9165be7dec812d4636f0848f97093801e7c0d2d89d0ce62b
80215e4d119951a2bdbb49d39524be4f7c8af7daeb0cd692ab70a90c9691889a
84694d83725e88328f1e12e509d9fd4244bbf60162859af52dee3e89917a5dd2
8596f3beb992852b9e2f1bf8bb2460a8b416637203316575786f7efbf9894829
89238517342e76f8c7dbab3c3ad2251fc202b5fc8af025f658c8d1c6864e8b13
8efac7087552def0e358b8896dbbe43b7ffe2d961746cdc4aea60f7eed3e1384
90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
998a59ce949b5f7af676a139bf3b9fb517029f744c97f895a5372dbfe9f64d05
9a169cc782012d9a5ece8cf798f618fdb59bcbd85da9576b80fd419399c1c225
9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c
9d2c022ab32baeb79d0fd1e7cfbb0efd41ba112e22b006cbb3fd39fcea8716ae
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
aefe6c1aafedcdc56471ee8ce6227e39ea1fa63d052e032e7a52f43bd2639958
b376e7247f7b6432d3bd4f87c3598250819e31dfac7b17fa11f14ad568c35be1
bc0cfefcdab63bf8eb475849e2d72562c23e634d79d07f4f3dd664ce6587c01f
c057703e7565118ba2084013ce7b26196eb48eb1103925bc9f703b2b251fbbb7
cc8721a1adc4924783894d6a7ffc53ec2b6a9f1d434f6105fe0bfe632de8eb2b
d17ea77190820fb8045de841be49d7ca27100343608eddfc073513d676d932b3
d62ca817b668e2e7fe40448059352566ecf10985548312f7a24a9c8b83fa3813
d6dc80a145e5abd531738f66c8c38e48aa38205440f14772046df37e5605323a
dac1bcfebd04a20d42f389e6c7eeabb64188b0b732ce5fb72a7da30b36407fe3
e07bd958925ada74f41859021ac752ddc2c7da287a426e8e5ebf8ae3d3073abe
e0efcff5e42f48dc59be55debd3f3debb3258a7c37b7d71bb22adb50ab10b450
e10d554f075c4d2f34a9b816377bda9d82c571953a611ccf685e52a965d113b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65e5ab701115114072ff2c9e28b0a533c8d3cbe3eb541af8b9ede34f9f80c6f
eb55d122ba0e3370c1d5c52c60f16db655f997c045402c2e52187615ce580477
ed45b866ae2d245825fdb7ddab7c553586a5feb1598f6fd4e916f0bdd4a5ca85
f2e2d53f8562f1d2ada59bebefece7abc5f32b35f4b74d992ec40cb26934426c
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f6b4a6124675203780f1883d16d012e98448f6dceec35da99e980c073fcf1e71
fac61e050d5eb05f5b913840d0d65423757b34191c2dd41f434f4256dc54aa86

fidelityoksecure.duckdns.org Open in urlscan Pro 147.182.232.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

92 Requests

98 %HTTPS

0 %IPv6

5 Domains

9 Subdomains

9 IPs

3 Countries

519 kBTransfer

1891 kBSize

3 Cookies

16 Outgoing links

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

fidelityoksecure.duckdns.org Open in urlscan Pro
147.182.232.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

98 %
HTTPS

0 %
IPv6

5
Domains

9
Subdomains

9
IPs

3
Countries

519 kB
Transfer

1891 kB
Size

3
Cookies

92 HTTP transactions
4 data transactions