www.chase.com Open in urlscan Pro
159.53.42.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.siciliancarobflour.it/assets/
Effective URL:
https://www.chase.com/
Submission: On December 21 via automatic, source phishtank (December 21st 2020, 5:34:44 pm UTC)

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 26 HTTP transactions. The main IP is 159.53.42.11, located in United States and belongs to AS-7743, US. The main domain is www.chase.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on March 4th 2020. Valid for: a year.

This is the only time www.chase.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	89.46.105.91 89.46.105.91	31034 (ARUBA-ASN) (ARUBA-ASN)
3 3	148.72.201.79 148.72.201.79	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
18	159.53.42.11 159.53.42.11	7743 (AS-7743) (AS-7743)
1	54.171.106.172 54.171.106.172	16509 (AMAZON-02) (AMAZON-02)
2	23.201.165.74 23.201.165.74	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.75.9.158 54.75.9.158	16509 (AMAZON-02) (AMAZON-02)
26	6

1 89.46.105.91 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1122.aruba.it

www.siciliancarobflour.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 148.72.201.79 (Scottsdale, United States) 3 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-201-79.ip.secureserver.net

sg3plvwcpnl422883.prod.sin3.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 159.53.42.11 (United States)

ASN7743 (AS-7743, US)

www.chase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.106.172 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-106-172.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.201.165.74 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-165-74.deploy.static.akamaitechnologies.com

static.chasecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.75.9.158 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-9-158.eu-west-1.compute.amazonaws.com

target.chase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	chase.com www.chase.com secure03a.chase.com Failed target.chase.com midas.chase.com Failed analytics.chase.com Failed	452 KB
3	secureserver.net 3 redirects sg3plvwcpnl422883.prod.sin3.secureserver.net	467 B
2	chasecdn.com static.chasecdn.com	39 KB
1	demdex.net dpm.demdex.net	2 KB
1	siciliancarobflour.it www.siciliancarobflour.it	491 B
26	5

	Domain	Requested by
18	www.chase.com	www.chase.com
3	sg3plvwcpnl422883.prod.sin3.secureserver.net	3 redirects
2	static.chasecdn.com	www.chase.com
1	target.chase.com	www.chase.com
1	dpm.demdex.net	www.chase.com
1	www.siciliancarobflour.it
0	analytics.chase.com Failed	www.chase.com
0	midas.chase.com Failed	static.chasecdn.com
0	secure03a.chase.com Failed	www.chase.com
26	9

This site contains no links.

Subject Issuer	Validity	Valid
www.chase.com Entrust Certification Authority - L1M	`2020-03-04` - `2021-03-04`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
static.chasecdn.com Entrust Certification Authority - L1M	`2020-11-23` - `2021-11-23`	a year	crt.sh
target.chase.com DigiCert SHA2 High Assurance Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.chase.com/
Frame ID: 1A270068E2CD51490ED4F1A4156A8069
Requests: 25 HTTP requests in this frame

Frame: https://secure03a.chase.com/web/auth/logonbox?lang=en&fromOrigin=https%3A%2F%2Fwww.chase.com
Frame ID: 7D51707880B14F4FE0C8C7D6AA80C489
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.siciliancarobflour.it/assets/ Page URL
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/ HTTP 302
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/WfSeGF5pCfwy7gLya HTTP 301
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/WfSeGF5pCfwy7gLya/ HTTP 302
https://www.chase.com/ Page URL

Page Statistics

26
Requests

85 %
HTTPS

0 %
IPv6

5
Domains

9
Subdomains

6
IPs

4
Countries

494 kB
Transfer

1225 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.siciliancarobflour.it/assets/ Page URL
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/ HTTP 302
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/WfSeGF5pCfwy7gLya HTTP 301
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/WfSeGF5pCfwy7gLya/ HTTP 302
https://www.chase.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
www.siciliancarobflour.it/assets/ 143 B
491 B 214ms
145ms Document
text/html 89.46.105.91
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.siciliancarobflour.it/assets/
Protocol: HTTP/1.1
Server: 89.46.105.91 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx1122.aruba.it
Software: aruba-proxy /
Resource Hash: 7b3f7ae403c33700c5662a201a5cd9acd369e96148f84b9c0bf9fa27b2807292

Request headers

Host: www.siciliancarobflour.it
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: aruba-proxy
Date: Mon, 21 Dec 2020 17:34:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=172800, public
Expires: Wed, 23 Dec 2020 17:34:27 GMT
X-ServerName: ipvsproxy61.ad.aruba.it
Content-Encoding: gzip

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.chase.com/
Redirect Chain

https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/WfSeGF5pCfwy7gLya
https://sg3plvwcpnl422883.prod.sin3.secureserver.net/~anaesco/layouts/joomla/dkb-Banking/Weiter/WfSeGF5pCfwy7gLya/
https://www.chase.com/

66 KB
17 KB

783ms
221ms

Document
text/html

159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

b1c25e3a22f79a9677d7c971ea46206d00e5b73ab56dd851a7bfced4dcf666b3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.chase.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: http://www.siciliancarobflour.it/assets/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.siciliancarobflour.it/assets/

Response headers

Date: Mon, 21 Dec 2020 17:34:37 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 03:22:21 GMT
Accept-Ranges: bytes
Content-Length: 16920
Vary: Accept-Encoding
Cache-Control: max-age=3600,s-maxage=3600
Access-Control-Allow-Origin: *
X-Content-Security-Policy: frame-ancestors 'none'
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Content-Encoding: gzip
Age: 0
Set-Cookie: TS01afb5d0=01bafcdf869a53c73695fe102c5b16af75d28d27a2a04ada15c6c7d0f63250ad410fa19aba28189ef7699c4b6f500479dfaf7ea0f1; Path=/ ppnet_2777=!beyQIjXXc3edg53XjcwvuPCL+rAox8teXZ/5iJx2sxueQNZEDag+4PkDtCnfz/p0zoMWGSbXoK7vzA==; path=/; Httponly; Secure

Redirect headers

date: Mon, 21 Dec 2020 17:34:36 GMT
server: Apache
x-powered-by: PHP/7.3.23
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=2e5e4ca5939ca8bc6f4796ffb304767b; path=/
x-content-type-options: nosniff
location: https://www.chase.com
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 22
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK opensans.woff
www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/ 24 KB
25 KB 523ms
300ms Font
application/x-font-woff 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/opensans.woff

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.chase.com
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 15:12:48 GMT
Content-Encoding: gzip
Age: 8509
Connection: Keep-Alive
Content-Length: 24837
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK opensans-semibold.woff
www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/ 25 KB
25 KB 347ms
122ms Font
application/x-font-woff 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/opensans-semibold.woff

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.chase.com
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 15:12:48 GMT
Content-Encoding: gzip
Age: 8509
Connection: Keep-Alive
Content-Length: 25081
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK opensans-light.woff
www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/ 24 KB
24 KB 446ms
214ms Font
application/x-font-woff 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/opensans-light.woff

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

48ecc35b0e3894c3c798c4abede0e96f5727fa315bf05f3b8993eb1533d4b90f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.chase.com
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 10:33:10 GMT
Content-Encoding: gzip
Age: 25287
Connection: Keep-Alive
Content-Length: 24164
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK opensans-bold.woff
www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/ 14 KB
14 KB 548ms
316ms Font
application/x-font-woff 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/opensans-bold.woff

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.chase.com
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 15:56:05 GMT
Content-Encoding: gzip
Age: 5912
Connection: Keep-Alive
Content-Length: 14005
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK home.min.css
www.chase.com/c/121020/etc/designs/chase-ux/css/ 179 KB
40 KB 126ms
125ms Stylesheet
text/css 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

4645cfc541c1c1751e7130a698f5ef6e90d7abb0cb6668eaa422719d1a1b5b52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 14:56:53 GMT
Content-Encoding: gzip
Age: 9464
Connection: Keep-Alive
Content-Length: 40439
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK jquery.min.js Show response
www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/jquery/js/ 94 KB
44 KB 349ms
118ms Script
application/javascript 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/jquery/js/jquery.min.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

3c1abe3638f051bebd5904b230101822a11e1c6460e4f9401ae7d278f9a7f6de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 15:12:48 GMT
Content-Encoding: gzip
Age: 8509
Connection: Keep-Alive
Content-Length: 44333
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK require.min.js Show response
www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/require/js/ 15 KB
8 KB 450ms
216ms Script
application/javascript 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/require/js/require.min.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

5f984366ad39650baa040848341698e395456761547f7e8bb46687eb2ead7ad7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 15:02:00 GMT
Content-Encoding: gzip
Age: 9157
Connection: Keep-Alive
Content-Length: 7583
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK Reporting.js Show response
www.chase.com/c/121020/apps/chase/clientlibs/foundation/scripts/ 68 KB
30 KB 466ms
118ms Script
application/javascript 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/apps/chase/clientlibs/foundation/scripts/Reporting.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

d26886bb8e9d25c77612be7b648cee273b9ced76204824b464e4be520cdebd99

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 16:34:41 GMT
Content-Encoding: gzip
Age: 3596
Connection: Keep-Alive
Content-Length: 29882
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000,s-maxage=2592000
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK index.min.js Show response
www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/ 391 KB
153 KB 571ms
121ms Script
application/javascript 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

640d266e1765439bbf21cf967b7596b2871eb1fcec10b973b7008ae46eb80a88

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 14:56:53 GMT
Content-Encoding: gzip
Age: 9465
Connection: Keep-Alive
Content-Length: 156059
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:06 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
2 KB 193ms
49ms Fetch
application/json 54.171.106.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_ver=2&d_orgid=EA673DFC5A2F19060A495C9C@AdobeOrg

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/apps/chase/clientlibs/foundation/scripts/Reporting.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.106.172 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-106-172.eu-west-1.compute.amazonaws.com

Software

Resource Hash

9929f4f1b8db07acc05ab2fd18ce282d88e4438063fe634204bd62a4acc371df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v086-0b77de875.edge-irl1.demdex.com 5.80.1.20201111130852 2ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: UIBdW6PZQms=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.chase.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 812
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK icomoon.ttf
www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/ 55 KB
35 KB 121ms
121ms Font
font/ttf 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/icomoon.ttf?j8gpk1

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

aafcae71dc97ce0b10971296df23539d20d78baf337e568de4ed9475b5afc8d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.chase.com
Referer: https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 15:12:48 GMT
Content-Encoding: gzip
Age: 8510
Connection: Keep-Alive
Content-Length: 35778
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:07 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK clientconfig.js Show response
www.chase.com/etc/chase/appsconfig/ 26 KB
10 KB 119ms
118ms Script
text/javascript 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/etc/chase/appsconfig/clientconfig.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/require/js/require.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

1cd98b7cb88aeb27bda7cae1a140bb930d608f5cd2f470eef3afc36b5bc5d04e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 17:31:46 GMT
Content-Encoding: gzip
Age: 172
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300,s-maxage=300
Content-Security-Policy: frame-ancestors 'none'
Strict-Transport-Security: max-age=31536000
Content-Length: 9276
x-xss-protection: 1; mode=block
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK EHL-Slice.png
www.chase.com/c/121020/etc/designs/chase-ux/css/img/ 1 KB
2 KB 117ms
117ms Image
image/png 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/img/EHL-Slice.png

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

596b7c84d21689a6dd2161c5010c334551dd394b20515d891cb29b0c7c27a833

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 08:53:13 GMT
Last-Modified: Fri, 11 Dec 2020 05:16:07 GMT
Age: 31285
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000,s-maxage=2592000
Content-Security-Policy: frame-ancestors 'none'
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1295
x-xss-protection: 1; mode=block
X-Content-Security-Policy: frame-ancestors 'none'

GET
H2 200 marketing-loader.js Show response
static.chasecdn.com/web/marketing-ui/web-ads-configs/prd/ 7 KB
2 KB 121ms
33ms Script
application/javascript 23.201.165.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/web/marketing-ui/web-ads-configs/prd/marketing-loader.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/require/js/require.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.201.165.74 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-201-165-74.deploy.static.akamaitechnologies.com

Software

Resource Hash

7603b8e14e184a7eaae48362f1979012ca2896f027928e9cda203877fb090c55

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .jpmchase.net .chase.com 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors .jpmchase.net .chase.com 'self'
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.jpmchase.net *.chase.com 'self'
content-encoding: gzip
etag: "1a65-5b68ae105225c"
vary: Accept-Encoding
content-length: 1971
x-xss-protection: 1; mode=block
x-trace-id: X9lnYqlimo4AARLP6WkAAABA
last-modified: Wed, 16 Dec 2020 01:34:40 GMT
date: Mon, 21 Dec 2020 17:34:38 GMT
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
expires: Mon, 21 Dec 2020 14:34:00 GMT
cache-control: max-age=1800
accept-ranges: bytes
x-content-security-policy: frame-ancestors *.jpmchase.net *.chase.com 'self'

GET
H/1.1 200
OK module.html Show response
www.chase.com/content/chase-ux/en/structured/module/geoimage/ad-geo/_jcr_content/ 1 KB
1 KB 117ms
117ms XHR
text/html 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/content/chase-ux/en/structured/module/geoimage/ad-geo/_jcr_content/module.html

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/jquery/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

c437bb3920bcb6d2751759f7acc382de2507f539c0c6e8a2cf7084251db8fd61

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.chase.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 17:32:03 GMT
Content-Encoding: gzip
Age: 155
Connection: Keep-Alive
Content-Length: 552
x-xss-protection: 1; mode=block
Last-Modified: Mon, 21 Dec 2020 16:06:52 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300,s-maxage=300
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Robots-Tag: noindex
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK module.html Show response
www.chase.com/content/chase-ux/en/structured/module/carousel/carousel-single-images_alt/_jcr_content/ 10 KB
2 KB 125ms
124ms XHR
text/html 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/content/chase-ux/en/structured/module/carousel/carousel-single-images_alt/_jcr_content/module.html

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/jquery/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

8f72f19a6122df8bc8dd0c0799952a65ab2e9a6a563b586e4d2034077ae2a1d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.chase.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 17:33:23 GMT
Content-Encoding: gzip
Age: 75
Connection: Keep-Alive
Content-Length: 1810
x-xss-protection: 1; mode=block
Last-Modified: Mon, 21 Dec 2020 16:06:47 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300,s-maxage=300
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Robots-Tag: noindex
X-Content-Security-Policy: frame-ancestors 'none'

GET
H/1.1 200
OK module.html Show response
www.chase.com/content/chase-ux/en/structured/module/adtriplet/primary-triplet/_jcr_content/ 3 KB
1 KB 112ms
112ms XHR
text/html 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/content/chase-ux/en/structured/module/adtriplet/primary-triplet/_jcr_content/module.html

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/jquery/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

d32ce373d1e9012390b106f27bb0ea9a4994012ccec8d86c28fa7657ee07cdd7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.chase.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 17:31:57 GMT
Content-Encoding: gzip
Age: 161
Connection: Keep-Alive
Content-Length: 761
x-xss-protection: 1; mode=block
Last-Modified: Mon, 21 Dec 2020 16:08:13 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300,s-maxage=300
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Robots-Tag: noindex
X-Content-Security-Policy: frame-ancestors 'none'

GET logonbox
secure03a.chase.com/web/auth/ Frame 7D51 0
0

GET
H2 200 slotplacement.min.js Show response
static.chasecdn.com/web/marketing-ui/cxo-ads/2020.12.13-33/web-framework/ 185 KB
37 KB 33ms
33ms Script
application/javascript 23.201.165.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/web/marketing-ui/cxo-ads/2020.12.13-33/web-framework/slotplacement.min.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/require/js/require.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.201.165.74 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-201-165-74.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

eacc0fef2e2e561a50403246fe48c54e9009874390182e137e93dff76cd14df3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .jpmchase.net .chase.com 'self'
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.jpmchase.net *.chase.com 'self'
content-encoding: br
etag: "2e225-5b6887f751148"
vary: Accept-Encoding
content-length: 37655
x-xss-protection: 1; mode=block
x-trace-id: X9lSZalimpAAABKTMygAAACI
last-modified: Wed, 16 Dec 2020 00:18:46 GMT
server: Akamai Resource Optimizer
date: Mon, 21 Dec 2020 17:34:38 GMT
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Mar 2021 00:18:45 GMT

POST
H2 200 delivery Show response
target.chase.com/rest/v1/ 315 B
489 B 165ms
54ms XHR
application/json 54.75.9.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://target.chase.com/rest/v1/delivery?client=jpmcbankna&sessionId=1a57c696861943a0905613d049c8228e&version=2.3.2
Requested by: Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.9.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-9-158.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 457f82fc419686364fdbe3f84c4b10faf9a8240cf1cc124939ebc28b4665311e

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.chase.com
date: Mon, 21 Dec 2020 17:34:39 GMT
content-encoding: gzip
access-control-allow-credentials: true
vary: Origin,Accept-Encoding
x-request-id: 3b2d640eb3e0bd57030aa724854969c1
content-type: application/json;charset=UTF-8

GET MakeDecision
midas.chase.com/prweb/PRRestService/MIDASSVCS/v1/ 0
0

GET
H/1.1 200
OK carousel-home.js Show response
www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/amd/ 13 KB
4 KB 117ms
117ms Script
application/javascript 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/amd/carousel-home.js

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/require/js/require.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

31cc08c89491c3fcc195a748a9f1c55faa246217b08108167e3d1404ccee361b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Dec 2020 18:32:02 GMT
Content-Encoding: gzip
Age: 255756
Connection: Keep-Alive
Content-Length: 3536
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:00 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET cc.gif
analytics.chase.com/events/analytics/public/v1/ 0
0

GET
H/1.1 200
OK smc.ttf
www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/ 22 KB
14 KB 122ms
122ms Font
font/ttf 159.53.42.11
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/121020/etc/designs/chase-ux/css/fonts/smc.ttf

Requested by

Host: www.chase.com
URL: https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.42.11 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

Resource Hash

83e2f0e4029d90194a54326031f5975e12b199a0d61e443ecb25e2071baaa601

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.chase.com
Referer: https://www.chase.com/c/121020/etc/designs/chase-ux/css/home.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 21 Dec 2020 14:56:58 GMT
Content-Encoding: gzip
Age: 9460
Connection: Keep-Alive
Content-Length: 13290
x-xss-protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 05:16:07 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000,s-maxage=31536000,immutable
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: secure03a.chase.com
URL: https://secure03a.chase.com/web/auth/logonbox?lang=en&fromOrigin=https%3A%2F%2Fwww.chase.com

Domain: midas.chase.com
URL: https://midas.chase.com/prweb/PRRestService/MIDASSVCS/v1/MakeDecision?ssv_eci=&ssv_pfid=&ssv_zip=&ssv_cigseg=&ssv_locale=en-US&ssv_product=&ssv_userType=&ssv_sitebrand=&ssv_siteacct=&ssv_pnpc=&ssv_pageLayout=prospect_a&ssv_origin=&ssvm_products=&ssvm_pnpcs=&ssvm_lids=&ssv_accttype=&ssv_v1st=6284CFE8838099A9&ssv_adf_traceid=web_mkt-adf-version-7_0_0_12152020_222341_6284CFE8838099A9_1608572078940_4206613&ssv_channel=web&ssv_random=319&pageID=chasehome_3&time=1608572078940

Domain: analytics.chase.com
URL: https://analytics.chase.com/events/analytics/public/v1/cc.gif?log=1&wa_cb=1608572079048.174052&url=https%3A%2F%2Fwww.chase.com%2F&pt=Credit%20Card%2C%20Mortgage%2C%20Banking%2C%20Auto%20%7C%20Chase%20Online%20%7C%20Chase.com&et=15&jp_pepr=tnt&jp_petc=2&jp_peid=11111%3A0%3A0&jp_pepl=homepage-navigation-mbox-ab&jp_pecv=Excluded%20from%20multivariate%20test&br=1600x1200&sr=1600x1200&tz=GMT+1&tzo=+1&cd=24&jv=1.8.5&mid=07137468904870702380980937444710069677&ad=1914845758%7CMCIDTS%7C17564%7CMCMID%7C07137468904870702380980937444710069677%7CMCAID%7CNONE%7CMCOPTOUT%7Cisoptedout-false%7CMCAAMLH%7C6%7CMCAAMB%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C%7CMCSYNCSOP%7C411-17568%7CvVersion%7C2.3.0&vt=unknwn&v1=6284CFE8838099A9&ls=N&ch=COL&st=Classic&av=1.0.0&eid=0b9971a0-3ba3-4337-b9f9-f71f54edba12&clientId=2.0.4&e=1

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: Layout set to Archetype [prospect], Variant [a]
console-api	log	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [CPO] POD id: A04
console-api	debug	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [sendMessageClient] Initializing client
console-api	debug	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [sendMessageClient] File version 1.0
console-api	debug	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [sendMessageClient] Found the iframe with id = #logonbox
console-api	debug	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [sendMessageClient] Found domains \| Child domain: https://secure03a.chase.com \| Parent domain: https://www.chase.com
console-api	debug	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [sendMessageClient] Activating listeners...
console-api	debug	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: [sendMessageClient] Initialized OK
console-api	log	URL: https://www.chase.com/c/121020/etc/designs/chase-ux/clientlibs/chase-ux/js/dist/index.min.js(Line 74) Message: Sign In Button Log: Sign In Type [cpo]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.chase.com
dpm.demdex.net
midas.chase.com
secure03a.chase.com
sg3plvwcpnl422883.prod.sin3.secureserver.net
static.chasecdn.com
target.chase.com
www.chase.com
www.siciliancarobflour.it
analytics.chase.com
midas.chase.com
secure03a.chase.com
148.72.201.79
159.53.42.11
23.201.165.74
54.171.106.172
54.75.9.158
89.46.105.91
0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532
1cd98b7cb88aeb27bda7cae1a140bb930d608f5cd2f470eef3afc36b5bc5d04e
31cc08c89491c3fcc195a748a9f1c55faa246217b08108167e3d1404ccee361b
3c1abe3638f051bebd5904b230101822a11e1c6460e4f9401ae7d278f9a7f6de
457f82fc419686364fdbe3f84c4b10faf9a8240cf1cc124939ebc28b4665311e
4645cfc541c1c1751e7130a698f5ef6e90d7abb0cb6668eaa422719d1a1b5b52
48ecc35b0e3894c3c798c4abede0e96f5727fa315bf05f3b8993eb1533d4b90f
596b7c84d21689a6dd2161c5010c334551dd394b20515d891cb29b0c7c27a833
5f984366ad39650baa040848341698e395456761547f7e8bb46687eb2ead7ad7
640d266e1765439bbf21cf967b7596b2871eb1fcec10b973b7008ae46eb80a88
7603b8e14e184a7eaae48362f1979012ca2896f027928e9cda203877fb090c55
7b3f7ae403c33700c5662a201a5cd9acd369e96148f84b9c0bf9fa27b2807292
83e2f0e4029d90194a54326031f5975e12b199a0d61e443ecb25e2071baaa601
8f72f19a6122df8bc8dd0c0799952a65ab2e9a6a563b586e4d2034077ae2a1d0
9929f4f1b8db07acc05ab2fd18ce282d88e4438063fe634204bd62a4acc371df
aafcae71dc97ce0b10971296df23539d20d78baf337e568de4ed9475b5afc8d0
b1c25e3a22f79a9677d7c971ea46206d00e5b73ab56dd851a7bfced4dcf666b3
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
c437bb3920bcb6d2751759f7acc382de2507f539c0c6e8a2cf7084251db8fd61
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
d26886bb8e9d25c77612be7b648cee273b9ced76204824b464e4be520cdebd99
d32ce373d1e9012390b106f27bb0ea9a4994012ccec8d86c28fa7657ee07cdd7
eacc0fef2e2e561a50403246fe48c54e9009874390182e137e93dff76cd14df3

www.chase.com Open in urlscan Pro 159.53.42.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

26 Requests

85 %HTTPS

0 %IPv6

5 Domains

9 Subdomains

6 IPs

4 Countries

494 kBTransfer

1225 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

9 Console Messages

Indicators

www.chase.com Open in urlscan Pro
159.53.42.11 Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

85 %
HTTPS

0 %
IPv6

5
Domains

9
Subdomains

6
IPs

4
Countries

494 kB
Transfer

1225 kB
Size

0
Cookies

26 HTTP transactions
0 data transactions