urlscan.io logo urlscan.io
SecurityTrails logo

secure06b.client65216.us.to Open in urlscan Pro
104.156.48.44  Public Scan

Go To Rescan Add Verdict Report
URL: https://secure06b.client65216.us.to/
Submission: On October 19 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 2 countries across 15 domains to perform 59 HTTP transactions. The main IP is 104.156.48.44, located in Tampa, United States and belongs to HVC-AS, US. The main domain is secure06b.client65216.us.to.
TLS certificate: Issued by R3 on October 19th 2022. Valid for: 3 months.
This is the only time secure06b.client65216.us.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 104.156.48.44 29802 (HVC-AS)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
1 108.138.128.2 16509 (AMAZON-02)
20 104.17.209.240 13335 (CLOUDFLAR...)
1 142.250.80.98 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 63.140.38.100 14618 (AMAZON-AES)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
4 173.223.57.45 16625 (AKAMAI-AS)
6 52.6.11.66 14618 (AMAZON-AES)
2 2 54.197.59.4 14618 (AMAZON-AES)
2 2600:9000:220... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 23.54.210.134 16625 (AKAMAI-AS)
3 2600:141b:13:... 20940 (AKAMAI-ASN1)
3 104.18.21.94 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 35.175.0.141 14618 (AMAZON-AES)
1 142.251.163.154 15169 (GOOGLE)
59 20
7    104.156.48.44 (Tampa, United States)

ASN29802 (HVC-AS, US)
PTR: lily-us-cp2.hostever.com
secure06b.client65216.us.to
1    2600:141b:13::17d7:829b (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
1    108.138.128.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-2.jfk50.r.cloudfront.net
cdn.appdynamics.com
20    104.17.209.240 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com
siteintercept.qualtrics.com
1    142.250.80.98 (Glen Cove, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f2.1e100.net
www.googleadservices.com
1    2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    63.140.38.100 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-100.data.adobedc.net
smetrics.usbank.com
1    2606:4700:10::ac43:149e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.quantummetric.com
4    173.223.57.45 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a173-223-57-45.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
6    52.6.11.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-11-66.compute-1.amazonaws.com
mpsnare.iesnare.com
2    54.197.59.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-59-4.compute-1.amazonaws.com
www.glancecdn.net
2    2600:9000:2209:1c00:d:addc:2400:93a1 (United States)

ASN16509 (AMAZON-02, US)
storage.glancecdn.net
1    2607:f8b0:4006:808::2016 (United States)

ASN15169 (GOOGLE, US)
play-lh.googleusercontent.com
1    2607:f8b0:4006:809::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    23.54.210.134 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-54-210-134.deploy.static.akamaitechnologies.com
onlinebanking.usbank.com
3    2600:141b:13:7ad::39f0 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
content.usbank.com
3    104.18.21.94 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
cdn.appsflyer.com
1    2607:f8b0:4006:806::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
1    35.175.0.141 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-175-0-141.compute-1.amazonaws.com
usbank.demdex.net
1    142.251.163.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f154.1e100.net
bid.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
20 qualtrics.com
zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com — Cisco Umbrella Rank: 119200
siteintercept.qualtrics.com — Cisco Umbrella Rank: 958
157 KB
7 us.to
secure06b.client65216.us.to
43 KB
6 iesnare.com
mpsnare.iesnare.com — Cisco Umbrella Rank: 5820
23 KB
6 usbank.com
smetrics.usbank.com — Cisco Umbrella Rank: 37877
onlinebanking.usbank.com — Cisco Umbrella Rank: 39894
content.usbank.com — Cisco Umbrella Rank: 34477
128 KB
4 glancecdn.net
www.glancecdn.net — Cisco Umbrella Rank: 4070
storage.glancecdn.net — Cisco Umbrella Rank: 5310
12 KB
4 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 968
47 KB
4 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 5075
cdn.appsflyer.com — Cisco Umbrella Rank: 17705
178 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
bid.g.doubleclick.net — Cisco Umbrella Rank: 444
2 KB
1 demdex.net
usbank.demdex.net — Cisco Umbrella Rank: 15960
3 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
548 B
1 googleusercontent.com
play-lh.googleusercontent.com — Cisco Umbrella Rank: 397
18 KB
1 quantummetric.com
cdn.quantummetric.com — Cisco Umbrella Rank: 2524
177 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
65 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 131
15 KB
1 appdynamics.com
cdn.appdynamics.com — Cisco Umbrella Rank: 2881
20 KB
59 15
Domain Requested by
19 siteintercept.qualtrics.com secure06b.client65216.us.to
zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com
siteintercept.qualtrics.com
cdn.quantummetric.com
7 secure06b.client65216.us.to secure06b.client65216.us.to
6 mpsnare.iesnare.com secure06b.client65216.us.to
4 tags.tiqcdn.com secure06b.client65216.us.to
3 cdn.appsflyer.com secure06b.client65216.us.to
3 content.usbank.com secure06b.client65216.us.to
2 onlinebanking.usbank.com secure06b.client65216.us.to
2 storage.glancecdn.net secure06b.client65216.us.to
2 www.glancecdn.net 2 redirects
1 bid.g.doubleclick.net secure06b.client65216.us.to
1 usbank.demdex.net secure06b.client65216.us.to
1 www.google.com secure06b.client65216.us.to
1 googleads.g.doubleclick.net secure06b.client65216.us.to
1 play-lh.googleusercontent.com secure06b.client65216.us.to
1 cdn.quantummetric.com secure06b.client65216.us.to
1 smetrics.usbank.com secure06b.client65216.us.to
1 www.googletagmanager.com secure06b.client65216.us.to
1 www.googleadservices.com secure06b.client65216.us.to
1 zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com secure06b.client65216.us.to
1 cdn.appdynamics.com secure06b.client65216.us.to
1 websdk.appsflyer.com secure06b.client65216.us.to
59 21

This site contains links to these domains. Also see Links.

Domain
www.usbank.com
locations.usbank.com
Subject Issuer Validity Valid
secure06b.client65216.us.to
R3		 2022-10-19 -
2023-01-17		 3 months crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-22 -
2023-09-24		 a year crt.sh
*.appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-17 -
2023-07-22		 a year crt.sh
*.qualtrics.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-04 -
2023-05-04		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
smetrics.usbank.com
Entrust Certification Authority - L1K		 2022-03-28 -
2023-04-27		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-16 -
2023-06-16		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
mpsnare.iesnare.com
DigiCert SHA2 High Assurance Server CA		 2022-04-29 -
2023-05-23		 a year crt.sh
edgestatic.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
www.usbank.com
Entrust Certification Authority - L1M		 2022-02-28 -
2023-03-27		 a year crt.sh
usb.usbank.com
Entrust Certification Authority - L1M		 2022-05-25 -
2023-05-25		 a year crt.sh
appsflyer.com
Cloudflare Inc ECC CA-3		 2022-05-16 -
2023-05-15		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-26 -
2023-10-27		 a year crt.sh

This page contains 3 frames:

Primary Page: https://secure06b.client65216.us.to/
Frame ID: 71C1D02B33E6D5AC1C680EA9F1E7D6A7
Requests: 58 HTTP requests in this frame

Frame: https://usbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 2CEA0DAA1C39BF9CB39CDDC4836C0497
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 7E0D3EDA484B679FDCD9FEDB357F596E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Standalone Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • adrum
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

59
Requests

95 %
HTTPS

40 %
IPv6

15
Domains

21
Subdomains

20
IPs

2
Countries

889 kB
Transfer

2867 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19921&site=production HTTP 302
  • https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.5.2M.js
Request Chain 15
  • https://www.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.5.2M.js HTTP 301
  • https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.5.2M.js

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
secure06b.client65216.us.to/ 		223 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash
c3a72fe3d6de3b5aa20a8e7128ef50e745a1b42e5a71a54152b4d9a21a1cc2b5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 19 Oct 2022 12:59:42 GMT
server
LiteSpeed
vary
Accept-Encoding
/
websdk.appsflyer.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners&
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:829b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2f44c4c0006c2239db8defec6537b0306ed3981369008fc4711bad69fbaf15e1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 19 Oct 2022 12:59:43 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 08:41:42 GMT
Server
AmazonS3
x-amz-request-id
QBCZFTPJZQS2RA4D
ETag
"08179f9adc55b98cc307cd6770e123ad"
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=1579
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11541
x-amz-id-2
k439erDrxRlBvl+9nyRArbeTMb0ltPoYKyytjhOOcSqARr8XKoelk/SPJveoUhLmqSV6DlUUVY4=
Expires
Wed, 19 Oct 2022 13:26:02 GMT
adrum-ext.c627835be90484dccd75d79ec6895baa.js
cdn.appdynamics.com/ 		50 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.appdynamics.com/adrum-ext.c627835be90484dccd75d79ec6895baa.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-2.jfk50.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
3c06fa474f7c3987320bdf51de7dbec3b11e917d1d69233e80d7313bc30b3e0a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 03 Oct 2022 13:54:17 GMT
content-encoding
gzip
via
1.1 6d9771d39a0475d92b50bdd9caae11c2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
age
1379126
x-cache
Hit from cloudfront
last-modified
Wed, 18 Mar 2020 17:01:24 GMT
server
nginx/1.16.1
etag
W/"5e7253e4-c9b5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2678400, s-max-age=14400
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xfRrCucQBwjhf5K5bQ7POJyKMKz5XCBqk0vZVpBOrk0G5xIzA66cCw==
/
zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_6VxkyqYWaF9f1T7&Q_LOC=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d5d69416e5bd8689855a4b749d94649053ea0eeef198f1392d2ea53ad094a35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
378598
cf-polished
origSize=8487
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"2127-ezh3Eybx17xbSQsOUnH+4avwhvU"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14b1fb4e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
conversion_async.js
www.googleadservices.com/pagead/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.98 Glen Cove, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f2.1e100.net
Software
cafe /
Resource Hash
195f3c8ce18239cd241304be4a02c70892564caf8a139f6035b853fe212bab3a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15196
x-xss-protection
0
server
cafe
etag
7222976147654879957
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 19 Oct 2022 12:59:43 GMT
js
www.googletagmanager.com/gtag/ 		181 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-978114044
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2b99e88574af4e96492ab4773ef6819dd50c1a80f1e2b476d882336e25c1067a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
66298
x-xss-protection
0
last-modified
Wed, 19 Oct 2022 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 19 Oct 2022 12:59:43 GMT
s67226793745179
smetrics.usbank.com/b/ss/usbankcom/10/JS-2.22.4/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smetrics.usbank.com/b/ss/usbankcom/10/JS-2.22.4/s67226793745179?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=29%2F8%2F2022%2014%3A23%3A53%204%200&d.&nsid=0&jsonv=1&.d&sdid=2493C6C4B175F5B4-27BFEFBBE3A6F113&mid=24431773513413794372922450347888857852&aamlh=7&ce=UTF-8&ns=usbank&g=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F&r=https%3A%2F%2Fonlinebanking.usbank.com%2Fdigital%2Floginhelp%2F&c.&vidAPICheck=VisitorAPI%20Present&appNameForSiteCat=OLB&appName_PERS=OLB&uxApp=false&uxNameForSiteCat=desktop&uxName_PERS=desktop&clientNameForSiteCat=cloud_standalone&et_dimensions=1349x657&et_width=1349&et_orientation=landscape&cd.&siteSection=login&subSiteSection=login&currentPage=omni%3Alogin%3Aenter%20username%20password&loginFormat=login%20react%20widget%20%7C%2020.02&.cd&EVENTS=event17%2C&.c&events=event17&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c3=D%3Dv3&v3=Repeat&c4=9%3A15AM&c6=Thursday&c7=9%2F29%2F2022&v9=prospect&c14=D%3Dg&c16=59&c17=omni%3Alogin%20assistance%3Averify%20identity%3Aenter%20username&c18=Less%20than%201%20day&c19=2&c24=olb%3Aauth%3Alogin&v27=2526b16e307c40368550e0b70f1a03f7.34_0&c29=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F&v35=D%3DpageName&v37=D%3DUser-Agent&c40=online%20banking&c50=R%20June%202022%7CAM_2.22.4%7C06.22.2022%7CbaseOLB%7CVid_4.4.0&v90=D%3Dg&s=1366x768&c=24&j=1.6&v=N&k=Y&bw=1366&bh=657&mcorgid=675616D751E567410A490D4C%40AdobeOrg&AQE=1
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.38.100 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ip-63-140-38-100.data.adobedc.net
Software
jag /
Resource Hash
e15cf333b9d37812ee7995b27d822be6ab95958b9a0152653b08be00fd11ed27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-aam-tid
0B+w7pj+Slo=
date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy"
content-length
1624
x-xss-protection
1; mode=block
dcs
dcs-prod-va6-2-v043-077dc0edc.edge-va6.demdex.com 5 ms
pragma
no-cache
last-modified
Thu, 20 Oct 2022 12:59:43 GMT
server
jag
etag
3578103717152391168-4619895687714516134
vary
*
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 18 Oct 2022 12:59:43 GMT
quantum-usbank.js
cdn.quantummetric.com/qscripts/ 		1 MB
177 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.quantummetric.com/qscripts/quantum-usbank.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:149e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9c40739478798ee3accfce02d41d1a168a9564fa32b271fdc75a59dc480691b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
208
etag
W/"166610492140316614390879481666166403182"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=300, stale-while-revalidate=21600, stale-if-error=21600
cf-ray
75c9b14dcca529c3-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utag.js
tags.tiqcdn.com/utag/usbank/olb/prod/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/usbank/olb/prod/utag.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
bcd16c467a0727e965bb23a79d188141d1855f504ab8d057ee983419c9f9ea3e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
gzip
last-modified
Wed, 12 Oct 2022 00:38:10 GMT
server
AkamaiNetStorage
etag
"ff79a53d39c04229baacfc13793c1adc:1665535090.732785"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
11541
expires
Wed, 19 Oct 2022 13:04:43 GMT
static_wdp.js
secure06b.client65216.us.to/Proxy/iojs/general5/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/Proxy/iojs/general5/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:42 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1238
content-type
text/html
wdp.js
mpsnare.iesnare.com/general5/ 		41 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.6.11.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-11-66.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c79fc8a8cc2e20667aec739805ec82151a65b6c1f8f7ef14e224388a4d4b6258
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 12:59:43 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Server
nginx
Accept-CH
ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=utf-8
p3p
CP="NON DSP COR CURa"
Cache-Control
no-cache, private
Connection
keep-alive
Expires
0
logo.js
mpsnare.iesnare.com/5.5.0/ 		505 B
922 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/5.5.0/logo.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.6.11.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-11-66.compute-1.amazonaws.com
Software
nginx /
Resource Hash
006cb90cc1427d29acffc4cde24cd434c8b678950d42baacfc37eb2498ede18c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 19 Oct 2022 12:59:43 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Tue, 06 May 2014 00:01:40 GMT
Server
nginx
Accept-CH
ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=utf-8
p3p
CP="NON DSP COR CURa"
Cache-Control
private
Connection
keep-alive
Expires
Thu, 19 Oct 2023 12:59:43 GMT
GlanceCobrowseLoader_5.5.2M.js
storage.glancecdn.net/cobrowse/js/
Redirect Chain
  • https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19921&site=production
  • https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.5.2M.js
11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.5.2M.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Server
2600:9000:2209:1c00:d:addc:2400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bced7aa77fddffc3a068a7bbdc48f8e420b5fc08e03cb8e216b0b61b5de0697b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 06:45:08 GMT
x-amz-version-id
nUj1CYXRI9ttL7xanWMiFG5okI.Ap7Q_
content-encoding
br
via
1.1 e832d261a0bb86f8ba09ea0550c8e77e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
age
3478476
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 14 Jun 2022 22:47:22 GMT
server
AmazonS3
etag
W/"28ad129b41c6351f86e7c64164a54402"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556926
x-amz-cf-id
pS3k7YhlSRB-0-zJY5od3g2CaZzxUjhw-V3xsz3UL41pbsBIspcucA==

Redirect headers

date
Wed, 19 Oct 2022 12:59:43 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html; charset=utf-8
location
https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.5.2M.js
access-control-allow-origin
*
cache-control
max-age=3600
content-length
189
utag.31.js
tags.tiqcdn.com/utag/usbank/olb/prod/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/usbank/olb/prod/utag.31.js?utv=ut4.46.202003192330
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4691ef6b6c2e64b195daaab421d2b3e0b5f3649dce2b4bd1fc61b9590b5fccdc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
gzip
last-modified
Thu, 19 Mar 2020 23:30:25 GMT
server
AkamaiNetStorage
etag
"6a1c6f89bde513a035870ed394e03d56:1584660625.302373"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3228
expires
Thu, 03 Nov 2022 12:59:43 GMT
utag.66.js
tags.tiqcdn.com/utag/usbank/olb/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/usbank/olb/prod/utag.66.js?utv=ut4.46.202003192330
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7bf5c698f2f8a3b2cf3d264a408e26809e694bad7d9891c677516b8ea370748e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
gzip
last-modified
Thu, 19 Mar 2020 23:30:27 GMT
server
AkamaiNetStorage
etag
"9e4a5eadc88134dd666fcbbc82b746a2:1584660627.430834"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
928
expires
Thu, 03 Nov 2022 12:59:43 GMT
dyn_wdp.js
secure06b.client65216.us.to/Proxy/iojs/5.5.0/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/Proxy/iojs/5.5.0/dyn_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:42 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1238
content-type
text/html
GlancePresenceVisitor_5.5.2M.js
storage.glancecdn.net/cobrowse/js/
Redirect Chain
  • https://www.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.5.2M.js
  • https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.5.2M.js
18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.5.2M.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Server
2600:9000:2209:1c00:d:addc:2400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0a7c0027a07c77c342fe1743823f8114ab5b052cfb87477930ddefd1e80c0a40

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 06:45:08 GMT
x-amz-version-id
ahJO3TdnWL39nFZQ5tc1iaJnsEsOiIQ4
content-encoding
br
via
1.1 e832d261a0bb86f8ba09ea0550c8e77e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
age
3478476
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 14 Jun 2022 22:47:23 GMT
server
AmazonS3
etag
W/"c686efbce75e7dd29819c75db50beef6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556926
x-amz-cf-id
pf2TMPhVrZsht-5pTP0SL6__KFBH7-8OwoJdMCPAwDhmerAV-HQyPA==

Redirect headers

location
https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.5.2M.js
access-control-allow-origin
*
date
Wed, 19 Oct 2022 12:59:43 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-length
196
content-type
text/html; charset=UTF-8
0pCA0Z4YZ5CIj0A-xoh1eNdOXpvLpLjIuxdA3eAfWqxdboWkzLc8FoGZ-JAankmzbj4Y
play-lh.googleusercontent.com/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/0pCA0Z4YZ5CIj0A-xoh1eNdOXpvLpLjIuxdA3eAfWqxdboWkzLc8FoGZ-JAankmzbj4Y
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::2016 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
7cbe855edc7a641af8397e2f7fce6193d15cdf37c338e9944035f8dbe424b56c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:11:03 GMT
x-content-type-options
nosniff
age
2920
content-disposition
inline;filename="unnamed.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17714
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 May 2022 15:42:41 GMT
logo.js
secure06b.client65216.us.to/Proxy/iojs/5.5.0/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/Proxy/iojs/5.5.0/logo.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:42 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1238
content-type
text/html
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/978114044/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/978114044/?random=1664461433766&cv=9&fst=1664461433766&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=5&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa9q0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F&ref=https%3A%2F%2Fonlinebanking.usbank.com%2Fdigital%2Floginhelp%2F&tiba=Standalone%20Login&auid=541770665.1664405064&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a32210eb6c8b250d89c3a41a086040df3b408305e78a964ca5a652dd2d75911d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
11.6d774a6a642c7cb91435.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		61 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/11.6d774a6a642c7cb91435.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=onlinebanking.usbank.com
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a65898de9846b2861e40f8339a62ffc56d70d433072ddda6ac5748673cc0e613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116335
cf-polished
origSize=63386
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"f79a-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14c29dbe10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
4.1fa8baa6e7b1d7777fa4.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
973 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/4.1fa8baa6e7b1d7777fa4.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade0cdb22ec55e2516c5ac023de45671958ea767b6f07980d3323309d2ab9d0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116336
cf-polished
origSize=2539
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"9eb-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14c29d8e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
1.646b5a7aa96ac3ade1d5.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.646b5a7aa96ac3ade1d5.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fccd058d242e52a6726d1a2e73a14e753ca3f4ebfad1dbd12f705138aaa8554
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116252
cf-polished
origSize=29568
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"7380-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14c29d2e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
EqualHousingLender.png
onlinebanking.usbank.com/auth/login//assets/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onlinebanking.usbank.com/auth/login//assets/images/EqualHousingLender.png
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.54.210.134 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-210-134.deploy.static.akamaitechnologies.com
Software
none / Express
Resource Hash
69f44920ee566a8cb7fe4a97463c5cd363e5b56ce883da11b29a5f5a3d4ef35b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
date
Wed, 19 Oct 2022 12:59:44 GMT
last-modified
Tue, 18 Oct 2022 03:05:22 GMT
server
none
x-powered-by
Express
etag
W/"454-183e90d8950"
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0
x-envoy-upstream-service-time
2
accept-ranges
bytes
content-length
1108
main-19386fe5a54ce7264a76.js
secure06b.client65216.us.to/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/main-19386fe5a54ce7264a76.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:42 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1238
content-type
text/html
utag.sync.js
tags.tiqcdn.com/utag/usbank/olb/prod/ 		92 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/usbank/olb/prod/utag.sync.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c15829399ce7846205c9962e0d4e6d31e10cc356f8235952c598f414910467b3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
content-encoding
gzip
last-modified
Wed, 12 Oct 2022 00:38:10 GMT
server
AkamaiNetStorage
etag
"d31398777449dd62cbe2bace11f8e9cd:1665535090.865848"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
31334
expires
Wed, 19 Oct 2022 13:04:43 GMT
remoteEntry.js
secure06b.client65216.us.to/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/remoteEntry.js
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:42 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1238
content-type
text/html
mNBt9E1YB
secure06b.client65216.us.to/VeDVXJ/OX-/LlG/39NWUyR-/pu3hQr8J/YXVAWAE/RmM/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure06b.client65216.us.to/VeDVXJ/OX-/LlG/39NWUyR-/pu3hQr8J/YXVAWAE/RmM/mNBt9E1YB
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.156.48.44 Tampa, United States, ASN29802 (HVC-AS, US),
Reverse DNS
lily-us-cp2.hostever.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:42 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1238
content-type
text/html
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		102 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
281060ecfe99bdb5e6a343f78379f87e1f8e5056416fbb0efd35df4744983be4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116252
cf-polished
origSize=105149
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"19abd-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14e5e64e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
FeedbackButtonModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b5aceeabb3acd528746d88da082a178e77658bbeea164b0f382469c6e23b8de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
102099
cf-polished
origSize=66295
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"102f7-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14e5e6ce10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
LinkModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
898 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/LinkModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
113654
cf-polished
origSize=2547
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"9f3-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14e5e6ee10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
EmbeddedTargetModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
111847
cf-polished
origSize=8462
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Sep 2022 18:40:53 GMT
cf-bgj
minify
server
cloudflare
etag
W/"210e-18333011708"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14e6e87e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
wr-dialog-close-btn-black.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 		256 B
534 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-black.png
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2547640cd989b80083eb3ade2a4993c1776a1229cfffd41adeb0fef3e86eaf2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

servershortname
date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
42412088
cf-polished
origSize=757
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time
5
content-length
256
last-modified
Wed, 02 Jun 2021 00:23:24 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000, public
accept-ranges
bytes
cf-ray
75c9b14e9f0de10c-ORD
expires
Fri, 13 Jun 2031 15:51:35 GMT
11.1163f93a1b03283dcecd.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		61 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=secure06b.client65216.us.to
Requested by
Host: zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com
URL: https://zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_6VxkyqYWaF9f1T7&Q_LOC=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcc99bc542379c45755d2d0dda5263aecbac09227b828b070b891af45c61bf7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116376
cf-polished
origSize=63507
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 10 Oct 2022 17:00:14 GMT
cf-bgj
minify
server
cloudflare
etag
W/"f813-183c2d70130"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b14eaf10e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
time.mp3
mpsnare.iesnare.com/ 		504 B
881 B 		Media
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/time.mp3?nocache=0.27201101499563474
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.6.11.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-11-66.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b636b2f75de78a0ed7a5b005a6ff7d1486e9f646b3456642879bdc26ef424235
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://secure06b.client65216.us.to/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Range
bytes=0-

Response headers

Pragma
public
Date
Wed, 19 Oct 2022 12:59:43 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Server
nginx
Content-Type
audio/mpeg
Content-Range
bytes 0-503/504
Content-Disposition
inline; filename=time.mp3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
504
Expires
Thu, 01 Jan 1970 00:00:00 GMT
time.mp3
mpsnare.iesnare.com/ 		504 B
881 B 		Media
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/time.mp3?nocache=0.026481952373805573
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.6.11.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-11-66.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b636b2f75de78a0ed7a5b005a6ff7d1486e9f646b3456642879bdc26ef424235
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://secure06b.client65216.us.to/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Range
bytes=0-

Response headers

Pragma
public
Date
Wed, 19 Oct 2022 12:59:43 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Server
nginx
Content-Type
audio/mpeg
Content-Range
bytes 0-503/504
Content-Disposition
inline; filename=time.mp3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
504
Expires
Thu, 01 Jan 1970 00:00:00 GMT
idc_usbank_logo.svg
onlinebanking.usbank.com/auth/login//assets/images/ 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onlinebanking.usbank.com/auth/login//assets/images/idc_usbank_logo.svg
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.54.210.134 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-210-134.deploy.static.akamaitechnologies.com
Software
none / Express
Resource Hash
23e074e9007e606114265be8b87cc63240bfa3944a70e1c564d4099c015420cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-encoding
gzip
date
Wed, 19 Oct 2022 12:59:44 GMT
last-modified
Wed, 19 Oct 2022 04:05:13 GMT
server
none
x-powered-by
Express
etag
W/"1eb4-183ee6ab0a8"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0
x-envoy-upstream-service-time
2
accept-ranges
bytes
content-length
3030
HelveticaNeueLTW04-55Roman.woff2
content.usbank.com/content/dam/onlinebanking/common/static/fonts/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.usbank.com/content/dam/onlinebanking/common/static/fonts/HelveticaNeueLTW04-55Roman.woff2
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:141b:13:7ad::39f0 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
f0d0bf9731f51367f0cafa9b577e7cc77c1532e7c66b27bd51f7c8bb670d05d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure06b.client65216.us.to/
Origin
https://secure06b.client65216.us.to
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 19 Oct 2022 12:59:43 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 08 Aug 2020 00:35:16 GMT
server
Microsoft-IIS/8.5
etag
"20995ac91b6dd61:0"
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=669863
accept-ranges
bytes
access-control-allow-headers
Content-Type
content-length
42380
x-xss-protection
1; mode=block
HelveticaNeueLTW06-75Bold.woff2
content.usbank.com/content/dam/onlinebanking/common/static/fonts/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.usbank.com/content/dam/onlinebanking/common/static/fonts/HelveticaNeueLTW06-75Bold.woff2
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:141b:13:7ad::39f0 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
18c62620ec5edc900168b99105c1de69cf183bbe46f776add1bb3d0f81c05e2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure06b.client65216.us.to/
Origin
https://secure06b.client65216.us.to
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 19 Oct 2022 12:59:43 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 12 Aug 2020 16:02:14 GMT
server
Microsoft-IIS/8.5
etag
"acc6fdf1c170d61:0"
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=901197
accept-ranges
bytes
access-control-allow-headers
Content-Type
content-length
42012
x-xss-protection
1; mode=block
MuseoSans_700-webfont.woff2
cdn.appsflyer.com/creatives-fonts/museo_sans/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.appsflyer.com/creatives-fonts/museo_sans/MuseoSans_700-webfont.woff2
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.21.94 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2b2448709710eed3c9fc63d519af90aeff818c49117f876904e98f86277fe8b

Request headers

Referer
https://secure06b.client65216.us.to/
Origin
https://secure06b.client65216.us.to
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
x-amz-version-id
VZOT7PMwtz24LXmnFL8f1ROxmsvF.Qbo
cf-cache-status
MISS
x-amz-request-id
KEG5MF6XT630PT2X
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
54848
x-amz-id-2
MJSE3XfQ5bS+uwq8EjUDxHCfoKM8qJpLbKPdorr54TJ4/P+fCtZsvGOI+B6kk0pp42d2+enS50Y=
last-modified
Mon, 04 May 2020 07:56:11 GMT
server
cloudflare
etag
"f18882595ff8772029bed928c03c6b9d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75c9b14f1f962b14-ORD
expires
Thu, 19 Oct 2023 12:59:44 GMT
alegreya-sans-v10-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-300.woff2
cdn.appsflyer.com/creatives-fonts/alegreya_sans/ 		58 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.appsflyer.com/creatives-fonts/alegreya_sans/alegreya-sans-v10-vietnamese_latin-ext_latin_greek-ext_greek_cyrillic-ext_cyrillic-300.woff2
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.21.94 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b32d502381513e00635bd3f4a84260dce51cccaa9a3b2c5354e2110376e3ab

Request headers

Referer
https://secure06b.client65216.us.to/
Origin
https://secure06b.client65216.us.to
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
x-amz-version-id
BPXj.JR1Uzik1GJQ9iJy_fa13E.MGRcR
cf-cache-status
MISS
x-amz-request-id
KEG3W62V2BPCBMFZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
59380
x-amz-id-2
g+P6n6fE8Jh9GhQRQ+mJ3IbSPRlbou+isQIXdP1jZ/ePE5tN7HglPICQWuqKMWmvWaR67yNcFcc=
last-modified
Mon, 04 May 2020 09:57:01 GMT
server
cloudflare
etag
"745f6c11bf4e8d800b3ab020b3d0ab34"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75c9b14f1f9b2b14-ORD
expires
Thu, 19 Oct 2023 12:59:43 GMT
MuseoSans_500-webfont.woff2
cdn.appsflyer.com/creatives-fonts/museo_sans/ 		53 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.appsflyer.com/creatives-fonts/museo_sans/MuseoSans_500-webfont.woff2
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.21.94 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
304b10f9b45b830d3b337f644e1231c492209c8f189ff05b23b3037bd73e6644

Request headers

Referer
https://secure06b.client65216.us.to/
Origin
https://secure06b.client65216.us.to
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
x-amz-version-id
pcMfFq3JKcJoBe6u9Z.o5z0uAk.DBnm5
cf-cache-status
MISS
x-amz-request-id
KEGFE6D9Z2ACZS0T
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
54548
x-amz-id-2
uXioULRwInKN0FATadZwSiMcnK26+Zwgpt1JJGLR0VW5L+tE7z6BxUk0yto0f2t5sE4rj3Zh5kw=
last-modified
Mon, 04 May 2020 07:56:11 GMT
server
cloudflare
etag
"c5e1ee346a47d35e2e665d813f35315f"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75c9b14f1f9c2b14-ORD
expires
Thu, 19 Oct 2023 12:59:43 GMT
time.mp3
mpsnare.iesnare.com/ 		504 B
881 B 		Media
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/time.mp3?nocache=0.23879391564331942
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.6.11.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-11-66.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b636b2f75de78a0ed7a5b005a6ff7d1486e9f646b3456642879bdc26ef424235
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://secure06b.client65216.us.to/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Range
bytes=0-

Response headers

Pragma
public
Date
Wed, 19 Oct 2022 12:59:43 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Server
nginx
Content-Type
audio/mpeg
Content-Range
bytes 0-503/504
Content-Disposition
inline; filename=time.mp3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
504
Expires
Thu, 01 Jan 1970 00:00:00 GMT
time.mp3
mpsnare.iesnare.com/ 		504 B
881 B 		Media
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/time.mp3?nocache=0.5894069624428315
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.6.11.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-11-66.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b636b2f75de78a0ed7a5b005a6ff7d1486e9f646b3456642879bdc26ef424235
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://secure06b.client65216.us.to/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Range
bytes=0-

Response headers

Pragma
public
Date
Wed, 19 Oct 2022 12:59:43 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Server
nginx
Content-Type
audio/mpeg
Content-Range
bytes 0-503/504
Content-Disposition
inline; filename=time.mp3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
504
Expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ 		772 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8296bd0ba61632f8f427f475c05e33481996d60914a36f7235ebdf0e76e9a256

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
HelveticaNeueLTW06-65Medium.woff2
content.usbank.com/content/dam/onlinebanking/common/static/fonts/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.usbank.com/content/dam/onlinebanking/common/static/fonts/HelveticaNeueLTW06-65Medium.woff2
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:141b:13:7ad::39f0 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
b135f6ca76e64e826670b0c29df639dfdcff698608323792a71f2ddd3372fb60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure06b.client65216.us.to/
Origin
https://secure06b.client65216.us.to
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 19 Oct 2022 12:59:43 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 13 Aug 2020 07:32:57 GMT
server
Microsoft-IIS/8.5
etag
"0d443f74371d61:0"
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=1909198
accept-ranges
bytes
access-control-allow-headers
Content-Type
content-length
38600
x-xss-protection
1; mode=block
/
www.google.com/pagead/1p-user-list/978114044/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/978114044/?random=1664461433766&cv=9&fst=1664460000000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=5&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F&ref=https%3A%2F%2Fonlinebanking.usbank.com%2Fdigital%2Floginhelp%2F&tiba=Standalone%20Login&async=1&fmt=3&is_vtc=1&random=989753067&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 12:59:44 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dest5.html
usbank.demdex.net/ Frame 2CEA 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://usbank.demdex.net/dest5.html?d_nsid=0
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.175.0.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-175-0-141.compute-1.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://secure06b.client65216.us.to/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-va6-2-v043-07c2c7e3f.edge-va6.demdex.com 1 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
6sNWVoOBQ34=
content-encoding
gzip
date
Wed, 19 Oct 2022 12:59:44 GMT
last-modified
Thu, 29 Sep 2022 16:47:39 GMT
vary
accept-encoding
pixel
bid.g.doubleclick.net/xbbe/ Frame 7E0D 		0
681 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Requested by
Host: secure06b.client65216.us.to
URL: https://secure06b.client65216.us.to/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://secure06b.client65216.us.to/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 12:59:44 GMT
expires
Wed, 19 Oct 2022 12:59:44 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		11 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_6VxkyqYWaF9f1T7&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=secure06b.client65216.us.to
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af1a3f5151ca15459e948a3835537955d3b05b9c44a04f05d8ae1f330d443aad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure06b.client65216.us.to/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://secure06b.client65216.us.to
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
camera=(), geolocation=(), microphone=()
trace-id
e1e48a6ea6a7a691
cf-ray
75c9b1519d26e10c-ORD
timing-allow-origin
*
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		102 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=secure06b.client65216.us.to
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116376
cf-polished
origSize=105331
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 10 Oct 2022 17:00:14 GMT
cf-bgj
minify
server
cloudflare
etag
W/"19b73-183c2d70130"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b1537936e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
de74ab7c-d283-475f-ad49-059c0143b31e
https://secure06b.client65216.us.to/ 		17 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://secure06b.client65216.us.to/de74ab7c-d283-475f-ad49-059c0143b31e
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bcced89457d72c43f4e61826e1fea8bfe6edeea4025267741d7c94659a599984

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Length
17224
Content-Type
application/javascript
4.3b9b4addd065f99c38ba.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
896 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/4.3b9b4addd065f99c38ba.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com
URL: https://zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_6VxkyqYWaF9f1T7&Q_LOC=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d427be16bb613ac2143ccfc846c52ed07b52640e8271757e260f9d4071ab66f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116376
cf-polished
origSize=2539
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 10 Oct 2022 17:00:14 GMT
cf-bgj
minify
server
cloudflare
etag
W/"9eb-183c2d70130"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b1546aeee10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
1.abd4c1d883bf4b225b59.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.abd4c1d883bf4b225b59.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com
URL: https://zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_6VxkyqYWaF9f1T7&Q_LOC=https%3A%2F%2Fonlinebanking.usbank.com%2Fauth%2Flogin%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c75818fa24700b4e5db803928119c17500f98e3d0f7fb33f07db6cbd5f7b203
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116375
cf-polished
origSize=29568
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 10 Oct 2022 17:00:14 GMT
cf-bgj
minify
server
cloudflare
etag
W/"7380-183c2d70130"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b1546afce10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
LinkModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
886 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/LinkModule.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=secure06b.client65216.us.to
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
115683
cf-polished
origSize=2547
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 10 Oct 2022 17:00:14 GMT
cf-bgj
minify
server
cloudflare
etag
W/"9f3-183c2d70130"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b1547afee10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
EmbeddedTargetModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=usbank
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=secure06b.client65216.us.to
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
116266
cf-polished
origSize=8462
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 10 Oct 2022 17:00:14 GMT
cf-bgj
minify
server
cloudflare
etag
W/"210e-183c2d70130"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b1547b01e10c-ORD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_e39Wa46ASKtqbcx&Version=3&Q_ORIGIN=https://secure06b.client65216.us.to&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-usbank.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3201b914ab514d904794fb249368a4654a5bc85745d3bc15f3d9f1ab211ef77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

servershortname
date
Wed, 19 Oct 2022 12:59:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Oct 2022 12:59:44 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b15559b42ad6-ORD
expires
Sat, 16 Oct 2032 12:59:44 GMT
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		207 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_a2AsGQKhBoo8TgV&Version=1&Q_InterceptID=SI_e39Wa46ASKtqbcx&Q_ORIGIN=https://secure06b.client65216.us.to&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-usbank.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44e8247f315d91b1bf58ec655a23bf36f4783141b111630b1126d2faf10802e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

servershortname
date
Wed, 19 Oct 2022 12:59:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Oct 2022 12:59:45 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b15559b52ad6-ORD
expires
Sat, 16 Oct 2032 12:59:45 GMT
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		7 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_57GL0UFxoO6mKC9&Version=11&Q_ORIGIN=https://secure06b.client65216.us.to&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-usbank.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afea528c3784ad6ce2d82204938334d618a986b9d32e5a85f02de94803647dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

servershortname
date
Wed, 19 Oct 2022 12:59:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Oct 2022 12:59:45 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b15559b72ad6-ORD
expires
Sat, 16 Oct 2032 12:59:45 GMT
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		199 B
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_bNJ69FZUut5fiwB&Version=1&Q_InterceptID=SI_57GL0UFxoO6mKC9&Q_ORIGIN=https://secure06b.client65216.us.to&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-usbank.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52cb4201cd4bda9ca3338c1069f450009eb6bbc976b190c15de3f001bb07218b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure06b.client65216.us.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

servershortname
date
Wed, 19 Oct 2022 12:59:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Oct 2022 12:59:45 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
75c9b15559b82ad6-ORD
expires
Sat, 16 Oct 2032 12:59:45 GMT

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.79.0 string| AppsFlyerSdkObject function| AF object| AF_cleanupMethods object| IGLOO boolean| Target_Monitoring_IsTntLogOn boolean| Target_Monitoring_IsAnySelectorMissing boolean| Target_Monitoring_IsSelectorOrContentChanged function| Target_Monitoring_CheckElements function| Target_Monitoring_CheckAllSelectors function| Target_Monitoring_WrongContentSelectorFunction function| Target_MakeSTLCall function| DTOFunction_Apply object| GLANCE object| WAFQualtricsWebpackJsonP-cloud-1.77.0 object| process function| GooglemKTybQhCsO function| google_trackConversion undefined| pcId object| google_tag_manager object| google_tag_data object| dataLayer function| QuantumMetricInstrumentationStart object| QuantumMetricAPI function| qmWaitForEventData boolean| qmStorageAvail function| createSample function| evalSelector function| qmSetCookie function| toLowerCase function| qmGetValFromDL function| qmFindObject function| consoleError function| QuantumMetricConfigureEncryptScrubList boolean| utag_condload object| Utagger object| utag boolean| __tealium_twc_switch object| AF_SDK function| qmGetActiveCSSRules function| _QuantumMetricSymbol function| qmflate object| _qsie

3 Cookies

Domain/Path Name / Value
mpsnare.iesnare.com/ Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef
Value: UZv7SCVRfoWYTcMSesH3EqT/J4qfN2y0dSLYWmAOL/w=
.doubleclick.net/ Name: IDE
Value: AHWqTUnzuaat7b3uAF5JUEhncXVC6aRBtAgA0tpIvgccmKFm1cDqc2lDdlDVBQ2X
.us.to/ Name: utag_main
Value: v_id:0183f0540e9400220faf4ba73fb803074002406c00b08$_sn:1$_se:1$_ss:1$_st:1666186184151$ses_id:1666184384151%3Bexp-session$_pn:1%3Bexp-session

7 Console Messages

Source Level URL
Text
network error URL: https://secure06b.client65216.us.to/Proxy/iojs/general5/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://secure06b.client65216.us.to/Proxy/iojs/5.5.0/dyn_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://secure06b.client65216.us.to/Proxy/iojs/5.5.0/logo.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://secure06b.client65216.us.to/main-19386fe5a54ce7264a76.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://secure06b.client65216.us.to/remoteEntry.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://secure06b.client65216.us.to/VeDVXJ/OX-/LlG/39NWUyR-/pu3hQr8J/YXVAWAE/RmM/mNBt9E1YB
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://usbank.demdex.net/dest5.html?d_nsid=0(Line 12)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://onlinebanking.usbank.com') does not match the recipient window's origin ('https://secure06b.client65216.us.to').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bid.g.doubleclick.net
cdn.appdynamics.com
cdn.appsflyer.com
cdn.quantummetric.com
content.usbank.com
googleads.g.doubleclick.net
mpsnare.iesnare.com
onlinebanking.usbank.com
play-lh.googleusercontent.com
secure06b.client65216.us.to
siteintercept.qualtrics.com
smetrics.usbank.com
storage.glancecdn.net
tags.tiqcdn.com
usbank.demdex.net
websdk.appsflyer.com
www.glancecdn.net
www.google.com
www.googleadservices.com
www.googletagmanager.com
zn6vxkyqywaf9f1t7-usbank.siteintercept.qualtrics.com
104.156.48.44
104.17.209.240
104.18.21.94
108.138.128.2
142.250.80.98
142.251.163.154
173.223.57.45
23.54.210.134
2600:141b:13:7ad::39f0
2600:141b:13::17d7:829b
2600:9000:2209:1c00:d:addc:2400:93a1
2606:4700:10::ac43:149e
2607:f8b0:4006:806::2004
2607:f8b0:4006:808::2016
2607:f8b0:4006:809::2002
2607:f8b0:4006:81d::2008
35.175.0.141
52.6.11.66
54.197.59.4
63.140.38.100
006cb90cc1427d29acffc4cde24cd434c8b678950d42baacfc37eb2498ede18c
0a7c0027a07c77c342fe1743823f8114ab5b052cfb87477930ddefd1e80c0a40
18c62620ec5edc900168b99105c1de69cf183bbe46f776add1bb3d0f81c05e2b
195f3c8ce18239cd241304be4a02c70892564caf8a139f6035b853fe212bab3a
20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d
23e074e9007e606114265be8b87cc63240bfa3944a70e1c564d4099c015420cb
2547640cd989b80083eb3ade2a4993c1776a1229cfffd41adeb0fef3e86eaf2b
281060ecfe99bdb5e6a343f78379f87e1f8e5056416fbb0efd35df4744983be4
2b5aceeabb3acd528746d88da082a178e77658bbeea164b0f382469c6e23b8de
2b99e88574af4e96492ab4773ef6819dd50c1a80f1e2b476d882336e25c1067a
2f44c4c0006c2239db8defec6537b0306ed3981369008fc4711bad69fbaf15e1
304b10f9b45b830d3b337f644e1231c492209c8f189ff05b23b3037bd73e6644
3c06fa474f7c3987320bdf51de7dbec3b11e917d1d69233e80d7313bc30b3e0a
44e8247f315d91b1bf58ec655a23bf36f4783141b111630b1126d2faf10802e5
4691ef6b6c2e64b195daaab421d2b3e0b5f3649dce2b4bd1fc61b9590b5fccdc
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
4d5d69416e5bd8689855a4b749d94649053ea0eeef198f1392d2ea53ad094a35
52cb4201cd4bda9ca3338c1069f450009eb6bbc976b190c15de3f001bb07218b
69f44920ee566a8cb7fe4a97463c5cd363e5b56ce883da11b29a5f5a3d4ef35b
6fccd058d242e52a6726d1a2e73a14e753ca3f4ebfad1dbd12f705138aaa8554
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7bf5c698f2f8a3b2cf3d264a408e26809e694bad7d9891c677516b8ea370748e
7cbe855edc7a641af8397e2f7fce6193d15cdf37c338e9944035f8dbe424b56c
8296bd0ba61632f8f427f475c05e33481996d60914a36f7235ebdf0e76e9a256
95b32d502381513e00635bd3f4a84260dce51cccaa9a3b2c5354e2110376e3ab
9c75818fa24700b4e5db803928119c17500f98e3d0f7fb33f07db6cbd5f7b203
a32210eb6c8b250d89c3a41a086040df3b408305e78a964ca5a652dd2d75911d
a65898de9846b2861e40f8339a62ffc56d70d433072ddda6ac5748673cc0e613
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
ade0cdb22ec55e2516c5ac023de45671958ea767b6f07980d3323309d2ab9d0b
af1a3f5151ca15459e948a3835537955d3b05b9c44a04f05d8ae1f330d443aad
afea528c3784ad6ce2d82204938334d618a986b9d32e5a85f02de94803647dbc
b135f6ca76e64e826670b0c29df639dfdcff698608323792a71f2ddd3372fb60
b636b2f75de78a0ed7a5b005a6ff7d1486e9f646b3456642879bdc26ef424235
b9c40739478798ee3accfce02d41d1a168a9564fa32b271fdc75a59dc480691b
bcced89457d72c43f4e61826e1fea8bfe6edeea4025267741d7c94659a599984
bcd16c467a0727e965bb23a79d188141d1855f504ab8d057ee983419c9f9ea3e
bced7aa77fddffc3a068a7bbdc48f8e420b5fc08e03cb8e216b0b61b5de0697b
c15829399ce7846205c9962e0d4e6d31e10cc356f8235952c598f414910467b3
c3a72fe3d6de3b5aa20a8e7128ef50e745a1b42e5a71a54152b4d9a21a1cc2b5
c79fc8a8cc2e20667aec739805ec82151a65b6c1f8f7ef14e224388a4d4b6258
d427be16bb613ac2143ccfc846c52ed07b52640e8271757e260f9d4071ab66f6
e15cf333b9d37812ee7995b27d822be6ab95958b9a0152653b08be00fd11ed27
e2b2448709710eed3c9fc63d519af90aeff818c49117f876904e98f86277fe8b
e3201b914ab514d904794fb249368a4654a5bc85745d3bc15f3d9f1ab211ef77
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d0bf9731f51367f0cafa9b577e7cc77c1532e7c66b27bd51f7c8bb670d05d6
fcc99bc542379c45755d2d0dda5263aecbac09227b828b070b891af45c61bf7a