www.bancfirst.bank Open in urlscan Pro
24.248.243.7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://r20.rs6.net/tn.jsp?f=001HAbgN0BHuaznR4vooFsptgyVUyvzUA6OzCkHLGo-M5e-POHKzhO-E2hzMF2frO6xKMLDClv_mUhnRCLqIesk...
Effective URL:
https://www.bancfirst.bank/
Submission Tags: phishing malicious Search All
Submission: On June 16 via api (June 16th 2020, 7:54:38 pm UTC) from US

Summary HTTP 43 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 43 HTTP transactions. The main IP is 24.248.243.7, located in Oklahoma City, United States and belongs to BANCFIRST, US. The main domain is www.bancfirst.bank.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on April 24th 2018. Valid for: 2 years.

This is the only time www.bancfirst.bank was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	208.75.122.11 208.75.122.11	40444 (ASN-CC) (ASN-CC)
26	24.248.243.7 24.248.243.7	36860 (BANCFIRST) (BANCFIRST)
2	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:825::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
5	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff08	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:10c... 2a02:26f0:10c:39a::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
43	11

1 208.75.122.11 (United States) 1 redirects

ASN40444 (ASN-CC, US)
PTR: rs6.net

r20.rs6.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 24.248.243.7 (Oklahoma City, United States)

ASN36860 (BANCFIRST, US)
PTR: www.bancfirst.bank

www.bancfirst.bank	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a01:4a0:1338:28::c38a:ff08 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:39a::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	bancfirst.bank www.bancfirst.bank	628 KB
6	typekit.net use.typekit.net p.typekit.net	115 KB
2	gstatic.com fonts.gstatic.com	54 KB
2	googleapis.com ajax.googleapis.com fonts.googleapis.com	6 KB
2	jsdelivr.net cdn.jsdelivr.net	17 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	google.com www.google.com	13 KB
1	googletagmanager.com www.googletagmanager.com	30 KB
1	rs6.net 1 redirects r20.rs6.net	345 B
43	9

	Domain	Requested by
26	www.bancfirst.bank	www.bancfirst.bank
5	use.typekit.net	ajax.googleapis.com use.typekit.net
2	fonts.gstatic.com	www.google-analytics.com www.bancfirst.bank
2	cdn.jsdelivr.net	www.bancfirst.bank
2	www.google-analytics.com	www.googletagmanager.com www.bancfirst.bank
2	www.google.com	www.bancfirst.bank
1	p.typekit.net	www.bancfirst.bank
1	fonts.googleapis.com	ajax.googleapis.com
1	ajax.googleapis.com	www.bancfirst.bank
1	www.googletagmanager.com	www.bancfirst.bank
1	r20.rs6.net	1 redirects
43	11

This site contains links to these domains. Also see Links.

Domain
www.bancfirstonline.com
secure.andera.com
umnasg7.umonitor.com
online1.elancard.com
mortgageapp.bancfirst.bank
www.ordermychecks.com
www.digindemo.com
www.bancfirstbusinessonline.com
www.sba.gov
clientpoint.fisglobal.com
www.bancfirst.insurance
bancfirst.tv
www.facebook.com
twitter.com
www.fdic.gov
get.adobe.com

Subject Issuer	Validity	Valid
www.bancfirst.bank DigiCert SHA2 Extended Validation Server CA	`2018-04-24` - `2020-07-08`	2 years	crt.sh
www.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-06-08` - `2021-04-17`	10 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.bancfirst.bank/
Frame ID: 0DD29A064B255B7A2B223CEA198381C1
Requests: 51 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://r20.rs6.net/tn.jsp?f=001HAbgN0BHuaznR4vooFsptgyVUyvzUA6OzCkHLGo-M5e-POHKzhO-E2hzMF2frO6x... HTTP 302
https://www.bancfirst.bank/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

script /googleapis\.com\/.+webfont/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Page Statistics

43
Requests

100 %
HTTPS

82 %
IPv6

9
Domains

11
Subdomains

11
IPs

3
Countries

880 kB
Transfer

1427 kB
Size

5
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bancfirstonline.com/tob/live/usp-core/app/register
Title: Enroll

Search URL Search Domain Scan URL

URL: https://www.bancfirstonline.com/tob/live/usp-core/app/authUpdate
Title: Forgot Username or Password

Search URL Search Domain Scan URL

URL: https://secure.andera.com/index.cfm?fiid=2B0D76505C494386A4D84713B8819270
Title: Open New Account

Search URL Search Domain Scan URL

URL: https://umnasg7.umonitor.com/consumerloan/uLoan/welcome.do?auth=eb49a03c3e5dcb39
Title: Apply For A Consumer Loan

Search URL Search Domain Scan URL

URL: https://online1.elancard.com/oad/begin?locationCode=20688
Title: Apply for a Credit Card

Search URL Search Domain Scan URL

URL: https://mortgageapp.bancfirst.bank/
Title: Start a Home Loan Request

Search URL Search Domain Scan URL

URL: https://www.ordermychecks.com/login_a.jsp
Title: Reorder Checks

Search URL Search Domain Scan URL

URL: https://www.digindemo.com/?include=billpayduedate-ipadbillpay-kindlebillpay-accountbalance-internaltransfers-financeworks-iphonevideos-androidvideos-mobilerdc-mobilewebbanking-textmessagebanking-ipadbanking-kindlebanking-fiserv-mobilerdcnorewards-iphonerdcbillpay-androidrdcbillpay&id=5362
Title: Online Banking Demo

Search URL Search Domain Scan URL

URL: https://www.bancfirstbusinessonline.com/bbw/cmserver/welcome/default/verify.cfm
Title: Business Online Banking

Search URL Search Domain Scan URL

URL: https://www.sba.gov/
Title: Small Business Administration

Search URL Search Domain Scan URL

URL: https://mortgageapp.bancfirst.bank/pages/get-preapproved
Title: Benefits of Getting Pre-Qualified

Search URL Search Domain Scan URL

URL: https://clientpoint.fisglobal.com/tdcb/main/UserLogon?bankNumber=RM&subProduct=
Title: Trust Client Portal

Search URL Search Domain Scan URL

URL: http://www.bancfirst.insurance/
Title: << Insurance Services

Search URL Search Domain Scan URL

URL: http://www.bancfirst.insurance/commercial
Title: Business Insurance

Search URL Search Domain Scan URL

URL: http://www.bancfirst.insurance/personal
Title: Personal Insurance

Search URL Search Domain Scan URL

URL: http://www.bancfirst.insurance/employee-benefits
Title: Employee Benefits

Search URL Search Domain Scan URL

URL: https://bancfirst.tv/fiscal-fitness-center
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bancfirstok
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bancfirstok/
Title: Facebook Profile

Search URL Search Domain Scan URL

URL: https://twitter.com/bancfirstok
Title: Twitter Profile

Search URL Search Domain Scan URL

URL: https://www.fdic.gov/
Title: Equal House Lending

Search URL Search Domain Scan URL

URL: https://get.adobe.com/reader/
Title: Download Adobe Acrobat

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://r20.rs6.net/tn.jsp?f=001HAbgN0BHuaznR4vooFsptgyVUyvzUA6OzCkHLGo-M5e-POHKzhO-E2hzMF2frO6xKMLDClv_mUhnRCLqIeskzUDc6ywshyyLJUprwQPcDr_YOKTY97oheUjyWbgwAiyPxf1dlgiC1_tT-Qh-3oinqQ==&c=dIhctbF5DvLk9p8CcZNB9CQ0se_vzuK8PBh7as8uJ4SyUd0Fcskklg==&ch=SDu48FBuYE1rNxa_dGwIxqwgMRC_o6quEhiWzqD3F29lapcBOD4a5g== HTTP 302
https://www.bancfirst.bank/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.bancfirst.bank/
Redirect Chain

http://r20.rs6.net/tn.jsp?f=001HAbgN0BHuaznR4vooFsptgyVUyvzUA6OzCkHLGo-M5e-POHKzhO-E2hzMF2frO6xKMLDClv_mUhnRCLqIeskzUDc6ywshyyLJUprwQPcDr_YOKTY97oheUjyWbgwAiyPxf1dlgiC1_tT-Qh-3oinqQ==&c=dIhctbF5DvL...
https://www.bancfirst.bank/

127 KB
22 KB

821ms
239ms

Document
text/html

24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

5f855eb79c3be74c49c822848731233d34d02e3dc7938cb3a567d568c1c5618d

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.bancfirst.bank
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:17 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkY0K0l0T2Vwek1QMUk5N1dGcVwvNGt3PT0iLCJ2YWx1ZSI6Im9QU1dCSVBiZm5HN3EyU01BZWxCWk1ac1l3bzNTY3BseTBqcDJZYW9pMXNBY0NoTjJPdnhESlNVcVJkbDlESVFVU2xQS3BwZ1BlVmZEUEd2eWRBbytnPT0iLCJtYWMiOiI3MGM2NGYxNjc0N2FkNWVhN2U3ZjY0NjNjZWRjZGFiOTg5NDg1MWE1MmYwNGQyOWIzZGZlYzcxOGY5Zjk1ZDIzIn0%3D; expires=Tue, 16-Jun-2020 21:54:17 GMT; Max-Age=7200; path=/;Secure;HttpOnly bancfirstStagingSession=eyJpdiI6IlRzWFd2NTN3dHVrWFYwVlRsV0hSVWc9PSIsInZhbHVlIjoiR2NVTFlMd1dreXJPMTZ4b1czVTJocFwvSGNudlwvWm5DOWxCQTdCd2VPVlUrY3prZEJicXVLMnU0RXRYeUJ2SVpPOUdDUWZDNXdLQlhMUkpjNmUwbzZodz09IiwibWFjIjoiYTE0OGY2YjRkYTcwZWU3NjZjNWU2ZjU1NmYwNWNiNDFlMGU0ODE4MGE0ODVjNjg0Mzg2ZTFjZmU3NDVkMWZiMiJ9; expires=Tue, 16-Jun-2020 21:54:17 GMT; Max-Age=7200; path=/; httponly;Secure;HttpOnly
Pragma: no-cache
Host: $host;
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Content-Length: 20322
Connection: close

Redirect headers

Date: Tue, 16 Jun 2020 19:54:16 GMT
Server: Apache
P3P: CP="CAO DSP TAIa OUR NOR UNI"
Location: https://www.bancfirst.bank/
Content-Length: 0
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=ISO-8859-1

GET
H2 200 default+en.css
www.google.com/cse/static/element/5d7bf4891789cfae/ 44 KB
10 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/5d7bf4891789cfae/default+en.css

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a295bcfa91664e0dfac547516febc524302c24be2ddb9cf90ceda80b1e8f19aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 18:50:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Apr 2019 15:29:53 GMT
server: sffe
age: 522206
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9940
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:50:51 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v3/ 11 KB
3 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v3/default.css

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 19:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 1748
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2719
x-xss-protection: 0
expires: Tue, 16 Jun 2020 20:15:09 GMT

GET
H/1.1 200
OK layout.css
www.bancfirst.bank/css/ 85 KB
16 KB 443ms
154ms Stylesheet
text/css 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/css/layout.css?v=151

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

a414ecb17a9aeaed5de5bfe65fd42d9a65175488de9d8638ebbf465a3b1cee3b

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 03 Apr 2020 14:01:06 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5e8741a2-1526d"
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 82 KB
30 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:825::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PP7Q5WN&gtm_auth=2Oe54Bj_oNj3ElYKRVdwsg&gtm_preview=env-3&gtm_cookies_win=x

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba76ce903c9c71a77fae74e2b4db880bad2de6207bade29c87d9ba129e8f8db0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 19:54:17 GMT
content-encoding: br
vary: *
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30511
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK logo.png
www.bancfirst.bank/img/ 4 KB
5 KB 446ms
156ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/img/logo.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

303146aca98666857cd6a991775b22d919ee99f80e54f04a64cc9514dd5f756e

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 4144
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:30 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e65e-1030"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PP7Q5WN&gtm_auth=2Oe54Bj_oNj3ElYKRVdwsg&gtm_preview=env-3&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 4480
date: Tue, 16 Jun 2020 18:39:38 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Tue, 16 Jun 2020 20:39:38 GMT

GET
H/1.1 200
OK sbastorieshomepagepng-1590780817330687227.png
www.bancfirst.bank/uploads/gallery/ 138 KB
139 KB 261ms
155ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/gallery/sbastorieshomepagepng-1590780817330687227.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

94b6b7d8eaad7c730f3359399f2905b0dda483eb53cd94bfab01c759b5987578

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 141544
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 29 May 2020 19:33:37 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5ed16391-228e8"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK fiscalfitness-homepagepng-15912902661268584878.png
www.bancfirst.bank/uploads/gallery/ 36 KB
38 KB 748ms
158ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/gallery/fiscalfitness-homepagepng-15912902661268584878.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

9bfd0e0e8acd0c57130743dff88b9a6abde0db533ee6898589fde1c7e4638a16

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 37296
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 04 Jun 2020 17:04:26 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5ed9299a-91b0"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK left-arrow.svg
www.bancfirst.bank/svg/ 1 KB
2 KB 895ms
154ms Image
image/svg+xml 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/svg/left-arrow.svg

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

d7b9ab7a6097e3773906c39308be201002888015aec9582962f16f93980bb21e

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:27 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65b-42d"
Strict-Transport-Security: max-age=31536000
Content-Type: image/svg+xml
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK right-arrow.svg
www.bancfirst.bank/svg/ 1 KB
2 KB 722ms
153ms Image
image/svg+xml 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/svg/right-arrow.svg

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

19196d3902fa90d9dba1d037b9655909869c3ceb2dd8a0c26039dcfec2002545

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:27 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65b-44b"
Strict-Transport-Security: max-age=31536000
Content-Type: image/svg+xml
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK button-1.png
www.bancfirst.bank/uploads/ 964 B
2 KB 268ms
157ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/button-1.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

f3592caf7886abee2cdcbdc3e6be2cb8d61a4a110d78102b17cf46d1f11381ab

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 964
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 04 Jun 2020 16:59:00 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5ed92854-3c4"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK button-2.png
www.bancfirst.bank/uploads/ 908 B
2 KB 278ms
161ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/button-2.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

16bb96aa3cb6646a32638596d9a1e2b68fd5d778fad8b9bea037ecefc95e7b95

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 908
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 04 Jun 2020 17:02:14 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5ed92916-38c"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK stolen-card.png
www.bancfirst.bank/uploads//ctas/ 3 KB
4 KB 729ms
153ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads//ctas/stolen-card.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

4f89e89652a6c82d03d832fca9df3faf6e4ca2ed8cd1334928650183bb49a0b6

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 2967
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:38:16 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e8a8-b97"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK overdraft.png
www.bancfirst.bank/uploads//ctas/ 3 KB
4 KB 1105ms
157ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads//ctas/overdraft.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

1b26444e6f137a44384992f8d819044660022c8cf7a44097a7904f4fb9d18ceb

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 3201
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:38:16 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e8a8-c81"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK photocontesthpicon.png
www.bancfirst.bank/uploads// 4 KB
5 KB 715ms
153ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads//photocontesthpicon.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

a70d7ce149a78c02f21442f0f7039a27062029a90ae929bf0cb493a68635b01a

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 4275
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:38:17 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e8a9-10b3"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK modernizr.min.js Show response
www.bancfirst.bank/js/vendor/ 7 KB
4 KB 1440ms
158ms Script
application/javascript 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/js/vendor/modernizr.min.js

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

c08470d3d82f23bf91e7e05e1983ce988e3e2b9537db60db2d1ec496bc5f2dc3

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:27 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65b-1cda"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK jquery-1.11.3.min.js Show response
www.bancfirst.bank/js/vendor/ 93 KB
34 KB 1391ms
162ms Script
application/javascript 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/js/vendor/jquery-1.11.3.min.js

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

d5732c5172fd0d58c9f859d5adefc662891a13ebcd826b6bc05a7e69df28af58

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:27 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65b-175c9"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK litly.min.js Show response
www.bancfirst.bank/js/vendor/ 6 KB
4 KB 1389ms
159ms Script
application/javascript 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/js/vendor/litly.min.js

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

bf8979c966e5253969260caad3c8781cf4d19f19fa413b98b7a9a4870bbe4f31

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:27 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65b-19c8"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK slick.min.js Show response
www.bancfirst.bank/js/vendor/ 42 KB
11 KB 1569ms
165ms Script
application/javascript 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/js/vendor/slick.min.js

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

39c5416be674921804677053d4709402f046d2b982eaab5cd06e8265677838fe

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 03 Mar 2020 16:35:53 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5e5e8769-a794"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H2 200 flatpickr.min.css
cdn.jsdelivr.net/npm/flatpickr/dist/ 16 KB
3 KB 10ms
7ms Stylesheet
text/css 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.css

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 17610
x-cache: HIT, HIT
status: 200
content-length: 3011
etag: W/"3e52-Z8ltFmyjrFMhtPv5BetbS7Tfva8"
x-served-by: cache-fra19179-FRA, cache-hhn4081-HHN
date: Tue, 16 Jun 2020 19:54:18 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 flatpickr Show response
cdn.jsdelivr.net/npm/ 47 KB
14 KB 9ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/flatpickr

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 22751
x-cache: HIT, HIT
status: 200
content-length: 13758
etag: W/"bd86-pLJVK3m7yglI/eSGB0jb4JxWRwY"
x-served-by: cache-fra19146-FRA, cache-hhn4081-HHN
date: Tue, 16 Jun 2020 19:54:18 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK gallery.js Show response
www.bancfirst.bank/js/ 7 KB
3 KB 1570ms
164ms Script
application/javascript 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/js/gallery.js

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

d4137c4e0dc81642d5275363885d1232405227a0c01f4be8c81addd26a52fdeb

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 07 Apr 2020 15:08:40 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5e8c9778-1d42"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK build.min.js Show response
www.bancfirst.bank/js/ 9 KB
4 KB 1762ms
156ms Script
application/javascript 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/js/build.min.js?v=151

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

1b8e869836c86578cbf9471177cafbd4066dc8aae25d3552710051063f5f402f

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 27 Jan 2020 17:33:43 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5e2f1ef7-23d4"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.16/ 13 KB
5 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28396880470a28e0525bdc0ea326ffb811de7de13662d02f7530dbbe3f12d90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Jun 2020 16:20:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 444847
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5480
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Jun 2021 16:20:11 GMT

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK logo.png
www.bancfirst.bank/img/ 4 KB
5 KB 424ms
164ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/img/logo.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

303146aca98666857cd6a991775b22d919ee99f80e54f04a64cc9514dd5f756e

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 4144
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:30 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e65e-1030"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK mcalester-1487104798.jpg
www.bancfirst.bank/uploads/headers/ 50 KB
51 KB 348ms
155ms Image
image/jpeg 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/headers/mcalester-1487104798.jpg

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

197cf27f76bca6b68b546d9aef7b6fd579b023f25ff012cde05d56cebcc51733

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 51488
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:38:16 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e8a8-c920"
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK right-pointer.svg
www.bancfirst.bank/svg/ 544 B
2 KB 415ms
157ms Image
image/svg+xml 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/svg/right-pointer.svg

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

3f6e4f8c963bf85fe1a62553217c2e2370e4d5d41d2e64c8740668f093e21de0

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/css/layout.css?v=151
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:27 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65b-220"
Strict-Transport-Security: max-age=31536000
Content-Type: image/svg+xml
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK icons.data.svg.css
www.bancfirst.bank/icons/ 57 KB
13 KB 1481ms
159ms Stylesheet
text/css 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/icons/icons.data.svg.css

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

8c8ad44242e116d42a587ae0f5a04c05224f00a27ce919ccafc96e42fda76d17

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:28 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65c-e3c1"
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
H/1.1 200
OK shawnee-header.jpg
www.bancfirst.bank/img/home/ 64 KB
66 KB 462ms
155ms Image
image/jpeg 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/img/home/shawnee-header.jpg

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

6a1c73f01780f5a0f88ded78e91b62d3177a8566f068e2333fc24d3d1f1a0a75

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/css/layout.css?v=151
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:19 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 66003
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:30 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5df3e65e-101d3"
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H2 200 akj0mau.js Show response
use.typekit.net/ 19 KB
8 KB 36ms
26ms Script
text/javascript 2a01:4a0:1338:28::c38a:ff08
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/akj0mau.js

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

nginx /

Resource Hash

cfafd238ce87016234576aecdcb95126df36b212bfcb0ba3ec8e7e630f858d2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
status: 200
date: Tue, 16 Jun 2020 19:54:18 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 7517

GET
H2 200 css
fonts.googleapis.com/ 1 KB
608 B 21ms
18ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Playfair+Display:700

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b3f356b3e131dde517e8de0b6f1c5fa5db4a02db53c96a88b8a5e9ccb9ca4bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Jun 2020 19:54:18 GMT
server: ESF
date: Tue, 16 Jun 2020 19:54:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Jun 2020 19:54:18 GMT

GET
H2 200 nuFlD-vYSZviVYUb_rj3ij__anPXBYf9lW4e4A.woff
fonts.gstatic.com/s/playfairdisplay/v15/ 31 KB
31 KB 13ms
10ms Font
font/woff 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v15/nuFlD-vYSZviVYUb_rj3ij__anPXBYf9lW4e4A.woff

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dd3b38ffe83128c06fed99594c96f55d14259a6b8ebe419f1f42cf1432b0a9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bancfirst.bank/css/layout.css?v=151
Origin: https://www.bancfirst.bank

Response headers

date: Tue, 09 Jun 2020 03:33:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:18:54 GMT
server: sffe
age: 663643
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31684
x-xss-protection: 0
expires: Wed, 09 Jun 2021 03:33:35 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
106 B 15ms
15ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1775694462&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bancfirst.bank%2F&ul=en-us&de=UTF-8&dt=Homepage%20%7C%20BancFirst%20of%20Oklahoma&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=650878386&gjid=1360242747&cid=1312297369.1592337258&tid=UA-61103203-1&_gid=409726094.1592337258&_r=1&gtm=2wg640PP7Q5WN&z=395052489

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jun 2020 19:54:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 l
use.typekit.net/af/be199d/00000000000000003b9aefba/27/ 33 KB
33 KB 73ms
51ms Font
application/font-woff2 2a01:4a0:1338:28::c38a:ff08
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/be199d/00000000000000003b9aefba/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n8&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/akj0mau.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: nginx /
Resource Hash: ada81abb95d635868d07308331f057eada526ec62a787024512c97d71c8859e6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bancfirst.bank/
Origin: https://www.bancfirst.bank

Response headers

date: Tue, 16 Jun 2020 19:54:18 GMT
server: nginx
etag: "356d9de0c980e8ed23bf65b52414d061c70ca3f5"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 33420

GET
H2 200 l
use.typekit.net/af/919204/00000000000000003b9aefc2/27/ 31 KB
32 KB 35ms
13ms Font
application/font-woff2 2a01:4a0:1338:28::c38a:ff08
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/919204/00000000000000003b9aefc2/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/akj0mau.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 363ddcdad8fa8db6500ad554923cc22ab4bf968c15aa09c63e26a74cd5556b62

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bancfirst.bank/
Origin: https://www.bancfirst.bank

Response headers

date: Tue, 16 Jun 2020 19:54:18 GMT
server: nginx
etag: "e5c1837b5e8ba53b851934a88258676056eab6fa"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 32072

GET
H2 200 l
use.typekit.net/af/af96c8/00000000000000003b9aefc0/27/ 31 KB
31 KB 38ms
16ms Font
application/font-woff2 2a01:4a0:1338:28::c38a:ff08
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/af96c8/00000000000000003b9aefc0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/akj0mau.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 1e71dfd2075bdd8ab13805b0c9bc396c00c1a3d982d3e9ddde63ccfaf4f2eaaf

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bancfirst.bank/
Origin: https://www.bancfirst.bank

Response headers

date: Tue, 16 Jun 2020 19:54:18 GMT
server: nginx
etag: "625d31c6ff36363142e14c9d9cf9f2747ce3803a"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 31984

GET
H2 200 l
use.typekit.net/af/c080f0/0000000000000000000149c5/27/ 12 KB
12 KB 25ms
4ms Font
application/font-woff2 2a01:4a0:1338:28::c38a:ff08
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c080f0/0000000000000000000149c5/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/akj0mau.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 84279fcce9e4c420c0771c1c63c84a3a0cb2a5413c8f976c3a2d74085b948a02

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bancfirst.bank/
Origin: https://www.bancfirst.bank

Response headers

date: Tue, 16 Jun 2020 19:54:18 GMT
server: nginx
etag: "37bd227ee32b0ff9f02d53730e66eb42557d0292"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 11824

GET
H2 200 nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDXbtXK-F2qC0s.woff
fonts.gstatic.com/s/playfairdisplay/v20/ 23 KB
23 KB 8ms
7ms Font
font/woff 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v20/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDXbtXK-F2qC0s.woff

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5f15ac290ab92b121075d32d2a9da25f420d20aa0a3c92d9b80ad20aa79aad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display:700
Origin: https://www.bancfirst.bank

Response headers

date: Wed, 10 Jun 2020 11:04:58 GMT
x-content-type-options: nosniff
last-modified: Wed, 05 Feb 2020 00:10:03 GMT
server: sffe
age: 550160
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23132
x-xss-protection: 0
expires: Thu, 10 Jun 2021 11:04:58 GMT

GET
H2 200 p.gif
p.typekit.net/ 35 B
201 B 27ms
9ms Image
image/gif 2a02:26f0:10c:39a::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=akj0mau&ht=tk&h=www.bancfirst.bank&f=169.173.175.13407&a=4065597&js=1.19.2&app=typekit&e=js&_=1592337258489
Requested by: Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39a::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 19:54:18 GMT
last-modified: Fri, 18 Oct 2019 21:36:02 GMT
server: nginx
etag: "5daa3042-23"
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 35
expires: Wed, 20 Nov 2019 10:51:15 GMT

GET
H/1.1 200
OK fiscalfitness-homepagepng-15912902661268584878.png
www.bancfirst.bank/uploads/gallery/ 36 KB
38 KB 480ms
165ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/gallery/fiscalfitness-homepagepng-15912902661268584878.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/js/vendor/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

9bfd0e0e8acd0c57130743dff88b9a6abde0db533ee6898589fde1c7e4638a16

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:20 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 37296
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 04 Jun 2020 17:04:26 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5ed9299a-91b0"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK sbastorieshomepagepng-1590780817330687227.png
www.bancfirst.bank/uploads/gallery/ 138 KB
139 KB 486ms
172ms Image
image/png 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancfirst.bank/uploads/gallery/sbastorieshomepagepng-1590780817330687227.png

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/js/vendor/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

94b6b7d8eaad7c730f3359399f2905b0dda483eb53cd94bfab01c759b5987578

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:20 GMT
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 141544
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 29 May 2020 19:33:37 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: "5ed16391-228e8"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'
Accept-Ranges: bytes

GET
H/1.1 200
OK icons.data.svg.css
www.bancfirst.bank/icons/ 57 KB
13 KB 478ms
167ms Stylesheet
text/css 24.248.243.7
BANCFIRST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancfirst.bank/icons/icons.data.svg.css

Requested by

Host: www.bancfirst.bank
URL: https://www.bancfirst.bank/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

24.248.243.7 Oklahoma City, United States, ASN36860 (BANCFIRST, US),

Reverse DNS

www.bancfirst.bank

Software

nginx /

Resource Hash

8c8ad44242e116d42a587ae0f5a04c05224f00a27ce919ccafc96e42fda76d17

Security Headers

Name	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bancfirst.bank/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 19:54:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 13 Dec 2019 19:28:28 GMT
Server: nginx
Host: $host;
X-Frame-Options: SAMEORIGIN
ETag: W/"5df3e65c-e3c1"
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Via: 1.1 www.bancfirst.bank (Apache/2.4.43)
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy: script-src *.bancfirst.tv *.google.com *.gstatic.com *.typekit.net *.addthis.com *.googleapis.com *.jsdelivr.net *.googletagmanager.com *.moatads.com *.addthisedge.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.bancfirst.bank *.googleapis.com *.google.com *.jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.bancfirst.bank *.googletagmanager.com *.typekit.net 'unsafe-inline'

GET
DATA 200
OK truncated
/ 974 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75a10cefb5524714dc7cf3a3e9141cee3fa09f0fc52bbb9c2b9f4c16a39e37d3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1003 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96dbb6d3724157300c1472e220fcbbddae0f35d281907df60d510b08f0573970

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a15255458a79f87e9a6b20886a3504ec646b8132be91819faa8ff52bea250357

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 403 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e334569abe3a36019b835b506290c8fbe890ea30cfb29300cc8f7ec9b6d1e189

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 806 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8b9e6295e9b1c32d8619a7f77955a976623c6f076944765005e6142f2098f85

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e59066049c0a886014e35d1e41d69a23c9c52bbc66cbec2a8bad32e21070c14e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0056ffc8913bbcb4fdb6f861153faf05fe673f86ec1b4974d5b7b7bd390fc137

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bancfirst.bank/	1970-01-19 10:18:57	Name: _gat_UA-61103203-1 Value: 1
.bancfirst.bank/	1970-01-20 03:50:09	Name: _ga Value: GA1.2.1312297369.1592337258
.bancfirst.bank/	1970-01-19 10:20:23	Name: _gid Value: GA1.2.409726094.1592337258
www.bancfirst.bank/	1970-01-19 10:19:04	Name: bancfirstStagingSession Value: eyJpdiI6IlRzWFd2NTN3dHVrWFYwVlRsV0hSVWc9PSIsInZhbHVlIjoiR2NVTFlMd1dreXJPMTZ4b1czVTJocFwvSGNudlwvWm5DOWxCQTdCd2VPVlUrY3prZEJicXVLMnU0RXRYeUJ2SVpPOUdDUWZDNXdLQlhMUkpjNmUwbzZodz09IiwibWFjIjoiYTE0OGY2YjRkYTcwZWU3NjZjNWU2ZjU1NmYwNWNiNDFlMGU0ODE4MGE0ODVjNjg0Mzg2ZTFjZmU3NDVkMWZiMiJ9
www.bancfirst.bank/	1970-01-19 10:19:04	Name: XSRF-TOKEN Value: eyJpdiI6IkY0K0l0T2Vwek1QMUk5N1dGcVwvNGt3PT0iLCJ2YWx1ZSI6Im9QU1dCSVBiZm5HN3EyU01BZWxCWk1ac1l3bzNTY3BseTBqcDJZYW9pMXNBY0NoTjJPdnhESlNVcVJkbDlESVFVU2xQS3BwZ1BlVmZEUEd2eWRBbytnPT0iLCJtYWMiOiI3MGM2NGYxNjc0N2FkNWVhN2U3ZjY0NjNjZWRjZGFiOTg5NDg1MWE1MmYwNGQyOWIzZGZlYzcxOGY5Zjk1ZDIzIn0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src .bancfirst.tv .google.com .gstatic.com .typekit.net .addthis.com .googleapis.com .jsdelivr.net .googletagmanager.com .moatads.com .addthisedge.com .google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src .bancfirst.bank .googleapis.com .google.com .jsdelivr.net 'unsafe-inline' data:; object-src 'none'; frame-ancestors 'self' .bancfirst.bank; worker-src blob:; script-src-elem cdn.jsdelivr.net .googleapis.com .gstatic.com .google.com .google-analytics.com .bancfirst.bank .googletagmanager.com *.typekit.net 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
r20.rs6.net
use.typekit.net
www.bancfirst.bank
www.google-analytics.com
www.google.com
www.googletagmanager.com
208.75.122.11
24.248.243.7
2a00:1450:4001:802::200a
2a00:1450:4001:809::200a
2a00:1450:4001:809::200e
2a00:1450:4001:819::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:825::2008
2a01:4a0:1338:28::c38a:ff08
2a02:26f0:10c:39a::19fd
2a04:4e42:1b::621
0056ffc8913bbcb4fdb6f861153faf05fe673f86ec1b4974d5b7b7bd390fc137
16bb96aa3cb6646a32638596d9a1e2b68fd5d778fad8b9bea037ecefc95e7b95
19196d3902fa90d9dba1d037b9655909869c3ceb2dd8a0c26039dcfec2002545
197cf27f76bca6b68b546d9aef7b6fd579b023f25ff012cde05d56cebcc51733
1b26444e6f137a44384992f8d819044660022c8cf7a44097a7904f4fb9d18ceb
1b8e869836c86578cbf9471177cafbd4066dc8aae25d3552710051063f5f402f
1e71dfd2075bdd8ab13805b0c9bc396c00c1a3d982d3e9ddde63ccfaf4f2eaaf
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
303146aca98666857cd6a991775b22d919ee99f80e54f04a64cc9514dd5f756e
363ddcdad8fa8db6500ad554923cc22ab4bf968c15aa09c63e26a74cd5556b62
39c5416be674921804677053d4709402f046d2b982eaab5cd06e8265677838fe
3f6e4f8c963bf85fe1a62553217c2e2370e4d5d41d2e64c8740668f093e21de0
4f89e89652a6c82d03d832fca9df3faf6e4ca2ed8cd1334928650183bb49a0b6
5f855eb79c3be74c49c822848731233d34d02e3dc7938cb3a567d568c1c5618d
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
6a1c73f01780f5a0f88ded78e91b62d3177a8566f068e2333fc24d3d1f1a0a75
75a10cefb5524714dc7cf3a3e9141cee3fa09f0fc52bbb9c2b9f4c16a39e37d3
7dd3b38ffe83128c06fed99594c96f55d14259a6b8ebe419f1f42cf1432b0a9f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84279fcce9e4c420c0771c1c63c84a3a0cb2a5413c8f976c3a2d74085b948a02
8c8ad44242e116d42a587ae0f5a04c05224f00a27ce919ccafc96e42fda76d17
94b6b7d8eaad7c730f3359399f2905b0dda483eb53cd94bfab01c759b5987578
96dbb6d3724157300c1472e220fcbbddae0f35d281907df60d510b08f0573970
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9bfd0e0e8acd0c57130743dff88b9a6abde0db533ee6898589fde1c7e4638a16
9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50
a15255458a79f87e9a6b20886a3504ec646b8132be91819faa8ff52bea250357
a28396880470a28e0525bdc0ea326ffb811de7de13662d02f7530dbbe3f12d90
a295bcfa91664e0dfac547516febc524302c24be2ddb9cf90ceda80b1e8f19aa
a414ecb17a9aeaed5de5bfe65fd42d9a65175488de9d8638ebbf465a3b1cee3b
a70d7ce149a78c02f21442f0f7039a27062029a90ae929bf0cb493a68635b01a
ada81abb95d635868d07308331f057eada526ec62a787024512c97d71c8859e6
b3f356b3e131dde517e8de0b6f1c5fa5db4a02db53c96a88b8a5e9ccb9ca4bdc
ba76ce903c9c71a77fae74e2b4db880bad2de6207bade29c87d9ba129e8f8db0
bf8979c966e5253969260caad3c8781cf4d19f19fa413b98b7a9a4870bbe4f31
c08470d3d82f23bf91e7e05e1983ce988e3e2b9537db60db2d1ec496bc5f2dc3
cfafd238ce87016234576aecdcb95126df36b212bfcb0ba3ec8e7e630f858d2d
d4137c4e0dc81642d5275363885d1232405227a0c01f4be8c81addd26a52fdeb
d5732c5172fd0d58c9f859d5adefc662891a13ebcd826b6bc05a7e69df28af58
d7b9ab7a6097e3773906c39308be201002888015aec9582962f16f93980bb21e
d8b9e6295e9b1c32d8619a7f77955a976623c6f076944765005e6142f2098f85
e334569abe3a36019b835b506290c8fbe890ea30cfb29300cc8f7ec9b6d1e189
e59066049c0a886014e35d1e41d69a23c9c52bbc66cbec2a8bad32e21070c14e
f3592caf7886abee2cdcbdc3e6be2cb8d61a4a110d78102b17cf46d1f11381ab
f5f15ac290ab92b121075d32d2a9da25f420d20aa0a3c92d9b80ad20aa79aad1
fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

www.bancfirst.bank Open in urlscan Pro 24.248.243.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

100 %HTTPS

82 %IPv6

9 Domains

11 Subdomains

11 IPs

3 Countries

880 kBTransfer

1427 kBSize

5 Cookies

22 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bancfirst.bank Open in urlscan Pro
24.248.243.7 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

100 %
HTTPS

82 %
IPv6

9
Domains

11
Subdomains

11
IPs

3
Countries

880 kB
Transfer

1427 kB
Size

5
Cookies

43 HTTP transactions
8 data transactions