Last active
August 19, 2021 02:17
-
-
Save adamn/95e472dc14be709fd11f to your computer and use it in GitHub Desktop.
One more reason financial companies like Chase are ripe for attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # These are requests required in order to simply look at checking accounts at Chase.com | |
| # https://www.chase.com/checking | |
| # One need not marvel at the parlous state of affairs in cybersecurity vis a vis major financial institutions | |
| # when they rely on this many third-parties simply to show users a list of available checking accounts | |
| # Attacks via Forbes stemmed from just this type of use of third party ad widgets (http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/) | |
| # Maybe Obama and the NIST cybersecurity initiative (http://www.nist.gov/cyberframework/) could focus more on the leaking ship of information rather than attacking privacy | |
| # Thanks to µBlock (https://github.com/gorhill/uBlock) and Live HTTP Headers (http://livehttpheaders.mozdev.org/) for the fantastic tools that make finding this stuff easy | |
| # | |
| script https://dev.virtualearth.net/services/v1/ImageryMetadataService/ImageryMetadataService.asmx/GetBirdsEyeSceneByLocation[redacted] | |
| image https://pixel.rubiconproject.com/tap.php[redacted] | |
| image https://pixel.rubiconproject.com/tap.php[redacted] | |
| image https://ad.doubleclick.net/activity;src=4246427;type=invmedia;cat=bahnuhlh;ord=1? | |
| image https://www.chase.com/etc/designs/chasecom/images/favicon.ico | |
| image https://ad.doubleclick.net/activity;src=4246427;type=invmedia;cat=fu5x4lin;ord=1? | |
| image https://www.chase.com/etc/designs/chasecom/images/favicon.ico | |
| inline-script https://stags.bluekai.com/site/5473[redacted] | |
| image https://s1.2mdn.net/viewad/4396782/spacer.gif | |
| image https://www.google.com/ads/user-lists/1036322744/[redacted] | |
| image https://f.t.domdex.com/con[redacted] | |
| image https://f.t.domdex.com/con[redacted] | |
| image https://bid.g.doubleclick.net/xbbe/invitepixel/pixel[redacted] | |
| image https://bid.g.doubleclick.net/xbbe/invitepixel/pixel[redacted] | |
| image https://www.google.com/ads/user-lists/1036322744/[redacted] | |
| image https://s.xp1.ru4.com/activity[redacted] | |
| image https://ad.doubleclick.net/ad/N5762.547841.VISUALIQINC/[redacted] | |
| image https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036322744/[redacted] | |
| image https://idsync.rlcdn.com/377758.gif[redacted] | |
| image https://p.acxiom-online.com/pixel/smt[redacted] | |
| image https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036322744/[redacted] | |
| image https://r.turn.com/r/beacon[redacted] | |
| image https://domdex.com/con[redacted] | |
| image https://domdex.com/con[redacted] | |
| image https://ad.doubleclick.net/activity;src=1379696;dcnet=4155;boom=55910;sz=1x1;ord=453076296? | |
| image https://ad.doubleclick.net/activity;src=1379696;dcnet=4155;boom=49701;sz=1x1;ord=453076296? | |
| image https://ad.doubleclick.net/ad/N5762.547841.VISUALIQINC/B8070268.110826655;sz=1x1;ord=453076296? | |
| script https://s.xp1.ru4.com/wsb/15629/poe/59242226[redacted] | |
| sub_frame https://stags.bluekai.com/site/5473[redacted] | |
| image https://s.xp1.ru4.com/meta[redacted] | |
| image https://idcs.interclick.com/Segment.aspx[redacted] | |
| image https://segment-pixel.invitemedia.com/pixel[redacted] | |
| image https://segment-pixel.invitemedia.com/pixel[redacted] | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-student/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-9accounts/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-autopayments/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-qualdeposits/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-qualchkfees/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-qualinvacct/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-qualdepacct/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-diredeposit/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-nsf/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-overdraft/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-linked/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-account-c-checkfee/_jcr_content/par.html | |
| image https://s1.2mdn.net/viewad/4396782/spacer.gif | |
| image https://www.google.com/ads/user-lists/1036322744/[redacted] | |
| image https://f.t.domdex.com/con[redacted] | |
| image https://f.t.domdex.com/con[redacted] | |
| image https://bid.g.doubleclick.net/xbbe/invitepixel/pixel[redacted] | |
| image https://shared.via.infonow.net/images/mapimages/south_west.gif | |
| image https://shared.via.infonow.net/images/mapimages/east.gif | |
| image https://shared.via.infonow.net/images/mapimages/west.gif | |
| image https://www.chase.com/etc/designs/chasecom/images/favicon.ico | |
| image https://shared.via.infonow.net/images/mapimages/north_east.gif | |
| image https://shared.via.infonow.net/images/mapimages/north.gif | |
| image https://shared.via.infonow.net/images/mapimages/north_west.gif | |
| image https://shared.via.infonow.net/images/mapimages/tabRightOn.gif | |
| image https://shared.via.infonow.net/images/mapimages/tabLeftOn.gif | |
| image https://shared.via.infonow.net/images/mapimages/tabRight.gif | |
| image https://www.chase.com/etc/designs/chasecom/images/favicon.ico | |
| image https://www.chase.com/online/Home/images/wa01.gif[redacted] | |
| image https://ecn.dev.virtualearth.net/mapcontrol/v6.3/i/bin/6.3.20091207154938.04/vecss.gif | |
| image https://shared.via.infonow.net/images/mapimages/tabLeft.gif | |
| image https://shared.via.infonow.net/images/mapimages/tabBack.gif | |
| image https://shared.via.infonow.net/images/mapimages/closeBox.gif | |
| image https://shared.via.infonow.net/images/mapimages/southEastBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/southBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/southWestBeak.gif | |
| script https://www.chase.com/apps/services/tags/https/www.chase.com/checking | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Personalization.js | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/tagmanagerextensions.js | |
| script https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log[redacted] | |
| image https://ecn.dev.virtualearth.net/mapcontrol/v6.3/i/bin/6.3.20091207154938.04/NavAction/nav_select. | |
| image https://ecn.dev.virtualearth.net/mapcontrol/v6.3/i/bin/6.3.20091207154938.04/NavAction/_select_gray.gif | |
| image https://ecn.dev.virtualearth.net/mapcontrol/v6.3/i/bin/6.3.20091207154938.04/vecss.png | |
| image https://ecn.dev.virtualearth.net/mapcontrol/v6.3/i/bin/6.3.20091207154938.04/logo2.png | |
| xmlhttprequest https://chase.via.infonow.net/widget/SearchAction.do[redacted] | |
| image https://t0.ssl.ak.tiles.virtualearth.net/tiles/r0320.png[redacted] | |
| image https://t1.ssl.ak.tiles.virtualearth.net/tiles/r0231.png[redacted] | |
| image https://t2.ssl.ak.tiles.virtualearth.net/tiles/r0302.png[redacted] | |
| image https://t3.ssl.ak.tiles.virtualearth.net/tiles/r0213.png[redacted] | |
| image https://shared.via.infonow.net/images/mapimages/eastBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/westBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/northEastBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/northBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/northWestBeak.gif | |
| image https://shared.via.infonow.net/images/mapimages/spacer.gif | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/campaigns/checking-tab3/jct/_jcr_content/par.html | |
| image https://ssl.google-analytics.com/__utm.gif[redacted] | |
| image https://www.chase.com/etc/designs/chasecom/images/bottom-cap-corners.png | |
| image https://www.chase.com/etc/designs/chasecom/images/bottom-cap-mid.png | |
| image https://www.chase.com/etc/designs/chasecom/images/checking_choose_carat_close.png | |
| image https://www.chase.com/etc/designs/chasecom/images/bottom-cap-right.png | |
| image https://www.chase.com/etc/designs/chasecom/images/bottom-cap-left.png | |
| image https://chase.via.infonow.net/widget/images/bg_error.gif | |
| image https://chase.via.infonow.net/widget/images/bg_errortext.gif | |
| image https://chase.via.infonow.net/widget/images/bg_searchbar.gif | |
| script https://ssl.google-analytics.com/ga.js | |
| stylesheet https://ecn.dev.virtualearth.net/mapcontrol/v6.3/css/bin/6.3.20091207154938.04/en/mapcontrol.css | |
| script https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx[redacted] | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/modular/checking-account--3/_jcr_content/par.html | |
| image https://www.chase.com/apps/chase/clientlibs/foundation/opinionlab/feedback-bg-ie.gif | |
| image https://www.chase.com/etc/designs/chasecom/images/swat-bg-ftr-top.png | |
| image https://www.chase.com/etc/designs/chasecom/images/swat-bg-ftr-bottom.png | |
| image https://chase.via.infonow.net/widget/images/loadingAnimation.gif | |
| image https://chase.via.infonow.net/widget/images/search_green.gif | |
| script https://chase.via.infonow.net/widget/scripts/functions.js | |
| script https://chase.via.infonow.net/widget/scripts/ligeo.js[redacted] | |
| script https://chase.via.infonow.net/widget/scripts/jquery-1.2.6.pack.js | |
| stylesheet https://chase.via.infonow.net/widget/jsp/content/chase_main.css | |
| inline-script https://chase.via.infonow.net/widget/LocatorAction.do[redacted] | |
| image https://www.chase.com/etc/designs/chasecom/images/swat-bg-ftr-middle.png | |
| image https://www.chase.com/etc/designs/chasecom/images/loader-gray-faster-40x40_v5.gif | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jpmc/template/spinner.js | |
| image https://www.chase.com/etc/designs/chasecom/images/arrow_megamenu_right.png | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/opinionlab/oo_conf_bar.js | |
| image https://www.chase.com/etc/designs/chasecom/images/error_msg_warning_white_bg_12x12.gif | |
| sub_frame https://chase.via.infonow.net/widget/LocatorAction.do[redacted] | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jpmc/template/status-sage.js | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/contentjs/js/content/conf/strings.js | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/contentjs/js/content/uicc/swat-spinner.js | |
| object https://mfasa.chase.com/auth/device.swf | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jpmc/ui/spinner.js | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-disc-products/_jcr_content/par.html | |
| xmlhttprequest https://www.chase.com/content/chasecom/en/snippets/checking/disclosures/checking-disc-ortinfo/_jcr_content/par.html | |
| script https://s.xp1.ru4.com/wsb/15629/poe/38260318[redacted] | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jpmc/mixin/subscriber.js | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/contentjs/js/content/uicc/tabs-widget.js | |
| image https://chase.via.infonow.net/widget/images/loadingAnimation.gif | |
| image https://chase.via.infonow.net/widget/images/search_green.gif | |
| script https://chase.via.infonow.net/widget/scripts/functions.js | |
| script https://chase.via.infonow.net/widget/scripts/ligeo.js[redacted] | |
| script https://chase.via.infonow.net/widget/scripts/jquery-1.2.6.pack.js | |
| stylesheet https://chase.via.infonow.net/widget/jsp/content/chase_main.css | |
| inline-script https://chase.via.infonow.net/widget/LocatorAction.do{inline-script} | |
| image https://www.chase.com/content/dam/chasecom/en/homepage/images/ad-choices-logo-blue_lite.png | |
| image https://www.chase.com/etc/designs/chasecom/images/EHL-Slice.png | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/opinionlab/oo_engine.min.js | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/foresee/foresee-trigger.js | |
| sub_frame https://chase.via.infonow.net/widget/LocatorAction.do | |
| image https://www.chase.com/content/dam/chasecom/en/auto-loans/images/auto_iconhomecontactusphone.png | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/contentjs/js/content/components/container/s-v2.js | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jpmc/util/string/trimLeft. | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jqueryui-1.10.2.js | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/json.js | |
| script https://mfasa.chase.com/auth/js/jquery-1.9.1.min.js | |
| script https://mfasa.chase.com/auth/js/device.js | |
| script https://mfasa.chase.com/auth/js/swfobject.js | |
| script https://mfasa.chase.com/auth/js/mfp.js | |
| script https://mfasa.chase.com/auth/js/plugin.min.js | |
| script https://mfasa.chase.com/auth/js/json.js | |
| inline-script https://mfasa.chase.com/auth/alogin.jsp{inline-script} | |
| script https://www.chase.com/etc/chase/appsconfig/clientconfig.js | |
| image https://www.chase.com/content/dam/chasecom/en/common/images/rumba_sw-logo-section.png | |
| image https://www.chase.com/content/dam/chasecom/en/common/images/background_atm_908.png | |
| image https://www.chase.com/etc/designs/chasecom/images/rumba_sw-nav-bg.png | |
| image https://www.chase.com/etc/designs/chasecom/images/atmfinder-tooltip-default.jpg | |
| image https://www.chase.com/content/chasecom/en/snippets/checking/modular/checking-feature-/_jcr_content/par/layout/cell-0-3/multitask/image.img.png/1407424611970.png | |
| image https://www.chase.com/content/chasecom/en/snippets/checking/modular/checking-feature-/_jcr_content/par/layout/cell-0-2/multitask/image.img.png/1407424581692.png | |
| xmlhttprequest https://www.chase.com/libs/cq/personalization/components/clickstreamcloud/content/config.n[redacted] | |
| font https://www.chase.com/etc/designs/chasecom/fonts/8b10efc3-e37f-468c-9326-3f261bc2b6e9-3.woff | |
| sub_frame https://mfasa.chase.com/auth/alogin.jsp | |
| sub_frame https://chase.via.infonow.net/widget/LocatorAction.do[redacted] | |
| image https://www.chase.com/content/chasecom/en/snippets/checking/modular/checking-feature-/_jcr_content/par/layout/cell-0-1/multitask/image.img.png/1407424564626.png | |
| image https://www.chase.com/content/chasecom/en/snippets/checking/modular/checking-feature-/_jcr_content/par/layout/cell-0-0/multitask/image.img.png/1407424532269.png | |
| image https://www.chase.com/content/chasecom/en/checking/_jcr_content/body-section/layout/cell-0-0/titask/image.img.png/1353207653177.png | |
| image https://www.chase.com/etc/designs/chasecom/images/search_button.png | |
| image https://www.chase.com/etc/designs/chasecom/images/swat-sprite.png | |
| image https://www.chase.com/content/dam/chasecom/en/common/images/retail_background_medium.jpg | |
| stylesheet https://www.chase.com/apps/chase/clientlibs/foundation/opinionlab/oo_style.css | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/publishoptimized/publishoptimized-.js | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/jpmcjs/js/jpmc.js | |
| script https://www.chase.com/c/121314/apps/chase/clientlibs/foundation/scripts/Reporting.js | |
| script https://www.chase.com/etc/segmentation.segment.js | |
| script https://www.chase.com/apps/chase/clientlibs/foundation/cqjs.js | |
| script https://www.chase.com/etc/clientlibs/foundation/shared.js | |
| stylesheet https://www.chase.com/c/121314/etc/designs/chasecom/clientlibs.css | |
| script https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log[redacted] | |
| inline-script https://www.chase.com/checking{inline-script} | |
| main_frame https://www.chase.com/checking |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment