ylekcornersuite.cfd Open in urlscan Pro
2606:4700:3036::6815:3d7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ylekcornersuite.cfd/first/firstcitizens.com/
Submission Tags: @ecarlesi threat phishing citizensbank Search All
Submission: On June 05 via api (June 5th 2024, 1:39:19 am UTC) from IT — Scanned from IT

Summary HTTP 47 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 47 HTTP transactions. The main IP is 2606:4700:3036::6815:3d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is ylekcornersuite.cfd.
TLS certificate: Issued by GTS CA 1P5 on May 30th 2024. Valid for: 3 months.

This is the only time ylekcornersuite.cfd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3036::6815:3d7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	65.9.95.61 65.9.95.61	16509 (AMAZON-02) (AMAZON-02)
1 28	192.0.63.252 192.0.63.252	62659 (Q2HOLDINGS) (Q2HOLDINGS)
5	2a02:26f0:350... 2a02:26f0:3500:591::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	79.125.35.115 79.125.35.115	16509 (AMAZON-02) (AMAZON-02)
1	54.76.80.14 54.76.80.14	16509 (AMAZON-02) (AMAZON-02)
1 1	52.30.166.91 52.30.166.91	16509 (AMAZON-02) (AMAZON-02)
3	34.107.204.85 34.107.204.85	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.214.188.27 54.214.188.27	16509 (AMAZON-02) (AMAZON-02)
47	12

1 2606:4700:3036::6815:3d7 (United States)

ASN13335 (CLOUDFLARENET, US)

ylekcornersuite.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.95.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-61.prg50.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 192.0.63.252 (United States) 1 redirects

ASN62659 (Q2HOLDINGS, US)

cdn1.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds-sdkcfg.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
digitalbanking.firstcitizens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sdk-cdn.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:591::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 79.125.35.115 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-35-115.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.80.14 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-80-14.eu-west-1.compute.amazonaws.com

firstcitizens.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.166.91 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-166-91.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.204.85 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 85.204.107.34.bc.googleusercontent.com

app.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.214.188.27 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-214-188-27.us-west-2.compute.amazonaws.com

col.eum-appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	onlineaccess1.com cdn1.onlineaccess1.com — Cisco Umbrella Rank: 19524 cds-sdkcfg.onlineaccess1.com — Cisco Umbrella Rank: 16979 sdk-cdn.onlineaccess1.com — Cisco Umbrella Rank: 32052	929 KB
5	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 440	82 KB
3	pendo.io app.pendo.io — Cisco Umbrella Rank: 1827	2 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 250 firstcitizens.demdex.net — Cisco Umbrella Rank: 272939	2 KB
3	appdynamics.com cdn.appdynamics.com — Cisco Umbrella Rank: 4680	36 KB
1	eum-appdynamics.com col.eum-appdynamics.com — Cisco Umbrella Rank: 3280	870 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1363	517 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 70	913 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 260	5 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 3104	38 KB
1	firstcitizens.com 1 redirects digitalbanking.firstcitizens.com — Cisco Umbrella Rank: 232820	1016 B
1	ylekcornersuite.cfd ylekcornersuite.cfd	36 KB
47	12

	Domain	Requested by
24	cdn1.onlineaccess1.com	ylekcornersuite.cfd cdn1.onlineaccess1.com
5	assets.adobedtm.com	ylekcornersuite.cfd assets.adobedtm.com
3	app.pendo.io	cds-sdkcfg.onlineaccess1.com
3	cdn.appdynamics.com	ylekcornersuite.cfd cdn.appdynamics.com
2	dpm.demdex.net	cds-sdkcfg.onlineaccess1.com ylekcornersuite.cfd
2	sdk-cdn.onlineaccess1.com	ylekcornersuite.cfd
1	col.eum-appdynamics.com	cds-sdkcfg.onlineaccess1.com
1	cm.everesttech.net	1 redirects
1	firstcitizens.demdex.net	assets.adobedtm.com
1	fonts.googleapis.com	cdn1.onlineaccess1.com
1	cdnjs.cloudflare.com	ylekcornersuite.cfd
1	ajax.aspnetcdn.com	ylekcornersuite.cfd
1	digitalbanking.firstcitizens.com	1 redirects
1	cds-sdkcfg.onlineaccess1.com	ylekcornersuite.cfd
1	ylekcornersuite.cfd
47	15

This site contains links to these domains. Also see Links.

Domain
www.firstcitizens.com
digitalbanking.firstcitizens.com
digitalbanking.firstcitizens.com.yext-cdn.com
cdn1.onlineaccess1.com

Subject Issuer	Validity	Valid
ylekcornersuite.cfd GTS CA 1P5	`2024-05-30` - `2024-08-28`	3 months	crt.sh
*.appdynamics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-21` - `2024-07-21`	a year	crt.sh
onlineaccess1.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
sdk-cdn.onlineaccess1.com GTS CA 1P5	`2024-05-07` - `2024-08-05`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-01-30` - `2025-01-30`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
pendo.io WR3	`2024-05-23` - `2024-08-21`	3 months	crt.sh
*.eum-appdynamics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-14` - `2024-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://ylekcornersuite.cfd/first/firstcitizens.com/
Frame ID: DA75E2CE0194707B053946FC52DBF6AC
Requests: 48 HTTP requests in this frame

Frame: https://firstcitizens.demdex.net/dest5.html?d_nsid=0
Frame ID: B52AFB722B4AEE8361E87B3689E49D6C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

First Citizens Bank

Detected technologies

AppDynamics (Analytics) Expand

Overall confidence: 100%
Detected patterns

adrum

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

47
Requests

94 %
HTTPS

25 %
IPv6

12
Domains

15
Subdomains

12
IPs

4
Countries

1130 kB
Transfer

4506 kB
Size

9
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.firstcitizens.com/privacy-security/
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com/FCBTC_AutoEnroll/SignUp.html
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com/FCBTC_ForgotLogin/ForgotUsername.html
Title: Forgot Login ID?

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com.yext-cdn.com/search
Title: Locations

Search URL Search Domain Scan URL

URL: https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/fdic_logo_large-101554d3eebb7c3c6fedb7d73549127b.png

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://digitalbanking.firstcitizens.com/FCBTCOnline/filemap/assets/themejs/theme-wealth.js HTTP 302
https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/d0787eab00d212e5d3455e4f5c740557/assets/themejs/theme-wealth-3f6b735a793339b4f89030e06173c547.js

Request Chain 34

https://cm.everesttech.net/cm/dd?d_uuid=75843675911469992460414576512998112479 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl-BwQAAAEzn-QO5

47 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ylekcornersuite.cfd/first/firstcitizens.com/ 392 KB
36 KB 312ms
237ms Document
text/html 2606:4700:3036::6815:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ylekcornersuite.cfd/first/firstcitizens.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a446f43aa79b8c3c298e8a122bba9408f8ec11330ff205a1c2045f4118492c35

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 88ec728d4a5e0f66-MXP
content-encoding: br
content-type: text/html
date: Wed, 05 Jun 2024 01:39:11 GMT
last-modified: Mon, 15 May 2023 17:47:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYS%2B9My9xXJzi2i8m%2F99E3Pcfa%2Fr0QN%2B5FUHE%2F6DW%2BQ3nd5cY%2FHPnnpLgBTpSTePnvw6cFFpmEXlKdHZwWl9Zrvg5dtmPUKD4PfF592CrqH4AojkEWgZ%2FxKw%2FmmVEQuBmvrr5sUv52P2wZ4H5yeStqRg"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 adrum-ext.2aed9d091ef08efa95822e864b4554d2.js Show response
cdn.appdynamics.com/ 47 KB
19 KB 133ms
48ms Script
application/javascript 65.9.95.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appdynamics.com/adrum-ext.2aed9d091ef08efa95822e864b4554d2.js
Requested by: Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-61.prg50.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: fc9c2a5689107bc64f45aab5fb2f3215b277a1bf1b935921e8d5f379420336f5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 06 May 2024 11:46:16 GMT
content-encoding: gzip
via: 1.1 93fcd07b66eaf26b036f14e2ec9d73ea.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2555575
x-cache: Hit from cloudfront
last-modified: Fri, 18 Aug 2017 18:04:35 GMT
server: nginx/1.16.1
etag: W/"59972c33-bae0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RT9eRIdhsoudeOz0IiKQzB4dYKh5QWPZg6KnybxhkpKkvoELUsTZlA==

GET
H2 200 pendo-2.183.0.js Show response
cdn1.onlineaccess1.com/cdn/static/q2-pendo/ 402 KB
133 KB 692ms
631ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/static/q2-pendo/pendo-2.183.0.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

450d477d571c84e3685a33462fbd0df4df745b91ec0fbcee18daf8e6632f4fdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 03 May 2024 14:29:25 GMT
server: cloudflare
etag: W/"6634f4c5-64844"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f4d39baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 common.js Show response
cds-sdkcfg.onlineaccess1.com/ 300 KB
169 KB 230ms
161ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cds-sdkcfg.onlineaccess1.com/common.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65cc7ca7766deb92d702b0630f48f73b9d9b291b7b195a6bd7dc2b68807d75f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
x-ion-hop: prod
cache-control: no-cache, no-store, must-revalidate
cf-ray: 88ec728f3b625252-MXP
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H2 200 43prod-adrum-config.js Show response
cdn1.onlineaccess1.com/cdn/wedge/3397/js/ 848 B
675 B 640ms
581ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/wedge/3397/js/43prod-adrum-config.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fab761fa2fec240425c101388b0f3ded9a9eb9ecef46abaa960f91d296d9f294

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 30 Apr 2024 17:05:58 GMT
server: cloudflare
etag: W/"663124f6-350"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d33baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adrum-4.3.3.0.js Show response
cdn.appdynamics.com/adrum/ 44 KB
17 KB 124ms
42ms Script
application/javascript 65.9.95.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appdynamics.com/adrum/adrum-4.3.3.0.js
Requested by: Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-61.prg50.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: 6b4af1bad59b96026f537d7f4787fc221d7fbbb834766723559c92feb4e22e35

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 08:31:01 GMT
content-encoding: gzip
via: 1.1 93fcd07b66eaf26b036f14e2ec9d73ea.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 320890
x-cache: Hit from cloudfront
last-modified: Wed, 31 May 2017 18:24:07 GMT
server: nginx/1.16.1
etag: W/"592f0a47-af61"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ToazuA_WsN-HoxOQpi7mxZDljjehiJw7RAk_mQBoTw2i_GSANswH_A==

GET
H2 200 q2-tecton-theme.css
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/ 32 KB
5 KB 98ms
40ms Stylesheet
text/css 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-theme.css

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04330ffee350c99dd47276ea9e40ff460069f7fe0bd71ab3fa6aa33b5583af39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:11 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 138440
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-801d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d2cbaeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.css
cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/ 93 KB
18 KB 95ms
37ms Stylesheet
text/css 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/app.css

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15d83a51b60396d427c6ddc25d9730980297f17d7c3fe2a5dcb32c1a1b691300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:11 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 132180
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Apr 2023 15:17:58 GMT
server: cloudflare
etag: W/"64400626-175bf"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d2dbaeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 theme-q2-060b3fe1dcc1591213bf5ff49a438329.css
cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/ 1 MB
141 KB 784ms
727ms Stylesheet
text/css 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/theme-q2-060b3fe1dcc1591213bf5ff49a438329.css

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

238ae96fab1924d99197db25336f2cf1d2e04c43d236c87cbab9cb3a6bf4a291

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 May 2023 01:50:26 GMT
server: cloudflare
etag: W/"64530f62-11cb12"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d2fbaeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 add-engine-meta.js Show response
cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/ 3 KB
887 B 106ms
48ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/add-engine-meta.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8fdc2ed9d7ebb136d0c68f0ff7e1d02f85ade479e700eb90e97edbb7c441552

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:11 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 132180
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Apr 2023 15:17:58 GMT
server: cloudflare
etag: W/"64400626-da5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d31baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 theme-q2-012d51ac3fe8e6f241dc6b92f667ce86.js Show response
cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/themejs/ 8 KB
1 KB 639ms
582ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/themejs/theme-q2-012d51ac3fe8e6f241dc6b92f667ce86.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65e88347b63ff3f9be7ef2e840d04ef0c97486743fb88cf9ae6d44520665e568

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Nov 2023 02:19:42 GMT
server: cloudflare
etag: W/"6556cdbe-21f6"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d32baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 en-us-8225934316b67f47cd807bac56bca8b3.js Show response
cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/resources/ 806 KB
162 KB 795ms
738ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/resources/en-us-8225934316b67f47cd807bac56bca8b3.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f878ae6a92067ef21282b953bd179283eb237af696b6c06363b4b365f2bb332

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 May 2023 01:50:26 GMT
server: cloudflare
etag: W/"64530f62-c97ca"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f3d30baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tecton-590048df214033d1c1591d552a32c9af.css
cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/ 8 KB
2 KB 100ms
44ms Stylesheet
text/css 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/tecton-590048df214033d1c1591d552a32c9af.css

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbb5d60b0e8fbf3ce2eeb2479ad9ef6744585303f9ee0bf27c62b35a0a2dc30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:11 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 132179
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Apr 2023 15:17:59 GMT
server: cloudflare
etag: W/"64400627-1f56"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec728f2d2bbaeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 launch-e263c6b8498d.min.js Show response
assets.adobedtm.com/60e0841c6ded/a1fc4db97b20/ 186 KB
53 KB 196ms
67ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/60e0841c6ded/a1fc4db97b20/launch-e263c6b8498d.min.js
Requested by: Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 90d3f87212624296f88ecb57ed7f8177d393fc4b59437fdcdbdfc72b44fb6876

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
last-modified: Fri, 23 Feb 2024 16:15:41 GMT
server: AkamaiNetStorage
etag: "7c385f00f2fc7939ace99863a7512479:1708704941.285026"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://ylekcornersuite.cfd
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 54133
expires: Wed, 05 Jun 2024 02:39:12 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 172ms
44ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://ylekcornersuite.cfd
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Wed, 05 Jun 2024 02:39:12 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 174ms
46ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://ylekcornersuite.cfd
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Wed, 05 Jun 2024 02:39:12 GMT

GET
H3

200

theme-wealth-3f6b735a793339b4f89030e06173c547.js Show response
cdn1.onlineaccess1.com/cdn/depot/3397/1069/d0787eab00d212e5d3455e4f5c740557/assets/themejs/
Redirect Chain

https://digitalbanking.firstcitizens.com/FCBTCOnline/filemap/assets/themejs/theme-wealth.js
https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/d0787eab00d212e5d3455e4f5c740557/assets/themejs/theme-wealth-3f6b735a793339b4f89030e06173c547.js

8 KB
1 KB

38ms
37ms

Script
application/javascript

192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/d0787eab00d212e5d3455e4f5c740557/assets/themejs/theme-wealth-3f6b735a793339b4f89030e06173c547.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23e468e3a6735034e46c57ab876e5c050f2be6845d39c58686bc7d3257d178e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://ylekcornersuite.cfd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 3623754
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Apr 2024 16:49:15 GMT
server: cloudflare
etag: W/"6627e68b-2034"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec72940b3c0e4e-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

date: Wed, 05 Jun 2024 01:39:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
request-id: 1717551552555
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/d0787eab00d212e5d3455e4f5c740557/assets/themejs/theme-wealth-3f6b735a793339b4f89030e06173c547.js
cache-control: no-cache
trace-id: 02eda53a7c79a9448071b7fd3b06d18e
cf-ray: 88ec729299ce0dc5-MXP

GET
H2 200 adobeAnalytics.js Show response
sdk-cdn.onlineaccess1.com/sdk-nginx-prd/sdkcdn/q2sdk-3397-firstcitizens-qsdk-adobeanalytics/AdobeAnalytics/assets/ 5 KB
2 KB 716ms
585ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk-cdn.onlineaccess1.com/sdk-nginx-prd/sdkcdn/q2sdk-3397-firstcitizens-qsdk-adobeanalytics/AdobeAnalytics/assets/adobeAnalytics.js?5613769

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

953451e68dd2c0ad78318c695cbeeafdb50502cc411cba4bbe82c3e61b073718

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Apr 2022 20:28:46 GMT
server: cloudflare
etag: W/"2599b9cd40702d3e19d342cc0ca0b2035c3b72dfc537e49ab0a0acd939bb27fb1ce7dfc7ac62005fee7dfe81b9f158aa4f11bae6bfbec8e8f21b52fd1a8fa826"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952
cf-ray: 88ec729638c44c55-MXP
alt-svc: h3=":443"; ma=86400
expires: Thu, 05 Jun 2025 07:28:25 GMT

GET
H2 200 q2-pendo.js Show response
cdn1.onlineaccess1.com/cdn/pendo/ 8 KB
2 KB 584ms
580ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/pendo/q2-pendo.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e7e3af7aa664d48bf2984dc382d424dd32a6a17277c022597b78550a5b3f79b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Mar 2024 19:37:54 GMT
server: cloudflare
etag: W/"65fc8c92-1ea8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=30
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec7291fde6baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 q2-tecton-elements.esm.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 7 KB
3 KB 605ms
579ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/q2-tecton-elements.esm.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

578ce0713453d137d0a6ed88f38936ed6192ca401af10753bc2e41a2dfbd0649

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-1c4f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec72921dab0e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fdic_logo_small-067dddada1e927b9bfba5a52e8773b92.png
cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/ 3 KB
3 KB 575ms
574ms Image
image/png 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/fdic_logo_small-067dddada1e927b9bfba5a52e8773b92.png

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3987b9d9d5d5a147de53cee322f0d3dfa701046cd0232386adcf1b5c835c391c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 04 Jun 2024 14:57:28 GMT
server: cloudflare
etag: W/"665f2b58-a98"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec7291fde7baeb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
38 KB 112ms
22ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mil/6BA6) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6217706
x-cache: HIT
content-length: 38892
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (mil/6BA6)
etag: "af301a17b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 74ms
28ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 532073
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4517
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-4e98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=loP8GoMIy8wWk8z%2BZ5pqhe3PTpZZcz7JE0hGoZ74FuKbnpnQImO1RRYc8KxUtu%2FdWjjJ%2BTQvMPbmbG3Dvug3LKXtk3FwyARj6fnkY%2BsDlBiN60GgW%2BnxnfoTK9BODAqsroowktfa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88ec729308e00d5f-MXP
expires: Mon, 26 May 2025 01:39:12 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
913 B 112ms
37ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Dosis:300,400,500&display=swap

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-theme.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9f1569ee2a7a51c32b4556926a95d5b9f7dee295a4757ad5176459dffee36cb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 01:39:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Jun 2024 01:39:12 GMT

GET
DATA 200
OK truncated Show response
/ 389 B
0 Script
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 462982c28f47487acfacfc7ddce7b8e4b55fe414ebfd0543c8f3d0618c3c62d6

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://ylekcornersuite.cfd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: text/plain

GET
H2 200 adobeAnalytics.js Show response
sdk-cdn.onlineaccess1.com/sdk-nginx-prd/sdkcdn/q2sdk-3397-firstcitizens-qsdk-adobeanalytics/AdobeAnalytics/assets/ 5 KB
2 KB 737ms
606ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk-cdn.onlineaccess1.com/sdk-nginx-prd/sdkcdn/q2sdk-3397-firstcitizens-qsdk-adobeanalytics/AdobeAnalytics/assets/adobeAnalytics.js?5725171

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

953451e68dd2c0ad78318c695cbeeafdb50502cc411cba4bbe82c3e61b073718

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Apr 2022 20:28:46 GMT
server: cloudflare
etag: W/"2599b9cd40702d3e19d342cc0ca0b2035c3b72dfc537e49ab0a0acd939bb27fb1ce7dfc7ac62005fee7dfe81b9f158aa4f11bae6bfbec8e8f21b52fd1a8fa826"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952
cf-ray: 88ec729638c34c55-MXP
alt-svc: h3=":443"; ma=86400
expires: Thu, 05 Jun 2025 07:28:25 GMT

GET
H3 200 OpenSans-Regular.woff
cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/fonts/OpenSans/ 24 KB
25 KB 602ms
602ms Font
font/woff 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/fonts/OpenSans/OpenSans-Regular.woff

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/tecton-590048df214033d1c1591d552a32c9af.css

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95915582ecc56aa27829e7bd118b423f09cba0856ce517fdcd82e4e05726e6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/tecton-590048df214033d1c1591d552a32c9af.css
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-length: 24872
last-modified: Wed, 19 Apr 2023 15:17:59 GMT
server: cloudflare
etag: "64400627-6128"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec72957ed90e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pendo-2.219.0.js Show response
cdn1.onlineaccess1.com/cdn/static/q2-pendo/ 454 KB
147 KB 61ms
60ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/static/q2-pendo/pendo-2.219.0.js

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/pendo/q2-pendo.js

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3d40a930b58b1a9756efebef9f76998eeb750016c3c9d540a150bd6e0941443

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 7634181
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 28 Feb 2024 19:14:07 GMT
server: cloudflare
etag: W/"65df85ff-71738"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec7295cbd40e4e-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 logo_large-5741abb9675d37b6178ac83becc79b17.png
cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/logos/ 7 KB
7 KB 595ms
594ms Image
image/png 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/logos/logo_large-5741abb9675d37b6178ac83becc79b17.png

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/theme-q2-060b3fe1dcc1591213bf5ff49a438329.css

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3133f88ff2d288957e9708cab68a2dd2f25f46177603d9accb70b22bc7601888

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/theme-q2-060b3fe1dcc1591213bf5ff49a438329.css
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 04 Jun 2024 14:57:29 GMT
server: cloudflare
etag: W/"665f2b59-1a27"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec7295ebe50e4e-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 OpenSans-Semibold.woff
cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/fonts/OpenSans/ 24 KB
25 KB 627ms
625ms Font
font/woff 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/fonts/OpenSans/OpenSans-Semibold.woff

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/tecton-590048df214033d1c1591d552a32c9af.css

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e335db7f8ef9f87be9dcc9c56f071d27a7b5bbd9111cfcdabd6babe5eb4e968

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.121P/assets/tecton-590048df214033d1c1591d552a32c9af.css
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-length: 24952
last-modified: Wed, 19 Apr 2023 15:17:59 GMT
server: cloudflare
etag: "64400627-6178"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec72960efe0e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 p-8e863fbc.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 12 KB
6 KB 571ms
571ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-8e863fbc.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a941a62c565ab538a0807e7f21c284f8879a6832ec4e09d34650e2db9ef5c0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-2e8c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec72960eff0e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 372 B
919 B 177ms
55ms XHR
application/json 79.125.35.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=E6D235355CF7C1DE0A495EEC%40AdobeOrg&d_nsid=0&ts=1717551553096

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

79.125.35.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-35-115.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e5649958084f56c38742d23184db203e0c286d4c2cf43d913b0f257f6bfb0eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-1-v061-0accb011a.edge-irl1.demdex.com 1 ms
pragma: no-cache
date: Wed, 05 Jun 2024 01:39:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: PbMbBxBzQlA=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://ylekcornersuite.cfd
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 312
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPef068a8d6dd34a43866d9a80cc98baab/ 34 KB
13 KB 31ms
31ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/a1fc4db97b20/launch-e263c6b8498d.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
last-modified: Tue, 12 Sep 2023 05:33:26 GMT
server: AkamaiNetStorage
etag: "208eb534ea01036a4fca64e6715ccf3f:1694496806.451282"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://ylekcornersuite.cfd
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12687
expires: Wed, 05 Jun 2024 02:39:13 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPef068a8d6dd34a43866d9a80cc98baab/ 3 KB
2 KB 33ms
33ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/a1fc4db97b20/launch-e263c6b8498d.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
last-modified: Tue, 12 Sep 2023 05:33:26 GMT
server: AkamaiNetStorage
etag: "f1e098a5dd836ea5fc9726c429c8d71d:1694496806.740373"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://ylekcornersuite.cfd
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Wed, 05 Jun 2024 02:39:13 GMT

GET
H2 200 dest5.html
firstcitizens.demdex.net/ Frame B52A 0
0 177ms
55ms Document
text/html 54.76.80.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://firstcitizens.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/a1fc4db97b20/launch-e263c6b8498d.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.76.80.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-80-14.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://ylekcornersuite.cfd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 05 Jun 2024 01:39:13 GMT
dcs: dcs-prod-irl1-1-v061-0818ee06f.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 9 May 2024 11:55:54 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: YZ1Sm/dlSF4=

GET
H2

200

ibs:dpid=411&dpuuid=Zl-BwQAAAEzn-QO5
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=75843675911469992460414576512998112479
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl-BwQAAAEzn-QO5

42 B
717 B

56ms
56ms

Image
image/gif

79.125.35.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl-BwQAAAEzn-QO5

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Server

79.125.35.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-35-115.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://ylekcornersuite.cfd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v061-0e57e8e4c.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Wed, 05 Jun 2024 01:39:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: iRjLyU20SJQ=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl-BwQAAAEzn-QO5
Date: Wed, 05 Jun 2024 01:39:13 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 p-12f6dc10.entry.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 3 KB
1 KB 187ms
187ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-12f6dc10.entry.js

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-8e863fbc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80467b0f55f9125cefc4743777ae70672487a23b145c903f50a58412a1b2be08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-c26"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec72998fff0e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 p-54cbd826.entry.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 19 KB
4 KB 182ms
181ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-54cbd826.entry.js

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-8e863fbc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c8993d9104fad109a6ac5e1daf9fc1e4682a5cc17a26b6078340ce875b5215e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-4b06"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec729988010e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adrum-ext.2aed9d091ef08efa95822e864b4554d2.js Show response
cdn.appdynamics.com/ 47 KB
0 0ms
0ms Script
application/javascript 65.9.95.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appdynamics.com/adrum-ext.2aed9d091ef08efa95822e864b4554d2.js
Requested by: Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-4.3.3.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-61.prg50.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: fc9c2a5689107bc64f45aab5fb2f3215b277a1bf1b935921e8d5f379420336f5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 06 May 2024 11:46:16 GMT
content-encoding: gzip
via: 1.1 93fcd07b66eaf26b036f14e2ec9d73ea.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2555575
x-cache: Hit from cloudfront
last-modified: Fri, 18 Aug 2017 18:04:35 GMT
server: nginx/1.16.1
etag: W/"59972c33-bae0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RT9eRIdhsoudeOz0IiKQzB4dYKh5QWPZg6KnybxhkpKkvoELUsTZlA==

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://ylekcornersuite.cfd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 favicon-fd1d27f423fbc3eb4405fb3c9b48bf9f.ico
cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/ 4 KB
4 KB 583ms
583ms Other
image/x-icon 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/373b38485ff50cc3d1dea5f1fb92225d/assets/images/favicon-fd1d27f423fbc3eb4405fb3c9b48bf9f.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbee6d88708a48fa23e90c886e63bd7e0efd667d65081764b1aa6b6337734294

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-length: 4286
last-modified: Tue, 04 Jun 2024 14:57:28 GMT
server: cloudflare
etag: "665f2b58-10be"
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec729add730e4e-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 4cfc5253-789b-470f-45eb-e4d59dd0bf11
app.pendo.io/data/ptm.gif/ 42 B
313 B 266ms
192ms Image
image/gif 34.107.204.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.pendo.io/data/ptm.gif/4cfc5253-789b-470f-45eb-e4d59dd0bf11?v=2.183.0_prod&ct=1717551553731&jzb=eJy9UV1r6jAY_i-5Lm0TW6PeTSpMOFNBxXHGKLFNNSxNSvLWouJ_NzluhXOxc7fTQun78XzwPm9XBOeGowmqOTAUoL3RneUmB1G7LqaYpilO0wHF4wCdhBWgTS5KB8hXs0W2zDf5SHa6Pq4Wl60naI10wyNAYydRdJb8o9BGcWNbATwsqjKqhLHw-BYCxIUrGxa6jhy4MbqxaHL9UvK__xKTTB1advD-ucq3a3QLECsK3SrooW7t5OSFVq6Iwz-v32uY4Qqe-m3XKhl4qjiN4mFEYpL8hSUhHg3COHcmSzewXFbP2gJ3ImBa3lNu2H7ueqqVMkDwKNAhW6qu7eTuF9WbbP7iCCrDav4YHndT85vOIFuflH2d-hzOwN0lkpjegj4jqZlX_jYjEv_PjLybTw-EYBqmY_eMEppggn_kGCQd3t7vW2LghA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
via: 1.1 google
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: istio-envoy
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: false
x-envoy-upstream-service-time: 47
access-control-allow-headers: *
content-length: 42
alt-svc: clear

GET
H2 200 4cfc5253-789b-470f-45eb-e4d59dd0bf11 Show response
app.pendo.io/data/guide.json/ 2 KB
923 B 223ms
151ms XHR
application/json 34.107.204.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.pendo.io/data/guide.json/4cfc5253-789b-470f-45eb-e4d59dd0bf11?id=4&jzb=eJx9Tk1LA0EM_S85l5111VL2JijopRa052GYzbbB2cmSyVSs7H9viiCevITkfeS9bzhRIWV5GaAHv3vaPr76d79Jnzwdd9vzPsAKqiQjj6pz6Z37SvgRWTJKqaTYxHFwI0nRnxlJ6Yy5NJEnZ-YJNQxBA_S_WdeV_slLIR9qOKApMPv9GywrCDFyzWpWO-YgmPXhL2QRV31779q169ruzv6crCJxNrhrbja3Tetn4cGIgml85qJoJVQqLssFPS9ZCA&v=2.183.0_prod&ct=1717551553732

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

481913b6f7d75f85da0da6ee4d6f8a350b87a27e874bbaa19bd812b2b34a079e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
via: 1.1 google
server: istio-envoy
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: false
x-envoy-upstream-service-time: 8
access-control-allow-headers: *
content-length: 833
alt-svc: clear

GET
H2 200 4cfc5253-789b-470f-45eb-e4d59dd0bf11 Show response
app.pendo.io/data/guide.gif/ 42 B
312 B 220ms
148ms XHR
image/gif 34.107.204.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.pendo.io/data/guide.gif/4cfc5253-789b-470f-45eb-e4d59dd0bf11?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1717551553733&v=2.183.0_prod

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:13 GMT
via: 1.1 google
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: istio-envoy
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: false
x-envoy-upstream-service-time: 2
access-control-allow-headers: *
content-length: 42
alt-svc: clear

GET
H3 200 p-031a8f06.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 224 KB
62 KB 617ms
616ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-031a8f06.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

815d0c9b5e01ff76540d087ff17e37c1fe66af78dde507aa1941d963fcee1217

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:14 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-38012"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec729af8790e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 p-0feefe56.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 2 KB
1 KB 589ms
588ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-0feefe56.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fcc1631bd15e72e00f453b5d8ec442ae6e9fc747d33a2a0e10a5cfd88de4265

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:14 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-72b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec729af87a0e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 p-fa6e46e2.js Show response
cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/ 3 KB
1 KB 597ms
596ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.9.14/q2-tecton-elements/q2-tecton-elements/p-fa6e46e2.js

Requested by

Host: ylekcornersuite.cfd
URL: https://ylekcornersuite.cfd/first/firstcitizens.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cda04c7390c52d8f73c20a11d7c0ddc0f556e3d2c43655e49063926aaee1d2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdn1.onlineaccess1.com/
Origin: https://ylekcornersuite.cfd
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 01:39:14 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 13 Feb 2023 23:50:09 GMT
server: cloudflare
etag: W/"63eaccb1-b84"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 88ec729af87b0e93-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
BLOB 200
OK 136f4e09-8df6-47ff-b531-cad3f13c5c1c
https://ylekcornersuite.cfd/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://ylekcornersuite.cfd/136f4e09-8df6-47ff-b531-cad3f13c5c1c
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://ylekcornersuite.cfd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 2479
Content-Type: text/javascript

POST
H2 200 adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAE-ENB/ 0
870 B 584ms
189ms XHR
text/html 54.214.188.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAE-ENB/adrum

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.214.188.27 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-214-188-27.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536010; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://ylekcornersuite.cfd/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Wed, 05 Jun 2024 01:39:15 GMT
strict-transport-security: max-age=31536010; includeSubDomains
x-content-type-options: nosniff
server: envoy
vary: *
content-type: text/html
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time: 0
access-control-allow-headers: origin, content-type, accept
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First Citizens Bank (Banking)

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.onlineaccess1.com/	1969-12-31 23:59:59	Name: __cfruid Value: fb809b46f6f7d713ee58905a1fbfc70fb8a96674-1717551552
.digitalbanking.firstcitizens.com/	1970-01-20 21:05:53	Name: __cf_bm Value: 9U5w.9p4BqSQGy4JV4C3vI3ol5QVY1.wG_cCa8souxI-1717551552-1.0.1.1-b5yljk.v0OHmum9m0Nx3WmNhADrrHb7lLBpSEey7kBVUZZZNES6GJ3Xi4kjS92fPt0li1gEXZ7A_T.qYzNbB9g
.digitalbanking.firstcitizens.com/	1969-12-31 23:59:59	Name: __cfruid Value: cb89e490a145bcfd6cdba14c1ecc74a5198121ef-1717551552
cdn1.onlineaccess1.com/	1970-01-20 21:06:20	Name: __cflb Value: 02DiuDJZwTATiSnybBeVDKjTCUZYfphxGKNvA4aL3EePA
.demdex.net/	1970-01-21 01:25:03	Name: demdex Value: 75843675911469992460414576512998112479
.ylekcornersuite.cfd/	1969-12-31 23:59:59	Name: AMCVS_E6D235355CF7C1DE0A495EEC%40AdobeOrg Value: 1
.everesttech.net/	1970-01-21 05:51:27	Name: everest_g_v2 Value: g_surferid~Zl-BwQAAAEzn-QO5
.dpm.demdex.net/	1970-01-21 01:25:03	Name: dpm Value: 75843675911469992460414576512998112479
.ylekcornersuite.cfd/	1970-01-21 06:41:51	Name: AMCV_E6D235355CF7C1DE0A495EEC%40AdobeOrg Value: 179643557%7CMCIDTS%7C19880%7CMCMID%7C70510966901636487860962448791017273347%7CMCAAMLH-1718156353%7C6%7CMCAAMB-1718156353%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1717558753s%7CNONE%7CMCSYNCSOP%7C411-19887%7CvVersion%7C5.5.0

45 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://cdn1.onlineaccess1.com/cdn/wedge/3397/js/43prod-adrum-config.js(Line 12) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.appdynamics.com/adrum/adrum-4.3.3.0.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn1.onlineaccess1.com/cdn/wedge/3397/js/43prod-adrum-config.js(Line 12) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.appdynamics.com/adrum/adrum-4.3.3.0.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
recommendation	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: [DOM] Found 2 elements with non-unique id #code: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ylekcornersuite.cfd/first/firstcitizens.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
app.pendo.io
assets.adobedtm.com
cdn.appdynamics.com
cdn1.onlineaccess1.com
cdnjs.cloudflare.com
cds-sdkcfg.onlineaccess1.com
cm.everesttech.net
col.eum-appdynamics.com
digitalbanking.firstcitizens.com
dpm.demdex.net
firstcitizens.demdex.net
fonts.googleapis.com
sdk-cdn.onlineaccess1.com
ylekcornersuite.cfd
104.17.24.14
152.199.19.160
192.0.63.252
2606:4700:3036::6815:3d7
2a00:1450:4001:80b::200a
2a02:26f0:3500:591::1e80
34.107.204.85
52.30.166.91
54.214.188.27
54.76.80.14
65.9.95.61
79.125.35.115
04330ffee350c99dd47276ea9e40ff460069f7fe0bd71ab3fa6aa33b5583af39
15d83a51b60396d427c6ddc25d9730980297f17d7c3fe2a5dcb32c1a1b691300
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
238ae96fab1924d99197db25336f2cf1d2e04c43d236c87cbab9cb3a6bf4a291
23e468e3a6735034e46c57ab876e5c050f2be6845d39c58686bc7d3257d178e0
3133f88ff2d288957e9708cab68a2dd2f25f46177603d9accb70b22bc7601888
3987b9d9d5d5a147de53cee322f0d3dfa701046cd0232386adcf1b5c835c391c
3e7e3af7aa664d48bf2984dc382d424dd32a6a17277c022597b78550a5b3f79b
450d477d571c84e3685a33462fbd0df4df745b91ec0fbcee18daf8e6632f4fdf
462982c28f47487acfacfc7ddce7b8e4b55fe414ebfd0543c8f3d0618c3c62d6
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
481913b6f7d75f85da0da6ee4d6f8a350b87a27e874bbaa19bd812b2b34a079e
4a941a62c565ab538a0807e7f21c284f8879a6832ec4e09d34650e2db9ef5c0e
4f878ae6a92067ef21282b953bd179283eb237af696b6c06363b4b365f2bb332
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
578ce0713453d137d0a6ed88f38936ed6192ca401af10753bc2e41a2dfbd0649
5e335db7f8ef9f87be9dcc9c56f071d27a7b5bbd9111cfcdabd6babe5eb4e968
65cc7ca7766deb92d702b0630f48f73b9d9b291b7b195a6bd7dc2b68807d75f8
65e88347b63ff3f9be7ef2e840d04ef0c97486743fb88cf9ae6d44520665e568
6b4af1bad59b96026f537d7f4787fc221d7fbbb834766723559c92feb4e22e35
6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf
6c8993d9104fad109a6ac5e1daf9fc1e4682a5cc17a26b6078340ce875b5215e
80467b0f55f9125cefc4743777ae70672487a23b145c903f50a58412a1b2be08
815d0c9b5e01ff76540d087ff17e37c1fe66af78dde507aa1941d963fcee1217
8cda04c7390c52d8f73c20a11d7c0ddc0f556e3d2c43655e49063926aaee1d2d
8fcc1631bd15e72e00f453b5d8ec442ae6e9fc747d33a2a0e10a5cfd88de4265
90d3f87212624296f88ecb57ed7f8177d393fc4b59437fdcdbdfc72b44fb6876
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
953451e68dd2c0ad78318c695cbeeafdb50502cc411cba4bbe82c3e61b073718
95915582ecc56aa27829e7bd118b423f09cba0856ce517fdcd82e4e05726e6e6
9f1569ee2a7a51c32b4556926a95d5b9f7dee295a4757ad5176459dffee36cb9
a3d40a930b58b1a9756efebef9f76998eeb750016c3c9d540a150bd6e0941443
a446f43aa79b8c3c298e8a122bba9408f8ec11330ff205a1c2045f4118492c35
bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5649958084f56c38742d23184db203e0c286d4c2cf43d913b0f257f6bfb0eb4
e8fdc2ed9d7ebb136d0c68f0ff7e1d02f85ade479e700eb90e97edbb7c441552
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fab761fa2fec240425c101388b0f3ded9a9eb9ecef46abaa960f91d296d9f294
fbb5d60b0e8fbf3ce2eeb2479ad9ef6744585303f9ee0bf27c62b35a0a2dc30a
fbee6d88708a48fa23e90c886e63bd7e0efd667d65081764b1aa6b6337734294
fc9c2a5689107bc64f45aab5fb2f3215b277a1bf1b935921e8d5f379420336f5

ylekcornersuite.cfd Open in urlscan Pro 2606:4700:3036::6815:3d7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

47 Requests

94 %HTTPS

25 %IPv6

12 Domains

15 Subdomains

12 IPs

4 Countries

1130 kBTransfer

4506 kBSize

9 Cookies

5 Outgoing links

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ylekcornersuite.cfd Open in urlscan Pro
2606:4700:3036::6815:3d7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

94 %
HTTPS

25 %
IPv6

12
Domains

15
Subdomains

12
IPs

4
Countries

1130 kB
Transfer

4506 kB
Size

9
Cookies

47 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!