quickbooks.intuit.com Open in urlscan Pro
104.102.35.78 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQn...
Submission: On May 30 via api (May 30th 2023, 3:42:40 pm UTC) from BE — Scanned from DE

Summary HTTP 139 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 57 IPs in 6 countries across 35 domains to perform 139 HTTP transactions. The main IP is 104.102.35.78, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is quickbooks.intuit.com. The Cisco Umbrella rank of the primary domain is 21549.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 27th 2023. Valid for: a year.

This is the only time quickbooks.intuit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.102.35.78 104.102.35.78	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.86.62.242 104.86.62.242	16625 (AKAMAI-AS) (AKAMAI-AS)
15	99.86.4.95 99.86.4.95	16509 (AMAZON-02) (AMAZON-02)
6	23.215.20.35 23.215.20.35	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.249.9.24 13.249.9.24	16509 (AMAZON-02) (AMAZON-02)
2	34.211.82.75 34.211.82.75	16509 (AMAZON-02) (AMAZON-02)
4	104.102.57.56 104.102.57.56	16625 (AKAMAI-AS) (AKAMAI-AS)
2	35.80.101.197 35.80.101.197	16509 (AMAZON-02) (AMAZON-02)
1	52.222.214.53 52.222.214.53	16509 (AMAZON-02) (AMAZON-02)
14	2600:9000:223... 2600:9000:223e:ca00:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
1 6	54.171.19.100 54.171.19.100	16509 (AMAZON-02) (AMAZON-02)
4	35.166.227.37 35.166.227.37	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:7e00:9:618e:3dc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.218.113.203 34.218.113.203	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:480... 2a02:26f0:480:980::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	52.19.14.35 52.19.14.35	16509 (AMAZON-02) (AMAZON-02)
1 3	63.140.62.160 63.140.62.160	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	35.159.47.190 35.159.47.190	16509 (AMAZON-02) (AMAZON-02)
6	52.10.241.57 52.10.241.57	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
3 3	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	104.18.9.110 104.18.9.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2 3	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:6da	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.166.154.88 35.166.154.88	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:e2:... 2606:4700:e2::ac40:8e22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.98.126 143.204.98.126	16509 (AMAZON-02) (AMAZON-02)
1	54.81.54.200 54.81.54.200	14618 (AMAZON-AES) (AMAZON-AES)
2	44.235.153.176 44.235.153.176	16509 (AMAZON-02) (AMAZON-02)
2	2600:1480:400... 2600:1480:4000:41::	33905 (AKAMAI-AMS) (AKAMAI-AMS)
3	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
2	52.222.214.86 52.222.214.86	16509 (AMAZON-02) (AMAZON-02)
1	44.229.178.231 44.229.178.231	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:ad4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	54.173.184.55 54.173.184.55	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	3.77.191.72 3.77.191.72	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	3.9.75.2 3.9.75.2	16509 (AMAZON-02) (AMAZON-02)
5	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1e85	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
4	13.40.239.91 13.40.239.91	16509 (AMAZON-02) (AMAZON-02)
2	52.37.128.179 52.37.128.179	16509 (AMAZON-02) (AMAZON-02)
1	109.169.42.14 109.169.42.14	20860 (IOMART-AS) (IOMART-AS)
139	57

2 104.102.35.78 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-78.deploy.static.akamaitechnologies.com

quickbooks.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.86.62.242 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-86-62-242.deploy.static.akamaitechnologies.com

digitalasset.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 99.86.4.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-95.fra6.r.cloudfront.net

uxfabric.intuitcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.215.20.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-20-35.deploy.static.akamaitechnologies.com

plugin.intuitcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.intuitcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.9.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-9-24.cdg53.r.cloudfront.net

privacy-policy.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.211.82.75 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-211-82-75.us-west-2.compute.amazonaws.com

shtaxonomyservice.api.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.102.57.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-57-56.deploy.static.akamaitechnologies.com

accounts.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.80.101.197 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-80-101-197.us-west-2.compute.amazonaws.com

intuitvisitorid.api.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-53.fra56.r.cloudfront.net

segment.intuitcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:223e:ca00:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.171.19.100 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-19-100.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.166.227.37 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-227-37.us-west-2.compute.amazonaws.com

eventbus.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:7e00:9:618e:3dc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.websdk.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.218.113.203 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-218-113-203.us-west-2.compute.amazonaws.com

trinity.platform.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:980::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
02179915.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.19.14.35 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-14-35.eu-west-1.compute.amazonaws.com

turbotax.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.140.62.160 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-160.data.adobedc.net

sci.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.159.47.190 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-159-47-190.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.10.241.57 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-241-57.us-west-2.compute.amazonaws.com

rum.api.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (Palos Park, United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

dp2.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.9.110 (None, )

ASN13335 (CLOUDFLARENET, US)

ds.reson8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:6da (United States)

ASN13335 (CLOUDFLARENET, US)

js.partnerstack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.166.154.88 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-154-88.us-west-2.compute.amazonaws.com

csp.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:8e22 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-126.fra50.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.81.54.200 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-54-200.compute-1.amazonaws.com

vid1005.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.235.153.176 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-235-153-176.us-west-2.compute.amazonaws.com

marketdataservice.api.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1480:4000:41:: (United States)

ASN33905 (AKAMAI-AMS, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.214.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-86.fra56.r.cloudfront.net

script.infinity-tracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.229.178.231 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-229-178-231.us-west-2.compute.amazonaws.com

idsync.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ad4 (United States)

ASN13335 (CLOUDFLARENET, US)

grsm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.184.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-184-55.compute-1.amazonaws.com

vi4820.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.77.191.72 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-77-191-72.eu-central-1.compute.amazonaws.com

2796.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.9.75.2 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-75-2.eu-west-2.compute.amazonaws.com

web.lon.infinity-tracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.0.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1e85 (United States)

ASN13335 (CLOUDFLARENET, US)

partnerlinks.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.40.239.91 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-40-239-91.eu-west-2.compute.amazonaws.com

nas.lon.infinity-tracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.37.128.179 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-128-179.us-west-2.compute.amazonaws.com

xds-writesvc.api.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.169.42.14 (United Kingdom)

ASN20860 (IOMART-AS, GB)
PTR: ict.infinity-tracking.net

ict.infinity-tracking.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	intuit.com 1 redirects quickbooks.intuit.com — Cisco Umbrella Rank: 21549 digitalasset.intuit.com — Cisco Umbrella Rank: 24321 shtaxonomyservice.api.intuit.com — Cisco Umbrella Rank: 115648 accounts.intuit.com — Cisco Umbrella Rank: 13588 intuitvisitorid.api.intuit.com — Cisco Umbrella Rank: 38654 eventbus.intuit.com — Cisco Umbrella Rank: 10921 cdn.websdk.intuit.com — Cisco Umbrella Rank: 58432 trinity.platform.intuit.com — Cisco Umbrella Rank: 28445 sci.intuit.com — Cisco Umbrella Rank: 12728 rum.api.intuit.com — Cisco Umbrella Rank: 9914 csp.intuit.com — Cisco Umbrella Rank: 15347 marketdataservice.api.intuit.com — Cisco Umbrella Rank: 60438 xds-writesvc.api.intuit.com — Cisco Umbrella Rank: 60387	260 KB
22	intuitcdn.net uxfabric.intuitcdn.net — Cisco Umbrella Rank: 13817 plugin.intuitcdn.net — Cisco Umbrella Rank: 13046 assets.intuitcdn.net — Cisco Umbrella Rank: 14733 segment.intuitcdn.net — Cisco Umbrella Rank: 16330	1 MB
14	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1027	186 KB
11	doubleclick.net 5 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 210 ad.doubleclick.net — Cisco Umbrella Rank: 165 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 337 stats.g.doubleclick.net — Cisco Umbrella Rank: 76	19 KB
9	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 200 turbotax.demdex.net — Cisco Umbrella Rank: 21303	12 KB
8	infinity-tracking.com script.infinity-tracking.com — Cisco Umbrella Rank: 37544 web.lon.infinity-tracking.com — Cisco Umbrella Rank: 33233 nas.lon.infinity-tracking.com — Cisco Umbrella Rank: 36091	25 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 68 region1.analytics.google.com — Cisco Umbrella Rank: 3686 www.google.com — Cisco Umbrella Rank: 2	1 KB
5	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 765	2 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	287 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6080	777 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 157	135 KB
3	d41.co cdn-0.d41.co — Cisco Umbrella Rank: 16538 vid1005.d41.co — Cisco Umbrella Rank: 63936 vi4820.d41.co — Cisco Umbrella Rank: 64916	26 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 717	20 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 752	1 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1238 c.go-mpulse.net — Cisco Umbrella Rank: 615	51 KB
1	infinity-tracking.net ict.infinity-tracking.net — Cisco Umbrella Rank: 27545	944 B
1	partnerlinks.io partnerlinks.io — Cisco Umbrella Rank: 13625	206 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	185 B
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 93	4 KB
1	siteimproveanalytics.io 2796.global.siteimproveanalytics.io — Cisco Umbrella Rank: 41495	481 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1480	157 B
1	grsm.io grsm.io — Cisco Umbrella Rank: 12986	237 B
1	segment.com idsync.segment.com — Cisco Umbrella Rank: 15164	35 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1323	8 KB
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 3360	10 KB
1	partnerstack.com js.partnerstack.com — Cisco Umbrella Rank: 16630	3 KB
1	reson8.com ds.reson8.com — Cisco Umbrella Rank: 2879	96 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 991	708 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 232	616 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 306	265 B
1	33across.com dp2.33across.com — Cisco Umbrella Rank: 9524	69 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 375	98 B
1	akstat.io 02179915.akstat.io — Cisco Umbrella Rank: 67237	204 B
1	truste.com privacy-policy.truste.com — Cisco Umbrella Rank: 9032	14 KB
139	35

	Domain	Requested by
15	uxfabric.intuitcdn.net	quickbooks.intuit.com uxfabric.intuitcdn.net tags.tiqcdn.com
14	tags.tiqcdn.com	uxfabric.intuitcdn.net tags.tiqcdn.com
6	rum.api.intuit.com	uxfabric.intuitcdn.net
6	dpm.demdex.net	1 redirects quickbooks.intuit.com
5	ct.pinterest.com	s.pinimg.com
5	www.googletagmanager.com	tags.tiqcdn.com www.googletagmanager.com
5	assets.intuitcdn.net	uxfabric.intuitcdn.net
4	nas.lon.infinity-tracking.com	script.infinity-tracking.com
4	www.google.de
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	eventbus.intuit.com	uxfabric.intuitcdn.net
4	accounts.intuit.com	uxfabric.intuitcdn.net cdn.websdk.intuit.com accounts.intuit.com
3	www.google.com
3	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
3	ad.doubleclick.net	2 redirects tags.tiqcdn.com
3	cm.g.doubleclick.net	3 redirects
3	sci.intuit.com	1 redirects tags.tiqcdn.com
3	turbotax.demdex.net	tags.tiqcdn.com
2	xds-writesvc.api.intuit.com	quickbooks.intuit.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	web.lon.infinity-tracking.com	script.infinity-tracking.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	script.infinity-tracking.com	tags.tiqcdn.com script.infinity-tracking.com
2	s.pinimg.com	tags.tiqcdn.com s.pinimg.com
2	marketdataservice.api.intuit.com	tags.tiqcdn.com
2	csp.intuit.com	tags.tiqcdn.com
2	pm.w55c.net	2 redirects
2	intuitvisitorid.api.intuit.com	uxfabric.intuitcdn.net
2	shtaxonomyservice.api.intuit.com	uxfabric.intuitcdn.net
2	quickbooks.intuit.com	uxfabric.intuitcdn.net
1	ict.infinity-tracking.net	script.infinity-tracking.com
1	partnerlinks.io	js.partnerstack.com
1	region1.analytics.google.com	www.googletagmanager.com
1	www.facebook.com
1	adservice.google.com
1	googleads4.g.doubleclick.net	ad.doubleclick.net
1	pagead2.googlesyndication.com	ad.doubleclick.net
1	2796.global.siteimproveanalytics.io
1	vi4820.d41.co	cdn-0.d41.co
1	alb.reddit.com
1	grsm.io	js.partnerstack.com
1	idsync.segment.com
1	www.redditstatic.com	tags.tiqcdn.com
1	vid1005.d41.co	tags.tiqcdn.com
1	cdn-0.d41.co	tags.tiqcdn.com
1	siteimproveanalytics.com	tags.tiqcdn.com
1	js.partnerstack.com	tags.tiqcdn.com
1	ds.reson8.com
1	cms.analytics.yahoo.com	1 redirects
1	c.bing.com	1 redirects
1	match.adsrvr.org
1	dp2.33across.com
1	idsync.rlcdn.com
1	02179915.akstat.io	s.go-mpulse.net
1	c.go-mpulse.net	s.go-mpulse.net
1	s.go-mpulse.net	accounts.intuit.com
1	trinity.platform.intuit.com	cdn.websdk.intuit.com
1	cdn.websdk.intuit.com	tags.tiqcdn.com
1	segment.intuitcdn.net	uxfabric.intuitcdn.net
1	privacy-policy.truste.com	quickbooks.intuit.com
1	plugin.intuitcdn.net	quickbooks.intuit.com
1	digitalasset.intuit.com	quickbooks.intuit.com
139	62

This site contains links to these domains. Also see Links.

Domain
quickbookstraining.com
security.intuit.com
accounts.intuit.com
intuitmarket.com
developer.intuit.com
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com
www.intuit.com
turbotax.intuit.com
proconnect.intuit.com
mint.intuit.com
privacy.truste.com

Subject Issuer	Validity	Valid
mktg.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-01-24`	a year	crt.sh
digitalasset.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-13` - `2023-08-13`	a year	crt.sh
uxfabric.intuitcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2023-03-26` - `2024-04-25`	a year	crt.sh
*.intuitcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-28` - `2023-11-30`	a year	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-16`	a year	crt.sh
*.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-22` - `2024-05-22`	a year	crt.sh
accounts-prd.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-08` - `2023-11-29`	a year	crt.sh
segment.intuitcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M01	`2023-04-18` - `2024-05-17`	a year	crt.sh
trinity.platform.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-04` - `2024-04-02`	a year	crt.sh
*.websdk.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-24` - `2024-05-24`	a year	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2023-04-05` - `2024-04-04`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
sci.intuit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-06` - `2023-09-30`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-23` - `2024-02-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
siteimproveanalytics.com GTS CA 1P5	`2023-05-05` - `2023-08-03`	3 months	crt.sh
*.d41.co DigiCert TLS RSA SHA256 2020 CA1	`2023-02-21` - `2024-03-05`	a year	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-08-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-08` - `2023-06-06`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
script.infinity-tracking.com Amazon RSA 2048 M01	`2023-02-27` - `2024-01-11`	10 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M01	`2023-02-10` - `2023-10-08`	8 months	crt.sh
web.lon.infinity-tracking.com Amazon RSA 2048 M01	`2023-02-21` - `2023-12-20`	10 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
nas.lon.infinity-tracking.com Amazon RSA 2048 M02	`2023-02-22` - `2023-12-22`	10 months	crt.sh
ict.infinity-tracking.net R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US
Frame ID: 413F64068E6F0507B8E8ED13843179E7
Requests: 117 HTTP requests in this frame

Frame: https://accounts.intuit.com/ividFrame.html?query_string_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896
Frame ID: 1691B25C4A77049E3D156EF893A08192
Requests: 5 HTTP requests in this frame

Frame: https://turbotax.demdex.net/dest5.html?d_nsid=5
Frame ID: 09A8C4B5FB441564DD86C18078A65578
Requests: 9 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: D4786D66E30585A32901AF10428957A8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Identify suspicious activity, phishing scams, and potential fraud

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

139
Requests

94 %
HTTPS

37 %
IPv6

35
Domains

62
Subdomains

57
IPs

6
Countries

2325 kB
Transfer

7942 kB
Size

51
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://quickbookstraining.com/
Title: Training classes

Search URL Search Domain Scan URL

URL: https://security.intuit.com/security-tips
Title: online security tips

Search URL Search Domain Scan URL

URL: https://security.intuit.com/security-notices
Title: security notices

Search URL Search Domain Scan URL

URL: https://security.intuit.com/
Title: Intuit Online Security Center

Search URL Search Domain Scan URL

URL: https://accounts.intuit.com/index.html?offering_id=Intuit.help.selfhelp.shexpsbg&redirect_url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&locale=en-us&country=US
Title: sign in

Search URL Search Domain Scan URL

URL: https://intuitmarket.com/mainnav
Title: Checks & Supplies

Search URL Search Domain Scan URL

URL: https://developer.intuit.com/
Title: For Developers

Search URL Search Domain Scan URL

URL: https://www.facebook.com/IntuitQuickBooks/

Search URL Search Domain Scan URL

URL: https://twitter.com/QuickBooks

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Quickbooks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/quickbooks/

Search URL Search Domain Scan URL

URL: https://www.intuit.com/

Search URL Search Domain Scan URL

URL: https://turbotax.intuit.com/

Search URL Search Domain Scan URL

URL: https://proconnect.intuit.com/

Search URL Search Domain Scan URL

URL: https://mint.intuit.com/

Search URL Search Domain Scan URL

URL: https://www.intuit.com/company/
Title: About Intuit

Search URL Search Domain Scan URL

URL: https://www.intuit.com/careers/
Title: Join Our Team

Search URL Search Domain Scan URL

URL: https://www.intuit.com/company/press-room
Title: Press

Search URL Search Domain Scan URL

URL: https://www.intuit.com/partners/
Title: Affiliates And Partners

Search URL Search Domain Scan URL

URL: https://accounts.intuit.com/terms-of-service
Title: Terms and Conditions.

Search URL Search Domain Scan URL

URL: https://security.intuit.com/intuit-cookie-policy
Title: About cookies

Search URL Search Domain Scan URL

URL: https://www.intuit.com/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.intuit.com/privacy/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://privacy.truste.com/privacy-seal/validation?rid=8b3c17ef-273d-4c3d-b161-372d1d884d21

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=969430F0543F253D0A4C98C6%40AdobeOrg&d_nsid=5&ts=1685461354885 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=969430F0543F253D0A4C98C6%40AdobeOrg&d_nsid=5&ts=1685461354885

Request Chain 46

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://dpm.demdex.net/ibs:dpid=359&dpuuid=wFSipc031Q41uz5

Request Chain 52

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDQzODg3MTEyODE4OTkxNDA3ODMyMDI1MTYzMjQxMDU4ODU0MDI= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NDQzODg3MTEyODE4OTkxNDA3ODMyMDI1MTYzMjQxMDU4ODU0MDI=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEI9dPXT5nioutSXIYiZ0R3o&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 56

https://c.bing.com/c.gif?uid=44388711281899140783202516324105885402&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=2E6E5C7DCB1F60CE0CFC4F5CCAB361ED

Request Chain 57

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=44388711281899140783202516324105885402&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=

Request Chain 87

https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=segment&google_cm&tealium_vid=01886d53499e00034532ba83ce9803074008906c00b08&tealium_account=intuit&tealium_profile=sbseg-us&google_hm=YTJjMzMwYzgtN2M4Ni01M2UxLTllZjYtZjZjYjg0ODczODk2&segment_write_key=49ALC2bJOz8hBADcZ9GQOO1DOFuH1DEp HTTP 302
https://idsync.segment.com/doubleclick?tealium_cookie_sync=true&tealium_vid=01886d53499e00034532ba83ce9803074008906c00b08&tealium_account=intuit&tealium_profile=sbseg-us&segment_write_key=49ALC2bJOz8hBADcZ9GQOO1DOFuH1DEp&google_gid=CAESEJ9wbwrPjfdnOdDdi6c7lG4&google_cver=1

Request Chain 107

https://ad.doubleclick.net/activity;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=1103484001.1685461358;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=1103484001.1685461358;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=*;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US

Request Chain 116

https://sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/s16830238316493?AQB=1&ndh=1&pf=1&t=30%2F4%2F2023%2015%3A42%3A38%202%200&fid=7DD1ECCDF45F1951-3BCA298AE8A2FC7A&ce=UTF-8&ns=intuitinc&pageName=%7C%7Cquickbooks.intuit.com%7Clearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2Fl2nzzqnzu_us_en_us%2Findex&g=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&cc=USD&ch=%7C&server=quickbooks.intuit.com&c1=D%3Dv1&v1=%7C%7Cquickbooks.intuit.com&c2=D%3DpageName&h2=%7C%7Cquickbooks.intuit.com%7Clearn-support%7Cen-us%7Chelp-article%7Cfraud%7Cidentify-suspicious-activity-phishing-scams-fraud%7Cl2nzzqnzu_us_en_us%7Cindex&v12=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&v13=L2NzZQnZu_US_en_US&c16=Lookers&c20=44561187936105858673187640383477529103&c26=D%3Dv26&v26=cid%3A%7Csc%3A%7Cext%3AQOE-COM%7Cint%3Aquickbooks.intuit.com%7C&c27=D%3Dg&v27=D%3Dg&c30=page%7Cwa.track%20%28page%20load%29&c33=intuitsbgprod&c36=2.22.0%3Awa2%7C2022%7C12%7C21%7Csbseg-us-prod&c49=D%3DpageName&v54=a2c330c8-7c86-53e1-9ef6-f6cb84873896&c60=D%3Dv60&v60=us&c67=D%3Dv67&v67=2023-05-30%2007%3A42%3A38&c73=D%3Dv73&v73=1619&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/s16830238316493?AQB=1&pccr=true&vidn=323B0CB71D912DBF-40001A2DA2477A5C&ndh=1&pf=1&t=30%2F4%2F2023%2015%3A42%3A38%202%200&fid=7DD1ECCDF45F1951-3BCA298AE8A2FC7A&ce=UTF-8&ns=intuitinc&pageName=%7C%7Cquickbooks.intuit.com%7Clearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2Fl2nzzqnzu_us_en_us%2Findex&g=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&cc=USD&ch=%7C&server=quickbooks.intuit.com&c1=D%3Dv1&v1=%7C%7Cquickbooks.intuit.com&c2=D%3DpageName&h2=%7C%7Cquickbooks.intuit.com%7Clearn-support%7Cen-us%7Chelp-article%7Cfraud%7Cidentify-suspicious-activity-phishing-scams-fraud%7Cl2nzzqnzu_us_en_us%7Cindex&v12=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&v13=L2NzZQnZu_US_en_US&c16=Lookers&c20=44561187936105858673187640383477529103&c26=D%3Dv26&v26=cid%3A%7Csc%3A%7Cext%3AQOE-COM%7Cint%3Aquickbooks.intuit.com%7C&c27=D%3Dg&v27=D%3Dg&c30=page%7Cwa.track%20%28page%20load%29&c33=intuitsbgprod&c36=2.22.0%3Awa2%7C2022%7C12%7C21%7Csbseg-us-prod&c49=D%3DpageName&v54=a2c330c8-7c86-53e1-9ef6-f6cb84873896&c60=D%3Dv60&v60=us&c67=D%3Dv67&v67=2023-05-30%2007%3A42%3A38&c73=D%3Dv73&v73=1619&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

139 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request L2NzZQnZu_US_en_US Show response
quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/ 447 KB
67 KB 429ms
315ms Document
text/html 104.102.35.78
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.102.35.78 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-35-78.deploy.static.akamaitechnologies.com

Software

envoy /

Resource Hash

98383574e542e9c11a1718559faab43e9f8f2aade6729699569acfa993253ce3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.intuit.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.intuit.com
content-security-policy-report-only: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://www.google.mv/ https://*.demdex.net/ https://vi4820.d41.co/ https://tags.srv.stackadapt.com/ https://collect.tealiumiq.com/ https://www.google.ca/ https://www.google.ie/ https://www.googleadservices.com/ https://www.google.com.sg/ https://consent.intuit.tsheets.com/ https://c.go-mpulse.net/ https://*.infinity-tracking.com/ https://*.google.com/ https://bat.bing.com/ wss://collection.decibelinsight.net/ https://www.google.bg/ https://www.google.co.uk/ https://www.google.co.il/ https://grsm.io/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.tn/ https://fcgt742.com/ https://*.clarity.ms/ https://cdn.linkedin.oribi.io/ https://www.google.com.ph/ https://consent.www.firmofthefuture.com/ https://www.google.md/ https://ict.infinity-tracking.net/ https://www.google.bs/ https://www.google.co.za/ https://ib.adnxs.com/ https://collection.decibelinsight.net/ https://ct.pinterest.com/ https://consent.intuit.apps.com/ https://maps.googleapis.com/ https://www.google.fr/ https://www.google.co.id/ https://m.addthis.com/ https://api.hubapi.com/ https://api.airtable.com/ https://www.google-analytics.com/ https://www.google.com.gi/ https://*.taboola.com/ https://analytics.tiktok.com/ https://www.google.com.pk/ https://www.googletagmanager.com/ https://d6e64093-bcba-40ec-9a94-3c3d428eb05f.prmutv.co/ https://siteintercept.qualtrics.com/ https://www.google.es/ https://www.google.com.br/ https://www.google.mw/ https://metrics.responsetap.com/ https://*.serving-sys.com/ https://*.intuitcdn.net/ https://www.google.com.mx/ https://consent.mailchimp.com/ https://*.akstat.io/ https://www.google.de/ https://api.permutive.com/ https://www.google.nl/ https://s113755760.t.eloqua.com/ https://partnerlinks.io/ https://get663.com/ https://*.akamaihd.net/ https://www.google.tl/ https://col.eum-appdynamics.com/ https://*.intuit.com/ https://forms.hubspot.com/ https://www.google.co.jp/ https://www.google.co.in/ https://consent.intuit.quickbooksconnect.com/ https://www.google.com.au/ https://www.linkedin.com/; font-src https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://use.typekit.net/ https://cdn.jsdelivr.net/ 'self' https://fonts.cdnfonts.com/ https://use.fontawesome.com/ https://fonts.googleapis.com/ https://*.intuitcdn.net/ https://maxcdn.bootstrapcdn.com/ data:; frame-ancestors 'self' https://*.intuit.com/; frame-src https://ct.pinterest.com/ 'self' https://www.instagram.com/ https://intuit.chilipiper.com/ https://*.adsrvr.org/ https://pixel.mathtag.com/ https://h.online-metrix.net/ https://accuenuk-91-adswizz.attribution.adswizz.com/ https://s7.addthis.com/ https://www.youtube.com/ https://pixel.tapad.com/ https://connect.facebook.net/ https://cdn-akamai.mookie1.com/ https://*.leadsmonitor.io/ https://open.spotify.com/ https://lpcdn.lpsnmedia.net/ https://*.twitter.com/ https://cdn.embedly.com/ https://www.facebook.com/ https://*.doubleclick.net/ https://turbotax.demdex.net/ https://datawrapper.dwcdn.net/ https://filter.techloq.com/ https://www.google.com/ https://go.affec.tv/ https://*.intuit.com/ https://www.linkedin.com/; img-src https://tr.outbrain.com/ 'self' https://idsync.segment.com/ http://ad.doubleclick.net/ https://pt.ispot.tv/ https://*.bing.com/ https://cdn.tsheets.com/ https://*.adsrvr.org/ https://*.w55c.net/ https://alb.reddit.com/ https://www.google.ie/ https://www.googleadservices.com/ https://s0.2mdn.net/ https://sp.analytics.yahoo.com/ https://www.google.com.sg/ https://*.google.de/ https://*.amazon-adsystem.com/ https://intuitcorp.quickbase.com/ https://*.adnxs.com/ https://www.google.com.ua/ https://*.google.com/ https://privacy-policy.truste.com/ https://s2.intuitstatic.com/ https://ping.chartbeat.net/ https://*.twitter.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://sjs.bizographics.com/ https://www.google.co.nz/ https://uip.semasio.net/ https://*.google.com.au/ http://*.intuit.com/ https://*.krxd.net/ https://track.hubspot.com/ https://ct.pinterest.com/ https://cdn.jsdelivr.net/ https://c.clarity.ms/ https://selfemployeduk.uservoice.com/ https://www.google.co.id/ https://*.google.fr/ https://adservice.google.com.af/ https://*.qualtrics.com/ https://*.tvsquared.com/ https://p.adsymptotic.com/ https://*.gstatic.com/ https://pixel.mathtag.com/ https://*.google.co.uk/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://forms.hsforms.com/ https://google.com/ https://*.affec.tv/ https://*.google.ca/ https://www.google.com.br/ https://*.google-analytics.com/ https://*.linkedin.com/ https://intuitb2b--c.na42.content.force.com/ https://lh3.googleusercontent.com/ https://*.google.co.jp/ https://*.leadsmonitor.io/ https://*.intuitcdn.net/ https://trk.clinch.co/ https://img.youtube.com/ https://www.google.nl/ https://s113755760.t.eloqua.com/ https://*.ytimg.com/ https://t.co/ https://www.everestjs.net/ https://codahosted.io/ https://www.google.co.kr/ https://*.intuit.com/ data: https://www.google.co.in/; media-src 'self' data: https://digitalasset.intuit.com/; object-src 'none'; report-uri https://csp.intuit.com/v2/r/21eb8aefa5e774399ac396a6bdba36f01fdd8fd1; script-src 'self' https://tags.srv.stackadapt.com/ https://*.outbrain.com/ https://z.moatads.com/ https://js.hsleadflows.net/ https://tags.tiqcdn.com/ https://*.lpsnmedia.net/ https://s.yimg.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://d.turn.com/ https://cdn.m-t.io/ https://intuit.tt.omtrdc.net/ https://platform.twitter.com/ https://cdn.permutive.com/ https://*.google.com/ https://bat.bing.com/ https://aa.agkn.com/ https://s2.intuitstatic.com/ https://s.go-mpulse.net/ https://static.quickbooks.com/ https://*.doubleclick.net/ https://*.hs-scripts.com/ https://secure.adnxs.com/ https://js.chilipiper.com/ https://unpkg.com/ https://img03.en25.com/ https://static.chartbeat.com/ https://js.hsforms.net/ https://js.hs-banner.com/ https://slxzb.csb.app/ https://script.infinity-tracking.com/ 'unsafe-eval' https://pxl.jivox.com/ https://cdnjs.cloudflare.com/ 'unsafe-inline' https://*.d41.co/ https://static.ads-twitter.com/ https://www.instagram.com/ https://www.dwin1.com/ https://*.liveperson.net/ https://maxcdn.bootstrapcdn.com/ https://*.addthis.com/ https://code.jquery.com/ https://*.qualtrics.com/ https://js.hscollectedforms.net/ https://*.tvsquared.com/ https://js.adsrvr.org/ https://s.pinimg.com/ https://*.taboola.com/ https://pagead2.googlesyndication.com/ https://pixel.mathtag.com/ https://analytics.tiktok.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://*.adform.net/ https://cdn-akamai.mookie1.com/ https://js.partnerstack.com/ https://cdn.appdynamics.com/ https://*.google-analytics.com/ https://*.serving-sys.com/ https://*.leadsmonitor.io/ https://*.intuitcdn.net/ https://js.hsadspixel.net/ https://*.liveperson.com/ https://*.googleapis.com/ https://www.redditstatic.com/ https://js.hs-analytics.net/ https://id.rlcdn.com/ https://go.affec.tv/ https://static-ssl.responsetap.com/ https://*.intuit.com/ https://www.clarity.ms/ https://www.linkedin.com/; style-src https://translate.googleapis.com/ https://usmentor.live.qbcontent.com/ 'unsafe-inline' 'self' https://tags.srv.stackadapt.com/ https://*.intuitcdn.net/ https://maxcdn.bootstrapcdn.com/ https://s2.intuitstatic.com/ data:; worker-src blob:;
content-type: text/html;charset=utf-8
date: Tue, 30 May 2023 15:42:33 GMT
etag: W/"6faa7-ZR6Fs5x9AAWJm4X7cw9vCCO3jvc"
expires: Tue, 30 May 2023 15:42:33 GMT
intuit_tid: 1-64761969-5b466d9438c4fb9d1b51e675
pragma: no-cache
server: envoy
server-timing: ak_p; desc="468183_34664609_467511539_23904_53421_18_0";dur=1
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-amzn-trace-id: Root=1-64761969-5b466d9438c4fb9d1b51e675
x-b3-parentspanid: 078c816c5903b573
x-b3-sampled: 1
x-b3-spanid: cb59ee2eedaae201
x-b3-traceid: 078c816c5903b573
x-content-type-options: nosniff nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 94
x-org: COMM_AF COMM-LS-PRD
x-spanid: 21e15c15-41f7-4e00-a983-ce9bd659c93a
x-xss-protection: 1; mode=block

GET
H2 200 w.min.0.6.0.js Show response
digitalasset.intuit.com/render/content/dam/intuit/ic/en_us/code/ 11 KB
5 KB 846ms
554ms Script
application/javascript 104.86.62.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://digitalasset.intuit.com/render/content/dam/intuit/ic/en_us/code/w.min.0.6.0.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.86.62.242 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-86-62-242.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c0623ab11e6ca783586b42e6be75b908b42122233600c83835f4f3e7c81cef0a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.intuit.com https://.google.com https://.ampproject.org https://.ampify.io;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://*.intuit.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest1
content-security-policy: frame-ancestors https://*.intuit.com https://*.google.com https://*.ampproject.org https://*.ampify.io;
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 30 May 2023 15:42:34 GMT
x-vhost: publish-oidam
content-disposition: inline
content-length: 4393
last-modified: Thu, 09 Mar 2023 18:24:54 GMT
server: Apache
etag: "2ccc-5f67bc2d98980-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: ALLOW-FROM https://*.intuit.com
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
expires: Tue, 30 May 2023 15:42:34 GMT

GET
H2 200 6410.0b26a72d.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 3 MB
853 KB 329ms
52ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

974c1874fe9a6562e4598b202268ba80d8421b6f29ff311a2e1fe54a71649901

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 04 May 2023 03:14:04 GMT
x-amz-version-id: avHOLnRKotkJqUGuh6uGdfDml9oJ2F0D
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 2291310
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.636.b.1
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Mon, 27 Mar 2023 21:10:21 GMT
server: AmazonS3
etag: W/"9283725b1a74d93c35c0c30b97cd461e"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.636.b.1
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: sWzJCvyF587ufKoNxjJBa74KLfXdHxWhFEpqBGGhEAaBVNsV8LQyxA==

GET
H2 200 main.da982665.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 105 KB
22 KB 22ms
21ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.da982665.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9c9df3971d5391ce3a91e143b52f1d17413c32cf3fb789a9a922b007f32d3ce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 01:43:48 GMT
x-amz-version-id: mN7HB0XIk8f.1.upoo7M_qi32pswSayc
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 2815126
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.4-apr.324.b.162
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Fri, 17 Mar 2023 11:42:26 GMT
server: AmazonS3
etag: W/"8c2c3e378a6cc66299b97a87ab72754d"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.4-apr.324.b.162
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: AweEAtAdfgl8Uzr15ihXXl_Oe1PiktnLlaYgVkh7sPHc2LfliUrLNg==

GET
H2 200 6410.f19bf062.css
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 369 KB
70 KB 302ms
25ms Stylesheet
text/css 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.f19bf062.css

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cc9e55a81bf7130eed299e8229a8ccb93684019d08156cbc8bfc6148a65c7941

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 11 May 2023 23:01:44 GMT
x-amz-version-id: Wbih1VnZZkUQJeZp.hO3UgjAt8uclmVE
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 1615250
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.494.b.34
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Wed, 03 May 2023 15:43:18 GMT
server: AmazonS3
etag: W/"6b95ece89d8e6e8eb7c2346ad2f87544"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.494.b.34
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: kutKRuHogij88OGhLohvpd9TBHeSPObW37ym7ZTGhwGja6VpM5Cqqw==

GET
H2 200 main.a23f6f66.css
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 13 KB
5 KB 325ms
49ms Stylesheet
text/css 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.a23f6f66.css

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a47997e5797ad2207ae265f9b0ac45c9cbd71dbdf17195722298c53262f84796

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 01 Apr 2023 10:50:52 GMT
x-amz-version-id: C7mX9fqMEJgYZZZBe694ua91Tcrxo0fK
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 5115102
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.485.b.145
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Fri, 31 Mar 2023 11:42:58 GMT
server: AmazonS3
etag: W/"d22c78326ac9b5dd572c0c9d25d6a6f1"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.485.b.145
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: qB2ypnb0xfqc8gE5-4ZCksyp6oh6Ciyh6UGtk6RuVkE199BVzNPoUg==

GET
H2 200 qbo-icon.svg
plugin.intuitcdn.net/one-intuit-help-hub-conf/1.141.3/assets/component/navbar/assets/ 6 KB
3 KB 96ms
26ms Image
image/svg+xml 23.215.20.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://plugin.intuitcdn.net/one-intuit-help-hub-conf/1.141.3/assets/component/navbar/assets/qbo-icon.svg

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.215.20.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-215-20-35.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

d42538957486733362259fc4c1c1dbd13df052bfb97099e1d5aa19ab66bee9a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: FaNzukyup6KNBiOI0EI8wdPzmlWnWBZB
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 30 May 2023 15:42:33 GMT
x-amz-meta-module: @appfabric-plugin/one-intuit-help-hub-conf
x-amz-cf-pop: IAD79-C1
x-amz-server-side-encryption: AES256
x-amz-meta-version: 1.141.3
content-length: 2498
x-xss-protection: 1; mode=block
x-origin-src: uxf
last-modified: Tue, 14 Mar 2023 22:24:11 GMT
server: AmazonS3
etag: W/"9299356dc1897c7008cffa2ba592bf27"
vary: Accept-Encoding
x-amz-meta-type: plugin
content-type: image/svg+xml
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
x-amz-meta-slug: one-intuit-help-hub-conf/1.141.3
access-control-allow-credentials: false
cache-control: public, max-age=31556926, immutable
timing-allow-origin: *, *
x-amz-meta-id: one-intuit-help-hub-conf
x-amz-cf-id: S398XZjjCZlj_E0CtUGchCmkF3OvjtW-0xIgYHW-_bX-jpo-hNI_Pw==

GET
H2 200 sbg_ohh_icon.19f2ae89.png
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 3 KB
4 KB 23ms
22ms Image
image/png 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/sbg_ohh_icon.19f2ae89.png

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e1aa817849e89126f529a1878d7c87471a0d9c0a0c0d4596119c6eec869c535f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 03:41:57 GMT
x-amz-version-id: 5OHCk_C2F27tNK5alf6NnmsmhAC8Yg9k
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 1598437
x-amz-meta-version: 0.86.6-apr.458.b.256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 3105
x-xss-protection: 1; mode=block
last-modified: Wed, 10 May 2023 07:41:18 GMT
server: AmazonS3
etag: "bdc2b694592b000777b38e29cd9bcb13"
x-amz-meta-type: app
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.6-apr.458.b.256
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: BPXBUXnIfoCujYZNHUKSOmy3w-Q5_ULO0JbzoLHTK6HNQj6HxIndOA==

GET
H/1.1 200
OK seal
privacy-policy.truste.com/privacy-seal/ 12 KB
14 KB 146ms
42ms Image
image/svg+xml 13.249.9.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://privacy-policy.truste.com/privacy-seal/seal?rid=8b3c17ef-273d-4c3d-b161-372d1d884d21

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.249.9.24 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-249-9-24.cdg53.r.cloudfront.net

Software

TXS /

Resource Hash

11de1fb6ecc5aa2391fb155b0c72c200025cc187a96c509000667c9e67a0c98c

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; frame-ancestors https://.trustarc.com https://.truste.com ; upgrade-insecure-requests; block-all-mixed-content;, default-src 'self' 'unsafe-eval' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; font-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; style-src 'self' 'unsafe-inline' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; img-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net https://trustarc.com; frame-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; connect-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload, max-age=63072000; includeSubDomains; preload
Content-Security-Policy: object-src 'none'; frame-ancestors https://*.trustarc.com https://*.truste.com ; upgrade-insecure-requests; block-all-mixed-content;, default-src 'self' 'unsafe-eval' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; font-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; style-src 'self' 'unsafe-inline' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; img-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net https://trustarc.com; frame-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; connect-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; upgrade-insecure-requests; block-all-mixed-content;
x-content-type-options: nosniff, nosniff, nosniff
Date: Tue, 30 May 2023 07:33:35 GMT
Via: 1.1 1c3fd360f9180df951de65a1652b5b5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
Cross-Origin-Embedder-Policy: unsafe-none, unsafe-none
Age: 29389
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin, cross-origin
Connection: keep-alive
Content-Length: 12222
X-Xss-Protection: 1; mode=block, 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
Server: TXS
Cross-Origin-Opener-Policy: cross-origin, cross-origin
ETag: W/"12222-1594834148000"
Expect-CT: enforce, max-age=60, enforce, max-age=60
X-Frame-Options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
Content-Type: image/svg+xml
Cache-Control: no-cache, must-revalidate, no-cache, no-store
Access-Control-Allow-Credentials: true
Permissions-Policy: autoplay=(self), document-domain=(self), encrypted-media=(self), autoplay=(self), document-domain=(self), encrypted-media=(self)
Accept-Ranges: bytes
X-Amz-Cf-Id: 392Y0J__NCFndEk3nQxidR1kjDTjkgOcXS681gyAaycpl1TbnKDY6A==

GET
H2 200 lang-flags.e839fe81.png
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 8 KB
9 KB 22ms
22ms Image
image/png 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/lang-flags.e839fe81.png

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.f19bf062.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c528269f0f2708b736ff1489f1a3983ee8c8c0c8fbb01e66404c0c203dbca874

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.f19bf062.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 05:01:20 GMT
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
x-amz-cf-pop: FRA6-C1
age: 29414475
x-amz-meta-version: 0.72.5-apr.484.b.33
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 8125
x-xss-protection: 1; mode=block
last-modified: Fri, 24 Jun 2022 03:43:26 GMT
server: AmazonS3
etag: "b9e7bb29eca8007293294b94e1c3839f"
x-amz-meta-type: app
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.72.5-apr.484.b.33
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: YTk6OT4kLLgnHhkOerYSAJ8a1xO1dk5ZvONiq-T2toN5xN0wcRml3g==

GET
H2 200 avenir-400.woff2
assets.intuitcdn.net/fonts/ 32 KB
33 KB 235ms
96ms Font
font/woff2 23.215.20.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.intuitcdn.net/fonts/avenir-400.woff2
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.a23f6f66.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.20.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-20-35.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b406c35a6d317b896aef159ce69f94480e3e690a9e5f2bfab4fb8311b767a9b0

Request headers

Referer: https://uxfabric.intuitcdn.net/
Origin: https://quickbooks.intuit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:34 GMT
last-modified: Wed, 07 Aug 2019 21:23:45 GMT
server: AkamaiNetStorage
etag: "ca8c2af7f604634390ef3e68b80fa189:1667239935.290512"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
content-length: 33176
expires: Sun, 26 Nov 2023 15:42:34 GMT

GET
DATA 200
OK truncated
/ 429 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38eb9e1264b615b11424780f91ac8235d05b9c6bc9b61e6c69cb47efa87c8e0a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 679 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d421d73481c3b653dea21f6b1603412c2c1918133f556b47cecdd19cbdcec2b5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 648 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2eb8d4c567e7f2da2e40f197f6fc3ce173e316a88e8c2b2f82cffe10bcd7ae9d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 617 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 958d32d6b9ff95986e7ecb449bfa3823e48b182c97540015490097a8e70573e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 global-sprite.svg
quickbooks.intuit.com/wp-content/themes/platinum/resources/assets/img/ 395 KB
135 KB 183ms
183ms Image
image/svg+xml 104.102.35.78
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://quickbooks.intuit.com/wp-content/themes/platinum/resources/assets/img/global-sprite.svg

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.f19bf062.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.102.35.78 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-35-78.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

55d97500d57e27a4897061b7b5dee43bcf49cb196b9fb87819b6cee5c03b18c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .intuit.com, frame-ancestors 'self' .intuit.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxfabric.intuitcdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
x-rl: Trail, Trail
content-security-policy: frame-ancestors 'self' *.intuit.com, frame-ancestors 'self' *.intuit.com
x-content-type-options: nosniff, nosniff
date: Tue, 30 May 2023 15:42:34 GMT
x-amz-cf-pop: DFW3-C1
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
server-timing: ak_p; desc="468183_34664609_467517586_7397_76482_18_0";dur=1
content-length: 137174
pragma: no-cache
x-org: WP_CNTNT, WP_CNTNT
last-modified: Wed, 10 Aug 2022 05:43:08 GMT
server: AmazonS3
etag: W/"4c2f4572bd869cf53f0c8cbc574570c5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=2592000
x-amz-cf-id: b7lyAyyuoA2CqnOrTrYHTeguiqmoNwr1JkkLTNr7_9Y4jce0H92XZg==
expires: Thu, 29 Jun 2023 15:42:34 GMT

GET
H2 200 avenir-500.woff2
assets.intuitcdn.net/fonts/ 32 KB
33 KB 151ms
22ms Font
font/woff2 23.215.20.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.intuitcdn.net/fonts/avenir-500.woff2
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.a23f6f66.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.20.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-20-35.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a496f0a5fc51aac0cac43be7e4c6a81425194480f138a7a97e895071fd628260

Request headers

Referer: https://uxfabric.intuitcdn.net/
Origin: https://quickbooks.intuit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:34 GMT
last-modified: Wed, 07 Aug 2019 21:23:45 GMT
server: AkamaiNetStorage
etag: "433d4bcf95a373b63ba59713a2167d42:1667239936.423162"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
content-length: 33240
expires: Sun, 26 Nov 2023 15:42:34 GMT

GET
H2 200 avenir-600.woff2
assets.intuitcdn.net/fonts/ 32 KB
33 KB 191ms
61ms Font
font/woff2 23.215.20.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.intuitcdn.net/fonts/avenir-600.woff2
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.a23f6f66.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.20.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-20-35.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6b59034d520321abc96ed69ffbe45f00feade7c66ac3bcf99e3ba51059f2a2a2

Request headers

Referer: https://uxfabric.intuitcdn.net/
Origin: https://quickbooks.intuit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:34 GMT
last-modified: Wed, 07 Aug 2019 21:23:45 GMT
server: AkamaiNetStorage
etag: "7c0278113ae5f34e8198a2cea65c3bac:1667239939.278919"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
content-length: 33100
expires: Sun, 26 Nov 2023 15:42:34 GMT

GET
H2 200 avenir-100.woff2
assets.intuitcdn.net/fonts/ 35 KB
36 KB 214ms
85ms Font
font/woff2 23.215.20.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.intuitcdn.net/fonts/avenir-100.woff2
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.a23f6f66.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.20.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-20-35.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 65d0378994e6d73d1aede01c4893a2b65099a218480bbc7f302a2b885777b621

Request headers

Referer: https://uxfabric.intuitcdn.net/
Origin: https://quickbooks.intuit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:34 GMT
last-modified: Wed, 07 Aug 2019 21:23:45 GMT
server: AkamaiNetStorage
etag: "59e0fd5d6750852783d8335f8758800b:1667239927.177345"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
content-length: 36144
expires: Sun, 26 Nov 2023 15:42:34 GMT

GET
H2 200 avenir-700.woff2
assets.intuitcdn.net/fonts/ 33 KB
33 KB 201ms
72ms Font
font/woff2 23.215.20.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.intuitcdn.net/fonts/avenir-700.woff2
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/main.a23f6f66.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.20.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-20-35.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 677ad6e2848e0b6b1d7117e1d85577e77435749cfa5b3ed42d43694642bebf61

Request headers

Referer: https://uxfabric.intuitcdn.net/
Origin: https://quickbooks.intuit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:34 GMT
last-modified: Wed, 07 Aug 2019 21:23:45 GMT
server: AkamaiNetStorage
etag: "b801fdd98c3c19e328c6ab22820784d5:1667239940.463632"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
content-length: 33668
expires: Sun, 26 Nov 2023 15:42:34 GMT

GET
H2 200 vendors~o11y-rum-web-exporter.f038b89c.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 4 KB
2 KB 22ms
22ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-exporter.f038b89c.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

30dd2f3fab6f0cd23c485ce0ca3f35f0cf8a603a27c562d7b8339103f0f0fec6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 01:43:50 GMT
x-amz-version-id: VMyNGWwG4hcBgDK0QpV07iC1BGA7vFHN
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 2815125
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.639.b.1
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Apr 2023 20:55:18 GMT
server: AmazonS3
etag: W/"9848a42e7daa20c37aa5523898d1ad09"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.639.b.1
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: TJHB1qr9LrgeCdLliGl0MYNouo4izWwFJBVdHgU-29iWB35k5I4rtQ==

GET
H2 200 vendors~o11y-rum-web-window-perf.58dfd7ec.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 4 KB
2 KB 23ms
23ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-window-perf.58dfd7ec.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1fbb596bff8419f863750a282dd464be1f7687894bd73de77a191ccbc4a58e5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:52:16 GMT
x-amz-version-id: DDHTstpD9W4jQJeMndkaENFCowF_W6Zj
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 1255819
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.458.b.255
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Tue, 09 May 2023 07:42:54 GMT
server: AmazonS3
etag: W/"ab95cad77793545be1991ec2dc5ef505"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.458.b.255
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: OINho6tFQn5Ud8rB2K7s95Ce-obKH93VdeHqf2_EBHilStodqRmGpA==

GET
H2 200 vendors~o11y-rum-web-vitals.ea50233c.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 6 KB
3 KB 23ms
23ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-vitals.ea50233c.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

66acef47eadd99279c6fd3b0d728efd3bb0c5d7f2474f4a47d1b4c644e1ab74b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 14 May 2023 01:42:36 GMT
x-amz-version-id: 3ZyfLIJ8d4VFMdnRuKPm2QcD6sUOauAo
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 1432799
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.458.b.255
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Tue, 09 May 2023 07:42:54 GMT
server: AmazonS3
etag: W/"32c2d5bbca077cc216cc4473f24f8f4e"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.458.b.255
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: TW0j2VDWuGv4NXdXhgaDk_9eoN82D37rO8q_hiHRLKZunGXkn6m0NA==

GET
H2 200 vendors~o11y-rum-web-interface.589afdde.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 6 KB
3 KB 23ms
23ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-interface.589afdde.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ec8f5ce73334c295d13af52206999a12142041c133daf40d7d86449a45281249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 22:37:20 GMT
x-amz-version-id: M57oRUX0me2nLkCaNY757dx6GMPBnHFj
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 1184715
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.458.b.255
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Tue, 09 May 2023 07:42:54 GMT
server: AmazonS3
etag: W/"588b30f54f19a0933bc939ab429cff7d"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.458.b.255
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: Hke0-8LOXNxnxpkbQ2AxuNhXMVK-GgQ6dc57In-QP3OA1seiA8kU7w==

GET
H2 200 4615.da776a77.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 12 KB
5 KB 22ms
22ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/4615.da776a77.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ed831f8aa7cdc8ff850d52a1bfe5befb9ce31ab3ced20d9768b8d4a2c272c07a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 20:46:58 GMT
x-amz-version-id: Qq6NVsR9vF.B5LxRtWqEgykXwifQLrrP
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 2832937
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.639.b.1
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Apr 2023 20:55:17 GMT
server: AmazonS3
etag: W/"e530c5a9bf9c67652b35133abd89250f"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.639.b.1
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: L6lZojFPpTPiqsIsGBvzxlgEg_fnlr5njD2hKH_m3Xw-xEu70mTXCg==

GET
H2 200 vendors~o11y-rum-gzip-transformer.6f692fb6.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 48 KB
16 KB 23ms
23ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-gzip-transformer.6f692fb6.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f3c5c2547a262ab22db063213a0eedc0e434531c165a0b54ba668b2439afe8ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 11 May 2023 04:08:54 GMT
x-amz-version-id: rv.cGlyn2D0w3Cii4Nk.yvI5Ati80hMw
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 1683221
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 0.86.5-apr.458.b.255
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Tue, 09 May 2023 07:42:54 GMT
server: AmazonS3
etag: W/"8a357863cb5c11dbb1cde37360fae6cd"
vary: Accept-Encoding
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.458.b.255
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: oVBdirHZq62W9mMhNKA2IUupsy4POLO907fbQXFalNMBwG00U1sDdg==

OPTIONS
H2 200 graphql
shtaxonomyservice.api.intuit.com/ Frame 0
0 1075ms
201ms Preflight 34.211.82.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://shtaxonomyservice.api.intuit.com/graphql

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.211.82.75 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-211-82-75.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,intuit_tid,x-sh-ecosystem,x-sh-locale
Access-Control-Request-Method: POST
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: date,content-length,x-b3-parentspanid,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,content-type,connection,if-match,cache-control,x-sh-ecosystem,x-sh-locale,intuit_tid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:35 GMT
intuit_tid: 1-6476196b-1616438c42124a13585cafc8
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 0

OPTIONS
H2 200 verify_ticket
accounts.intuit.com/access_client/ Frame 0
0 314ms
199ms Preflight 104.102.57.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.intuit.com/access_client/verify_ticket
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.57.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-57-56.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-b3-parentspanid,x-b3-spanid,x-b3-traceid,origin,x-b3-sampled,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
access-control-allow-methods: GET
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 3600
content-length: 0
date: Tue, 30 May 2023 15:42:34 GMT
intuit_tid: 2b15827c-fddd-41e6-a47c-8906cbaaa361
server: nginx
server-timing: ak_p; desc="468183_34664590_149928104_17131_4989_21_0";dur=1

OPTIONS
H2 200 /
intuitvisitorid.api.intuit.com/v1/ Frame 0
0 780ms
200ms Preflight 35.80.101.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intuitvisitorid.api.intuit.com/v1/?ivid=cf8bddab-21c5-48c5-a1a1-dbb04f63b21d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.80.101.197 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-80-101-197.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: date,x-tto-engine-version,x-b3-parentspanid,content-length,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,if-unmodified-since,content-disposition,content-transfer-encoding,content-md5,fragment-location,connection,content-type,if-match,cache-control,intuit_tid,x-tto-routing-info,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-range,content-location,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT,PATCH
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:35 GMT
intuit_tid: 1-6476196b-51d6b2957ad72c401883b6df
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 0

GET
H2 200 3500.970d6edc.chunk.js Show response
uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/ 228 B
953 B 22ms
21ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/3500.970d6edc.chunk.js

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

36530676d58361e36336ee12467ce05a9a1558d5e2c734d78572164bc2db6cd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 04 May 2023 18:22:54 GMT
x-amz-version-id: 6mejTz5NqijmER9RvZ0AeMspZvrKWWCn
x-content-type-options: nosniff
x-amz-meta-module: sh-exp-sbg-app-experience
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
age: 2236781
x-amz-meta-version: 0.86.5-apr.494.b.34
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 228
x-xss-protection: 1; mode=block
last-modified: Wed, 03 May 2023 15:43:18 GMT
server: AmazonS3
etag: "9cbb346f50e663ea1bf7a58fa54f9238"
x-amz-meta-type: app
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: sh-exp-sbg-app-experience/0.86.5-apr.494.b.34
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-id: sh-exp-sbg-app-experience
x-amz-cf-id: 5X_4PvdXVP5AsfjajgRw28lh1Gcio40mWm1h-TCq06kD81SDfccXxw==

POST
H2 200 graphql Show response
shtaxonomyservice.api.intuit.com/ 22 KB
2 KB 211ms
211ms Fetch
application/json 34.211.82.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://shtaxonomyservice.api.intuit.com/graphql

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.211.82.75 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-211-82-75.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

1c68299e6eee48e1062d03f5575fad138d00a6be46983a34ffb3e17fda7f03d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
intuit_tid: 4b021d1b-8421-427f-999e-96fa08137750
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Authorization: Intuit_APIKey intuit_apikey=prdakyres3CHLUFTRtulhKKtcT1jMRfNiG9ICWj4,intuit_apikey_version=1.0
content-type: application/json
accept: application/json;charset=UTF-8
Referer: https://quickbooks.intuit.com/
x-sh-ecosystem: sbseg
x-sh-locale: en-us

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
age: 1672914
intuit_tid: 4b021d1b-8421-427f-999e-96fa08137750
x-envoy-upstream-service-time: 8
x-spanid: d90827dc-9ee9-4981-b11c-fc431b58cf93
server: envoy
x-amzn-trace-id: Root=1-6476196b-7e108ebe5d80b44743e8b756
etag: W/"5992-CxpLlu4idk9ZZ5bT1u6hQCVpqH8"
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: date,content-length,x-b3-parentspanid,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,content-type,connection,if-match,cache-control,x-sh-ecosystem,x-sh-locale,intuit_tid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
x-cache-hit: true
access-control-allow-credentials: true

GET
H2 400 verify_ticket Show response
accounts.intuit.com/access_client/ 106 B
547 B 280ms
218ms Fetch 104.102.57.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.intuit.com/access_client/verify_ticket
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.57.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-57-56.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a50310fbb041fef2406c3e559ae5702fd5675ad7d2bcec902748c1dabafcf0ac

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:35 GMT
server: nginx
intuit_tid: 000bcdc6-ece1-4302-865d-bfeeff92f664
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: intuit_captcha_required,intuit_tid,intuit_flowid,intuit_requires_evaluation,intuit_ticket_exchanged,intuit_data
cache-control: no-cache, no-store
access-control-allow-credentials: true
server-timing: edge; dur=2, origin; dur=186, cdn-cache; desc=MISS, ak_p; desc="468183_34664590_149929091_18744_7212_20_0";dur=1
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
intuitvisitorid.api.intuit.com/v1/ 0
0 636ms
242ms Fetch
application/json 35.80.101.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intuitvisitorid.api.intuit.com/v1/?ivid=cf8bddab-21c5-48c5-a1a1-dbb04f63b21d

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.80.101.197 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-80-101-197.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
Authorization: Intuit_APIKey intuit_apikey=prdakyreswUFDpkOPDkky63TSWvxZbtemfYVms81, intuit_apikey_version=1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:36 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
intuit_tid: 1-6476196c-3f75f92e2766c03f1d2291a5
x-amzn-requestid: e60f5ef2-a971-4baf-a113-880c724f632f
x-custom-header: application/json
x-envoy-upstream-service-time: 44
x-amz-apigw-id: Fvjo7E9GvHcFTHw=
content-length: 0
x-spanid: 72d3b8c6-93df-4beb-ba03-a801371c130c
server: envoy
x-amzn-trace-id: Root=1-6476196c-3f75f92e2766c03f1d2291a5, Root=1-6476196c-3f75f92e2766c03f1d2291a5;Sampled=0;lineage=2a4328e0:0|9e10f874:0
content-type: application/json
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: x-tto-engine-version,date,content-length,x-b3-parentspanid,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,if-unmodified-since,content-disposition,content-transfer-encoding,content-md5,fragment-location,connection,content-type,if-match,cache-control,intuit_*,intuit_tid,x-tto-routing-info,pragma,accept,intuit-*,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-range,content-location,x-csrf-token,etag,intuit_originalurl
access-control-allow-credentials: true

GET
H2 200 settings Show response
segment.intuitcdn.net/v1/projects/49ALC2bJOz8hBADcZ9GQOO1DOFuH1DEp/ 15 KB
4 KB 130ms
21ms Fetch
application/json 52.222.214.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://segment.intuitcdn.net/v1/projects/49ALC2bJOz8hBADcZ9GQOO1DOFuH1DEp/settings
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-53.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7451ebe0d08190016051768486eeaf9d724a0cd0cddd08456674adb2781584bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: .gPg7gE23iTSJXfXe5JdTagTd6po697D
content-encoding: gzip
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront), 1.1 102d8cf947b68167e34dd1299c206242.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 14:58:01 GMT
x-amz-cf-pop: FRA6-C1, FRA56-P3
age: 2674
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 18 May 2023 20:52:21 GMT
server: AmazonS3
etag: W/"1331acf8054a162ecb3bf88caa59e919"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: ZzrEtBDq5gukvSDJj3jfoyiunSzGLuNWt0DAMc1zv3VaVbMpS_8saw==

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/intuit/sync-analytics/prod/ 144 KB
47 KB 86ms
25ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sync-analytics/prod/utag.sync.js
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9e587b3c98c477e23f48028fb501ff786599c0c8854e88136a2979ec41278f8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: DQqbNMOCwdZnMZTA.Kp6jy3sP_DSSWlQ
content-encoding: gzip
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:42:05 GMT
last-modified: Wed, 08 Mar 2023 16:30:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 30
x-amz-server-side-encryption: AES256
etag: W/"f7f01bb3a369985f237a7eea22ad42c5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: JNlQlYhMXm7mwdmn9EGdNZkJgpnii4GcwFu0zkSegDdukDq1jFXO7g==

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 467 KB
96 KB 107ms
46ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Requested by: Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a5bce2739e899ed05b23d6a4ce72228258fee2a068813667628175c97bb31076

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: Pa5lQ03h2YbPpiNoEt8oR3mRXDIuN3R2
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:38:15 GMT
last-modified: Thu, 25 May 2023 17:44:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 260
x-amz-server-side-encryption: AES256
etag: W/"bcb12719fa346dae85c8357be5e8c16e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: Jsl2GdFKrfZppos9nJ17WAh6wHMGki8wUfimajO64ypkvulR7TC-bg==

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=969430F0543F253D0A4C98C6%40AdobeOrg&d_nsid=5&ts=1685461354885
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=969430F0543F253D0A4C98C6%40AdobeOrg&d_nsid=5&ts=1685461354885

2 KB
2 KB

99ms
99ms

XHR
application/json

54.171.19.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=969430F0543F253D0A4C98C6%40AdobeOrg&d_nsid=5&ts=1685461354885

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

HTTP/1.1

Server

54.171.19.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-19-100.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e88f1bd27a55f60a32c065c780e0c6d5cd1ef1f87e5271e6c471592bb8d72743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v048-0fb6c8458.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: W+8DZD2/RaA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://quickbooks.intuit.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 742
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v048-01f166ef7.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: znLXSCusRO4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://quickbooks.intuit.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=969430F0543F253D0A4C98C6%40AdobeOrg&d_nsid=5&ts=1685461354885
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H2 202 t Show response
eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/ 0
853 B 625ms
205ms XHR
text/plain 35.166.227.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/t

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.227.37 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-227-37.us-west-2.compute.amazonaws.com

Software

Jetty /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
access-control-request-method: GET,POST,OPTIONS
intuit_received_at: 1685461355428
strict-transport-security: max-age=10886400; includeSubDomains; preload
intuit_appid: Intuit.ldcp.mds.trinity
content-length: 0
intuit_offeringid: Intuit.ldcp.mds.trinity
server: Jetty
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/plain
access-control-allow-origin: *
cache-control: private, no-cache, no-transform
access-control-allow-credentials: true
event_id: 0d8ae60f-97c2-4e31-ad99-9e11aeab0019
x-application-id: event-bus
access-control-allow-headers: Authorization,X-Forwarded-For,Accept-Language,Content-Type,intuit_tid,intuit_appid,intuit_offeringid,intuit_originatingip,intuit_test,intuit_locale,intuit_country,intuit_iddomain
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cdc_lib_min_1.10.12.js Show response
cdn.websdk.intuit.com/js/ 86 KB
26 KB 124ms
25ms Script
application/javascript 2600:9000:2156:7e00:9:618e:3dc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.websdk.intuit.com/js/cdc_lib_min_1.10.12.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7e00:9:618e:3dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 342e0ef411af161cc493329f810e087030357b17b22ac678c8da93b761b13634

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 29 May 2023 19:36:24 GMT
content-encoding: gzip
via: 1.1 32c8da10203574baccb74b8f771a7ffa.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jan 2020 22:51:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 72372
etag: W/"055b08a6722d6a5c74bce4faaf7362c6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: lSRA5I2xbOfptqxwX0Iw8QI4ktq5aNwqNP66QAEa27l_rtFaznZ5Fw==

GET
H2 200 ividFrame.html Show response
accounts.intuit.com/ Frame 1691 8 KB
4 KB 216ms
214ms Document
text/html 104.102.57.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.intuit.com/ividFrame.html?query_string_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896

Requested by

Host: cdn.websdk.intuit.com
URL: https://cdn.websdk.intuit.com/js/cdc_lib_min_1.10.12.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.102.57.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-57-56.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

778b1db9f1b9c649a30f0c7c0adfb691d0c79c0303b829b156e58523ad64b298

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://quickbooks.intuit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache no-store
content-encoding: gzip
content-language: de-DE
content-length: 3592
content-type: text/html;charset=UTF-8
date: Tue, 30 May 2023 15:42:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
server-timing: edge; dur=2 origin; dur=175 cdn-cache; desc=MISS ak_p; desc="468183_34664590_149929089_17606_8748_20_0";dur=1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-akamai-transformed: 9 3668 0 pmb=mRUM,2
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex, notranslate
x-xss-protection: 1; mode=block

POST
H2 200 intuit-clickstream Show response
trinity.platform.intuit.com/trinity/v1/ 0
843 B 696ms
207ms XHR
text/plain 34.218.113.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trinity.platform.intuit.com/trinity/v1/intuit-clickstream

Requested by

Host: cdn.websdk.intuit.com
URL: https://cdn.websdk.intuit.com/js/cdc_lib_min_1.10.12.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.218.113.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-218-113-203.us-west-2.compute.amazonaws.com

Software

Jetty /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Accept: text/plain; charset=utf-8
Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
access-control-request-method: GET,POST,OPTIONS
intuit_received_at: 1685461355654
strict-transport-security: max-age=10886400; includeSubDomains; preload
intuit_appid: Intuit.ldcp.mds.trinity
intuit_tid: 9c12c0a5-c6d9-4265-8ea7-33858caccf75
content-length: 0
intuit_offeringid: Intuit.ldcp.mds.trinity
server: Jetty
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/plain
access-control-allow-origin: *
cache-control: private, no-cache, no-transform
x-application-id: trinity-api-20210406002715-development
access-control-allow-headers: Authorization,X-Forwarded-For,Accept-Language,Content-Type,intuit_tid,intuit_appid,intuit_offeringid,intuit_originatingip,intuit_test,intuit_locale,intuit_country,intuit_iddomain
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 oii-ivid-perisistence.js Show response
accounts.intuit.com/scripts/ Frame 1691 12 KB
5 KB 29ms
29ms Script
application/javascript 104.102.57.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.intuit.com/scripts/oii-ivid-perisistence.js?v=1.17
Requested by: Host: accounts.intuit.com
URL: https://accounts.intuit.com/ividFrame.html?query_string_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.57.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-57-56.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 366650bf66f8b1a3f31275e0a093fd3182a4fadcebfe4301c8ba8e8f63369160

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.intuit.com/ividFrame.html?query_string_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
content-encoding: br
last-modified: Fri, 26 May 2023 22:16:05 GMT
server: nginx
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=30754
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468183_34664590_149929916_15_7788_20_0";dur=1
content-length: 4622
expires: Wed, 31 May 2023 00:15:09 GMT

GET
H2 200 JMR2J-JRQ54-8U3H8-YDWCP-M9P79 Show response
s.go-mpulse.net/boomerang/ Frame 1691 205 KB
49 KB 123ms
37ms Script
application/javascript 2a02:26f0:480:980::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/JMR2J-JRQ54-8U3H8-YDWCP-M9P79
Requested by: Host: accounts.intuit.com
URL: https://accounts.intuit.com/ividFrame.html?query_string_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:480:980::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
content-encoding: br
last-modified: Sun, 21 May 2023 22:33:25 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H/1.1 200
OK dest5.html Show response
turbotax.demdex.net/ Frame 09A8 7 KB
3 KB 394ms
97ms Document
text/html 52.19.14.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://turbotax.demdex.net/dest5.html?d_nsid=5

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sync-analytics/prod/utag.sync.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.14.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-14-35.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://quickbooks.intuit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v048-0d3695a9b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: VfLs04SOSmc=
content-encoding: gzip
date: Tue, 30 May 2023 15:42:35 GMT
last-modified: Wed, 10 May 2023 10:47:00 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
sci.intuit.com/ 48 B
468 B 354ms
100ms XHR
application/x-javascript 63.140.62.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sci.intuit.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=969430F0543F253D0A4C98C6%40AdobeOrg&mid=44561187936105858673187640383477529103&ts=1685461355400

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sync-analytics/prod/utag.sync.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.160 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-160.data.adobedc.net

Software

jag /

Resource Hash

fa2cc44c86571e36d7b81c829500e7c6e3376292b31bf21bd93d0affcf0f1491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 1691 2 KB
1 KB 377ms
257ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=JMR2J-JRQ54-8U3H8-YDWCP-M9P79&d=accounts.intuit.com&t=5618205&v=1.720.0&sl=0&si=76b8482c-feda-43ca-98f5-81178dc2a1d0-rvhaaz&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=501160
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/JMR2J-JRQ54-8U3H8-YDWCP-M9P79
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a6d850ae2a9cf69a96272b75ba70a768f13110a9cc4190abb754c0d1a7920206

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 30 May 2023 15:42:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 780

POST
H2 202 t Show response
eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/ 0
854 B 206ms
206ms XHR
text/plain 35.166.227.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/t

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.227.37 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-227-37.us-west-2.compute.amazonaws.com

Software

Jetty /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
access-control-request-method: GET,POST,OPTIONS
intuit_received_at: 1685461355846
strict-transport-security: max-age=10886400; includeSubDomains; preload
intuit_appid: Intuit.ldcp.mds.trinity
content-length: 0
intuit_offeringid: Intuit.ldcp.mds.trinity
server: Jetty
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/plain
access-control-allow-origin: *
cache-control: private, no-cache, no-transform
access-control-allow-credentials: true
event_id: f6c9aab7-b88d-40a9-afb5-310190ecb5bb
x-application-id: event-bus
access-control-allow-headers: Authorization,X-Forwarded-For,Accept-Language,Content-Type,intuit_tid,intuit_appid,intuit_offeringid,intuit_originatingip,intuit_test,intuit_locale,intuit_country,intuit_iddomain
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=359&dpuuid=wFSipc031Q41uz5
dpm.demdex.net/ Frame 09A8
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://dpm.demdex.net/ibs:dpid=359&dpuuid=wFSipc031Q41uz5

42 B
942 B

98ms
98ms

Image
image/gif

54.171.19.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=359&dpuuid=wFSipc031Q41uz5

Protocol

HTTP/1.1

Server

54.171.19.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-19-100.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v048-086c79cd9.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 5HxRQ8meQY0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 30 May 2023 15:42:35 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-777-g304ac51#rel-ec2-master i-03b3f67f69a828fdc@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://dpm.demdex.net/ibs:dpid=359&dpuuid=wFSipc031Q41uz5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 web Show response
rum.api.intuit.com/v1/rum/ 2 B
794 B 206ms
205ms Fetch
application/json 52.10.241.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.api.intuit.com/v1/rum/web

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-exporter.f038b89c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.241.57 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-241-57.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Content-Encoding: gzip
Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
authorization: Intuit_APIKey intuit_apikey=prdakyrestfgxpgDr7rPV3NgoTMkxfTVx4N9PrHP, intuit_apkey_version=1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 May 2023 15:42:36 GMT
x-spanid: db8cf305-01b4-4210-85e4-600349f38003
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
server: envoy
intuit_tid: 1-6476196c-137932db06e056e65fc389c1
x-amzn-trace-id: Root=1-6476196c-137932db06e056e65fc389c1
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: date,content-length,x-b3-parentspanid,expires,x-opentelemetry-outgoing-request,vary,origin,content-encoding,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,upgrade-insecure-requests,content-type,connection,if-match,cache-control,intuit_tid,intuit-sessionid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 26

OPTIONS
H2 200 web
rum.api.intuit.com/v1/rum/ Frame 0
0 785ms
246ms Preflight 52.10.241.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.api.intuit.com/v1/rum/web

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.241.57 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-241-57.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-encoding,content-type
Access-Control-Request-Method: POST
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: date,content-length,x-b3-parentspanid,expires,x-opentelemetry-outgoing-request,vary,origin,content-encoding,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,upgrade-insecure-requests,content-type,connection,if-match,cache-control,intuit_tid,intuit-sessionid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:36 GMT
intuit_tid: 1-6476196c-480a98412eef8d6c77bc2680
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 28

POST
H2 204 /
02179915.akstat.io/ Frame 1691 0
204 B 265ms
256ms Ping
image/gif 2a02:26f0:480:980::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://02179915.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/JMR2J-JRQ54-8U3H8-YDWCP-M9P79

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:480:980::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://accounts.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:36 GMT
content-type: image/gif
access-control-allow-origin: https://accounts.intuit.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Tue, 30 May 2023 15:42:36 GMT

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame 09A8 0
98 B 83ms
32ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=44388711281899140783202516324105885402
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:35 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 /
dp2.33across.com/ps/ Frame 09A8 0
69 B 377ms
120ms Image
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dp2.33across.com/ps/?pid=897&random=1705048464
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP011 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-33x-status: 208
date: Tue, 30 May 2023 15:42:35 GMT
server: 33XP011

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEI9dPXT5nioutSXIYiZ0R3o&google_cver=1
dpm.demdex.net/ Frame 09A8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDQzODg3MTEyODE4OTkxNDA3ODMyMDI1MTYzMjQxMDU4ODU0MDI=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NDQzODg3MTEyODE4OTkxNDA3ODMyMDI1MTYzMjQxMDU4ODU0MDI=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEI9dPXT5nioutSXIYiZ0R3o&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

99ms
98ms

Image
image/gif

54.171.19.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEI9dPXT5nioutSXIYiZ0R3o&google_cver=1?gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Server

54.171.19.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-19-100.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v048-098c759e0.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: l1W7capPQo8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEI9dPXT5nioutSXIYiZ0R3o&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 09A8 70 B
265 B 162ms
58ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=quickbooks.intuit.com&ttd_tpi=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 30 May 2023 15:42:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H2 202 p Show response
eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/ 0
854 B 208ms
207ms XHR
text/plain 35.166.227.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/p

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.227.37 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-227-37.us-west-2.compute.amazonaws.com

Software

Jetty /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 May 2023 15:42:36 GMT
access-control-request-method: GET,POST,OPTIONS
intuit_received_at: 1685461356386
strict-transport-security: max-age=10886400; includeSubDomains; preload
intuit_appid: Intuit.ldcp.mds.trinity
content-length: 0
intuit_offeringid: Intuit.ldcp.mds.trinity
server: Jetty
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/plain
access-control-allow-origin: *
cache-control: private, no-cache, no-transform
access-control-allow-credentials: true
event_id: 593ab686-a695-4c75-acc7-4a770fb3c1fc
x-application-id: event-bus
access-control-allow-headers: Authorization,X-Forwarded-For,Accept-Language,Content-Type,intuit_tid,intuit_appid,intuit_offeringid,intuit_originatingip,intuit_test,intuit_locale,intuit_country,intuit_iddomain
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 202 t Show response
eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/ 0
853 B 206ms
205ms XHR
text/plain 35.166.227.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eventbus.intuit.com/v2/segment/sbseg-qbo-clickstream/t

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/6410.0b26a72d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.227.37 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-227-37.us-west-2.compute.amazonaws.com

Software

Jetty /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 May 2023 15:42:36 GMT
access-control-request-method: GET,POST,OPTIONS
intuit_received_at: 1685461356391
strict-transport-security: max-age=10886400; includeSubDomains; preload
intuit_appid: Intuit.ldcp.mds.trinity
content-length: 0
intuit_offeringid: Intuit.ldcp.mds.trinity
server: Jetty
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/plain
access-control-allow-origin: *
cache-control: private, no-cache, no-transform
access-control-allow-credentials: true
event_id: c3361c24-1033-4f9f-8637-e64e6db64537
x-application-id: event-bus
access-control-allow-headers: Authorization,X-Forwarded-For,Accept-Language,Content-Type,intuit_tid,intuit_appid,intuit_offeringid,intuit_originatingip,intuit_test,intuit_locale,intuit_country,intuit_iddomain
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=1957&dpuuid=2E6E5C7DCB1F60CE0CFC4F5CCAB361ED
dpm.demdex.net/ Frame 09A8
Redirect Chain

https://c.bing.com/c.gif?uid=44388711281899140783202516324105885402&Red3=MSAdobe_pd&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=2E6E5C7DCB1F60CE0CFC4F5CCAB361ED

42 B
942 B

99ms
98ms

Image
image/gif

54.171.19.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1957&dpuuid=2E6E5C7DCB1F60CE0CFC4F5CCAB361ED

Protocol

HTTP/1.1

Server

54.171.19.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-19-100.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v048-022f9ea75.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: WdI7djcLTQc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 896986463F38450DAC968C0D3CB10518 Ref B: FRA31EDGE0822 Ref C: 2023-05-30T15:42:36Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://dpm.demdex.net/ibs:dpid=1957&dpuuid=2E6E5C7DCB1F60CE0CFC4F5CCAB361ED
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 09A8
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=44388711281899140783202516324105885402&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=

42 B
966 B

97ms
96ms

Image
image/gif

54.171.19.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=

Protocol

HTTP/1.1

Server

54.171.19.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-19-100.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

DCS: dcscanary-prod-irl1-1-v057-04b6c75bf.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: H0NuNUXJST8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 104,300
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Tue, 30 May 2023 15:42:36 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0109.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=
content-length: 0

GET
H2 204 adb-ext.gif
ds.reson8.com/ Frame 09A8 0
96 B 94ms
25ms Image
text/plain 104.18.9.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ds.reson8.com/adb-ext.gif?puid=44388711281899140783202516324105885402

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.9.110 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://turbotax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:36 GMT
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 7cf81686bd559243-FRA
vary: Accept-Encoding

POST
H/1.1 200
OK event Show response
turbotax.demdex.net/ 2 KB
1 KB 102ms
101ms XHR
application/json 52.19.14.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://turbotax.demdex.net/event?d_dil_ver=9.5&_ts=1685461357948

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.14.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-14-35.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e2371c9aa4598d541ebdcf10313be25f4103a81754fcae451600526cea3253d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v048-012c56330.edge-irl1.demdex.com 4 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 5UE+5cCNQBw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://quickbooks.intuit.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 651
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
432 B 21ms
19ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=intuit/sbseg-us/202305251742&cb=1685461357949
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Tue, 30 May 2023 15:40:50 GMT
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 108
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: J1ODpzYyOVnE8qP7awNDzwfQI1pnk6nKic5x2EX5IPEGXYgjzISd4w==

GET
H2 200 gdprUtilBundle.js Show response
uxfabric.intuitcdn.net/gdpr-util/2.7.0/ 20 KB
6 KB 24ms
23ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/gdpr-util/2.7.0/gdprUtilBundle.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fa5a49696c4191bde69f8d31212c99d7c4b1ffac315d7ae688c1f860886bb446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 10 May 2023 04:16:48 GMT
x-amz-version-id: null
x-content-type-options: nosniff
x-amz-meta-module: @sbgm/gdpr-util
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
age: 1769149
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 2.7.0
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Nov 2022 17:13:53 GMT
server: AmazonS3
etag: W/"822f6f99f9de897023b1fe4fc997ab12"
vary: Accept-Encoding
x-amz-meta-type: unknown
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: gdpr-util/2.7.0
timing-allow-origin: *
x-amz-meta-id: gdpr-util
x-amz-cf-id: dT8jUAaTzn3VluGNKwkVXAWAJI_2jnajzUMlfguz25Id5EbVxneCJQ==

GET
H2 200 utag.4.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 5 KB
2 KB 22ms
21ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.4.js?utv=ut4.46.202209011907
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1d26316e237f90f9e7ad6f2f1808a8b1b33023fcefcc01767adcc5eec445bd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: 8pK_liwe7vIAoprOHCAEsCNsgKG8vbS3
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:38:28 GMT
last-modified: Thu, 25 May 2023 17:44:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 250
x-amz-server-side-encryption: AES256
etag: W/"dd34cdd94df5965ad0babb46da454ed0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 69cVIxZDPTr-clJY8x4SZ6NYk7EbVbGHbYsKaA1RsxaWC2k01ErB2Q==

GET
H2 200 utag.135.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 22 KB
6 KB 22ms
21ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.135.js?utv=ut4.46.202302161653
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24389989ff5914dc504fb0daebd578c08c6e29ce8a32d36336dd2cf2cc349f25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: wj2dan3bXYHUKrQY8VyEVzuUJjSym.b1
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:41:37 GMT
last-modified: Thu, 25 May 2023 17:44:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 115
x-amz-server-side-encryption: AES256
etag: W/"c6a1f9ecf62baebb284774489e51d825"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: owyAG3eoaOOhpUGrVNGfVYAJTDGcQ4W8Tgo06XEtj7mpXcxEApYYjA==

GET
H2 200 utag.136.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 16 KB
5 KB 22ms
21ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.136.js?utv=ut4.46.202302161653
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fca3358b758673efef61591111dce4efe9060ba478b736b3ce7008aeecdf4c9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: 9v83znnQBW2QLwOnz1_YeT9Y7.HOoc5D
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:41:46 GMT
last-modified: Thu, 25 May 2023 17:44:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 52
x-amz-server-side-encryption: AES256
etag: W/"ea5a95b491537a7186c667cf07543e88"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 9iRgfpZs_kYTPckXgDIwhmB_SuxKGXVvXnjzY4sc3lRc2uQaCfJ73w==

GET
H2 200 utag.49.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 19 KB
5 KB 24ms
23ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.49.js?utv=ut4.46.202212210330
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c4f7c36c97783a2d20b3470f102abfcf667604845ae36fe284d85b27c2d84ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: xNw_9QDGQRsuwobpY6mLFtX_GGzOEmWw
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:41:46 GMT
last-modified: Thu, 25 May 2023 17:44:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 52
x-amz-server-side-encryption: AES256
etag: W/"e56468245386d4f48f446c76fc85daa4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: msKfyJBUMQMLow1lF-9K1-96CxspBZC-r7k6JDWpL4tBquu7MYfDqg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
69 KB 86ms
38ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3fab37b9edf16aba2a952ac0adbac1502757aba04f660b5409f3c9d350994041

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70082
x-xss-protection: 0
last-modified: Tue, 30 May 2023 15:25:52 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 May 2023 15:42:38 GMT

GET
H2 200 utag.10.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 19 KB
6 KB 22ms
20ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.10.js?utv=ut4.46.202108232109
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b0e85a08c5dd19e9cf3cc98c8ace50ea5661575b2f33e4d499d61ad9eef66265

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: UkUof5sohdBNuQpuYYgHtVrI172GqJa6
content-encoding: gzip
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:40:09 GMT
last-modified: Thu, 25 May 2023 17:44:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 175
x-amz-server-side-encryption: AES256
etag: W/"acb9dd5bdfe2464f3b5028f0e891b2ab"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: rj6iyJLdMJ-uFqqag3o2dVVaeetjqG2kQxHXU-sGCnJM03PpvVfbJg==

GET
H2 200 utag.20.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 2 KB
1 KB 22ms
20ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.20.js?utv=ut4.46.202211011511
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd60665a06ff740d72bcf3a63e7ed95cad6dc8dbf8f73d89726c2d1b50f87062

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: zdXvcwvYhLBjegwGvPrAKWqoD_SxBBn4
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:41:37 GMT
last-modified: Thu, 25 May 2023 17:44:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 114
x-amz-server-side-encryption: AES256
etag: W/"b67f97436c4bbe9374f85e4656586267"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: d2T9IOtkLNq6UhZ5_i4m38usSyhqRtSY7jXd_d1wZJTzDcsr5SulEg==

GET
H2 200 utag.92.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 27 KB
8 KB 22ms
20ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.92.js?utv=ut4.46.202302161653
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b9b507dd8567e00c25c8f0132acbdee06d025f09132a573825386868428bb1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: 0DmxtFMJ2QsNtZ_97E8f9y1uhQ_uayZG
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:38:28 GMT
last-modified: Thu, 25 May 2023 17:44:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 250
x-amz-server-side-encryption: AES256
etag: W/"5886aa9d656cff6ac26a55dda46fa896"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: FXog8lHSrzGTnHOcbcbNinLtqJYC-xhYh0Q9Pz6E1j2PIrHh8qVTcQ==

GET
H2 200 utag.65.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 7 KB
3 KB 22ms
21ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.65.js?utv=ut4.46.202209011907
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac45edf6779ebcb73942e167d410da44ec96277e903119a193e46ef76693b245

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: f46yJREnmPnKhqAZcLikaG9yacUuj6NV
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:38:28 GMT
last-modified: Thu, 25 May 2023 17:44:22 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 250
x-amz-server-side-encryption: AES256
etag: W/"051e203a7c1cab89d63c55ecfa877d42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: iKywDxy6UybiwQFKTtS4w10c8zFaLDuuO-8ph1nPTZ3e-6QzQLR86Q==

GET
H2 200 B21324452.223563153;sz=1x2;ord=815987329;tfua= Show response
ad.doubleclick.net/ddm/adj/N5506.nso.codesrv/ 36 KB
14 KB 129ms
52ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N5506.nso.codesrv/B21324452.223563153;sz=1x2;ord=815987329;tfua=?

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

00d0a8cb156fcd17a7349a307f4e4b22de094d694c3dbfef2b70246cc262f359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13905
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 utag.169.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 4 KB
2 KB 22ms
21ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.169.js?utv=ut4.46.202209011907
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6040cfdf94430d86bef87e21bb75e29a28fc8674856405de50c7efff73537414

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: iKAUSrvpvgsn5FOze7PfLDru0LArqbeR
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:38:29 GMT
last-modified: Thu, 25 May 2023 17:44:22 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 249
x-amz-server-side-encryption: AES256
etag: W/"420ad8398b21b7e417b43542c3091501"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: BRXh3tXkB9EC146IGMgVE7oLAT5sBuXTRKuKkVupX-ginFza_XSHFw==

GET
H2 200 / Show response
js.partnerstack.com/v1/ 6 KB
3 KB 97ms
40ms Script
application/javascript 2606:4700::6812:6da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.partnerstack.com/v1/
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b02ba5f322701b8d9c590f48d4dd5cb38f1f70d04284f7e10856a02fae83d887

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 20 Apr 2023 18:31:41 GMT
server: cloudflare
age: 57
etag: W/"6441850d-1904"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7cf8168fbbd33689-FRA
expires: Tue, 30 May 2023 19:42:38 GMT

GET
H2 200 utag.181.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 2 KB
1 KB 26ms
26ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.181.js?utv=ut4.46.202303161933
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf1f19dc9293aa6b78ea028a77fa8b75c749be51ac4254b418780acdfcf5a194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: 1.jH6IDogPYucIrB5jY72BXHKd1QQIZN
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:38:29 GMT
last-modified: Thu, 25 May 2023 17:44:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 249
x-amz-server-side-encryption: AES256
etag: W/"e69165219f2b60cf2c7c586a827e4b75"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: GCOQ0g6ga9yB64igcoCsJVJTAlxzdFJLK90PdmRnB_csEmlcidwXZw==

GET
H2 200 utag.183.js Show response
tags.tiqcdn.com/utag/intuit/sbseg-us/prod/ 5 KB
2 KB 26ms
26ms Script
application/javascript 2600:9000:223e:ca00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.183.js?utv=ut4.46.202211292359
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ca00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c882ebcc81f6c93bfb6a6932e7af0701aadf81e588f4dfe1675552e6e468b1e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: JcUZ1qiKfKAe2EHD8mw6qynE9mT1A1H8
content-encoding: br
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
date: Tue, 30 May 2023 15:41:37 GMT
last-modified: Thu, 25 May 2023 17:44:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 115
x-amz-server-side-encryption: AES256
etag: W/"075d150cad7af3519d4f782537ae123f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: XiI6cyjFFSxvzcpRseRA4SSmzYYlJZHmuOXXO9EXiot-AzUTDSoSlw==

POST
H2 200 21eb8aefa5e774399ac396a6bdba36f01fdd8fd1
csp.intuit.com/v2/r/ 0
0 682ms
210ms Other
text/html 35.166.154.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.intuit.com/v2/r/21eb8aefa5e774399ac396a6bdba36f01fdd8fd1
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.166.154.88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-166-154-88.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 siteanalyze_2796.js Show response
siteimproveanalytics.com/js/ 27 KB
10 KB 84ms
28ms Script
application/javascript 2606:4700:e2::ac40:8e22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_2796.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8e22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12a67f4742e3e88b0c210c666fdd45d84865656e72f3ed88f7c37eed632c833b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ZDYSKG5XGVX4E8G1
age: 2233
alt-svc: h3=":443"; ma=86400
content-length: 9078
x-amz-id-2: Ko9TVO4rIqmX4asqd5E782Hikst+ANVQS8cxYtUiF/h49QKDOdSQZxP4P9zr2uHc0ABCmHEEZiU=
last-modified: Fri, 21 Apr 2023 16:59:07 GMT
server: cloudflare
etag: "120b3eb1e3fa5f72ea2d35c5846af170"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s58OirUyCOZ9BpFLUzY9KeXvZ7dqizJ1Dx895MG%2FwLN8tAHKUCzTTI5OpGAlBZVJ%2Bc4swbsd4GYxorYO%2FFa0q%2BlhdHijlbmGI3AoSWAmRxrN2SS7VN4xZGBDD1S1phKC%2B2Y%2BLUOnDwOlJvLPjVe4JhZKPXJ3XSI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 7cf8168fbbc19277-FRA

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 74 KB
25 KB 89ms
24ms Script
application/javascript 143.204.98.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-126.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: null
Content-Encoding: gzip
Via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
Date: Tue, 30 May 2023 15:22:07 GMT
Last-Modified: Thu, 18 Nov 2021 14:57:32 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA50-C1
Age: 1241
ETag: W/"c5b0d60b7c887bcae6d8897835a15d14"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: J5w9jCZVWt9M5lQ_uaJpuvZWRQ67ctxTfOERyP5g5uLHOodW5Btk2w==

GET
H/1.1 204
No Content / Show response
vid1005.d41.co/sync/ 0
513 B 621ms
122ms Script
text/plain 54.81.54.200
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://vid1005.d41.co/sync/

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.4.js?utv=ut4.46.202209011907

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.81.54.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-81-54-200.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 May 2023 15:42:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
access-control-allow-origin: https://quickbooks.intuit.com
Cache-control: no-store
access-control-allow-credentials: true
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H2 200 ccpa-widget-en.js Show response
uxfabric.intuitcdn.net/gdpr-widget/2.5.21/ 293 KB
67 KB 21ms
21ms Script
application/javascript 99.86.4.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://uxfabric.intuitcdn.net/gdpr-widget/2.5.21/ccpa-widget-en.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-95.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

03a284557d1548a22b476dbea28fca45f06d3113443d06926c152e8504ac4a6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 03:58:34 GMT
x-amz-version-id: null
x-content-type-options: nosniff
x-amz-meta-module: @sbgm/gdpr-widget
content-encoding: br
x-amz-cf-pop: FRA6-C1
age: 1597444
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-meta-version: 2.5.21
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 67855
x-xss-protection: 1; mode=block
last-modified: Fri, 02 Dec 2022 20:00:18 GMT
server: AmazonS3
etag: "ef85b2a8dd5a711075cc45cd8fd82689"
x-amz-meta-type: unknown
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-meta-slug: gdpr-widget/2.5.21
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-id: gdpr-widget
x-amz-cf-id: e94mgP6kNhYV2a4kzzQ6QP59WxYoZ4UJPDkgNz46IlLVNteyHElaeg==

GET
H2 200 beacon.js Show response
marketdataservice.api.intuit.com/v1/ 12 KB
5 KB 205ms
204ms XHR
text/html 44.235.153.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://marketdataservice.api.intuit.com/v1/beacon.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.20.js?utv=ut4.46.202211011511

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.235.153.176 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-235-153-176.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

c047fa48c9ac1424589812948981d079b137a72216d64f804f2801cc370fd1f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
Authorization: Intuit_APIKey intuit_apikey=prdakyresfsWwwDOBJFu0iasToyULgEx1PyFohAy, intuit_apkey_version=1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-security-policy: default-src 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
intuit_tid: 1-6476196e-5af8c30f4ef82c9a311dc67e
x-envoy-upstream-service-time: 3
x-xss-protection: 1; mode=block
x-spanid: 3dafcc1b-fea6-4f21-a0a1-6c36dbc1b89f
server: envoy
x-amzn-trace-id: Root=1-6476196e-5af8c30f4ef82c9a311dc67e
etag: W/"30b8-quzk9+hq7gAc8oQMXGn/GI/5wyQ"
x-frame-options: SAMEORIGIN
content-type: text/html;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: x-tto-engine-version,date,x-b3-parentspanid,content-length,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,content-type,connection,if-match,cache-control,intuit_*,intuit_tid,x-tto-routing-info,pragma,accept,intuit-*,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-credentials: true

OPTIONS
H2 200 beacon.js
marketdataservice.api.intuit.com/v1/ Frame 0
0 651ms
200ms Preflight 44.235.153.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://marketdataservice.api.intuit.com/v1/beacon.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.235.153.176 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-235-153-176.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-tto-engine-version,date,x-b3-parentspanid,content-length,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,content-type,connection,if-match,cache-control,intuit_tid,x-tto-routing-info,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:38 GMT
intuit_tid: 1-6476196e-44ec632f33db44fe54922bde
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 0

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 3 KB
2 KB 130ms
22ms Script
application/javascript 2600:1480:4000:41::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1480:4000:41:: , United States, ASN33905 (AKAMAI-AMS, NL),
Reverse DNS
Software: /
Resource Hash: a62387c9826311dd23b686c73af32a3922cbbb087222698947a74301414b87ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
content-encoding: br
x-cdn: akamai
etag: "a04e1291e6ed2967f1c0f633fddfe433"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1444

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 74ms
23ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c5100cd90a95aa459fe237adc409043e20f8fd06caa5cd3b74d66f79387ae0fb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 30 May 2023 15:42:38 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27498
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: FNiBi6Z+xV2tuNqCjj0th4XqYcWtun7IXIMVMm5RVAOD3aFYzsVg3Mj+It5f1VAhuIuZZFS96L9gJtDuRvDrew==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 77ms
20ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 23 Jan 2023 21:56:14 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7356

GET
H2 200 infinitytrack.js Show response
script.infinity-tracking.com/ 69 KB
20 KB 104ms
25ms Script
text/javascript 52.222.214.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.infinity-tracking.com/infinitytrack.js?i=8099
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.181.js?utv=ut4.46.202303161933
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-86.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 27e68ead658f69f0db6964741b16b14f87eef1167a1ec787ced314599bd8ad2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 14:57:52 GMT
content-encoding: gzip
via: 1.1 081c7bef6b5d3c12829ac4c99182ccea.cloudfront.net (CloudFront)
last-modified: Wed, 24 May 2023 15:55:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 2691
x-amz-server-side-encryption: AES256
etag: W/"c64c418063bbef15f80890460bea8bec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: F8ODxGDWkGl_TkIrkKiacWPJSC7lMxvE-3YPtpbeN3okAXrRMDQrCA==

GET
H2

204

doubleclick
idsync.segment.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=segment&google_cm&tealium_vid=01886d53499e00034532ba83ce9803074008906c00b08&tealium_account=intuit&tealium_profile=sbseg-us&go...
https://idsync.segment.com/doubleclick?tealium_cookie_sync=true&tealium_vid=01886d53499e00034532ba83ce9803074008906c00b08&tealium_account=intuit&tealium_profile=sbseg-us&segment_write_key=49ALC2bJO...

0
35 B

626ms
205ms

Image
text/plain

44.229.178.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.segment.com/doubleclick?tealium_cookie_sync=true&tealium_vid=01886d53499e00034532ba83ce9803074008906c00b08&tealium_account=intuit&tealium_profile=sbseg-us&segment_write_key=49ALC2bJOz8hBADcZ9GQOO1DOFuH1DEp&google_gid=CAESEJ9wbwrPjfdnOdDdi6c7lG4&google_cver=1
Protocol: H2
Server: 44.229.178.231 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-229-178-231.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://idsync.segment.com/doubleclick?tealium_cookie_sync=true&tealium_vid=01886d53499e00034532ba83ce9803074008906c00b08&tealium_account=intuit&tealium_profile=sbseg-us&segment_write_key=49ALC2bJOz8hBADcZ9GQOO1DOFuH1DEp&google_gid=CAESEJ9wbwrPjfdnOdDdi6c7lG4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 494
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pk_jE31QW1QgwtMCZG9mmrljQqbwaOxpkIe Show response
grsm.io/pr/gpk/ 0
237 B 193ms
136ms XHR
text/plain 2606:4700::6812:ad4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grsm.io/pr/gpk/pk_jE31QW1QgwtMCZG9mmrljQqbwaOxpkIe
Requested by: Host: js.partnerstack.com
URL: https://js.partnerstack.com/v1/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ad4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="This is not a P3P policy! See our docs for more info."
access-control-allow-origin: https://quickbooks.intuit.com
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 7cf816905b8e18fd-FRA
content-length: 0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 369ms
314ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1685461358078&id=t2_msyi4ws&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=e72e97a2-3854-4a49-9aa2-6974d4eed394&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H/1.1 200
OK api Show response
vi4820.d41.co/ 55 B
612 B 515ms
122ms Fetch
application/json 54.173.184.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://vi4820.d41.co/api?req=vi4820&form=json

Requested by

Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.173.184.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-173-184-55.compute-1.amazonaws.com

Software

Resource Hash

5a66b400ed3590731f8335b4bd05758241ff8a9641da75a262e7112ffe0aff57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 May 2023 15:42:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
access-control-allow-origin: https://quickbooks.intuit.com
Cache-control: no-store
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 55
X-XSS-Protection: 1; mode=block

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1030811807/ 3 KB
1 KB 343ms
94ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1030811807/?random=1685461358112&cv=11&fst=1685461358112&bg=ffffff&guid=ON&async=1&gtm=45be35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&hn=www.googleadservices.com&frm=0&tiba=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&did=dYmQxMT&gdid=dYmQxMT&rdp=0&auid=1103484001.1685461358&uamb=0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fafd82d9bf70595be54ba2563d65771ad4f5e46fb63f296e7c180e1e1127a676

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1416
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 66ms
65ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DNDL793VKR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0aaacbf9f7f742cc45e5d60c933522227f5bcce2f56c9bbb6fd2ea6ca76fa00c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80154
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 30 May 2023 15:42:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 118 KB
46 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-202392873-2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

97096df74a185aeb6d607527b690c776ed118b450540931869e200d20ac0a928

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46896
x-xss-protection: 0
last-modified: Tue, 30 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 May 2023 15:42:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 123 KB
48 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-1996823&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f71d7acc91e770d2a7d6ae5f4c9a22f5993bfbe1384a917b47f9b95cfa2cde1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48742
x-xss-protection: 0
last-modified: Tue, 30 May 2023 15:25:52 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 May 2023 15:42:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 118 KB
46 KB 51ms
51ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-97500898-2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14f4bdbc940a57e0480b75e2d2eb600b32d7129caef0f08dd3485245969f5615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46869
x-xss-protection: 0
last-modified: Tue, 30 May 2023 15:25:52 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 May 2023 15:42:38 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1030811807/ 3 KB
2 KB 299ms
56ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1030811807/?random=1685461358119&cv=11&fst=1685461358119&bg=ffffff&guid=ON&async=1&gtm=45be35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&hn=www.googleadservices.com&frm=0&tiba=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&did=dYmQxMT&gdid=dYmQxMT&rdp=0&auid=1103484001.1685461358&uamb=0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1030811807

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac2fbf6c1022534cbaf5e125b4bdc66084f7a0e7b07a67f63d48903cd4584d0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1416
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 21eb8aefa5e774399ac396a6bdba36f01fdd8fd1
csp.intuit.com/v2/r/ 0
0 719ms
409ms Other
text/html 35.166.154.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.intuit.com/v2/r/21eb8aefa5e774399ac396a6bdba36f01fdd8fd1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.166.154.88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-166-154-88.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 image.aspx
2796.global.siteimproveanalytics.io/ 34 B
481 B 265ms
20ms Image
image/gif 3.77.191.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2796.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&title=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&res=1600x1200&accountid=2796&rt=5261&prev=82243ca2-8207-1959-facc-24f338eb1179&luid=7cf7fd45-3986-a9e8-9f57-46da278841cb&rnd=41423
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.77.191.72 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-77-191-72.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 30 May 2023 15:42:38 GMT
cache-control: max-age=0
content-length: 34
expires: Tue, 30 May 2023 15:42:38 UTC

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
21 KB 25ms
24ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.104

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7e86f52cb0d423805ec541a4bccae5156a01fbe36355e6d798a450593212651f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 30 May 2023 15:42:38 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 20722
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 0ZEyyIvXC3cEyRv/yS9CUIGy4YllQWpiaKi7wK2CboSDUa72Gk614L06yhlTwMbMZ9EHD881FC0ItPV0XK5nag==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 850485508311844 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 29ms
29ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/850485508311844?v=2.9.104&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

99fe8eef8e59b83d4c9047c6cc1b4dd1de6fff4b8fa15d8bb56fcdb65d6365e0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 30 May 2023 15:42:38 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88027
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: +DIypNgaALPrF6U4wvtabOopPG2Peo83vw8CG9jf19x41YaCDFafCKbPEmsTwvXpOBYVCARaUhf4oyStng6FmQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230523/r20110914/elements/html/ 11 KB
4 KB 246ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230523/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5506.nso.codesrv/B21324452.223563153;sz=1x2;ord=815987329;tfua=?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 14:49:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Jun 2023 14:49:49 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
0 280ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssZehFpE2bm4SJ263hMFFA9N1KfIPiFTfvA8fd_-JzlVAtPIgKDgnO_ug91ac1A0u12mwBVevqt2yAW1JB0fVFoyJ0NQsOiaanMx75L9RSEyb0pe7tQChSaGT-z0s0RQf21urHB29RK6KcHtU946xt6ZhbFhRhbqQSzMaW-EQ&sai=AMfl-YSokF8Xi5aLTjXDu2YtW35dZotgMbEOOmQq8WtAMDPsgJUDXspEAsvzxZwVwsym5wut7_hnqs-074VxXji6kcVMsj9QAVy1nTanHw&sig=Cg0ArKJSzOIPhatQi8g2EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20230523.23758&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5506.nso.codesrv/B21324452.223563153;sz=1x2;ord=815987329;tfua=?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 30 May 2023 15:42:38 GMT

GET
H2 200 main.b68cecd9.js Show response
s.pinimg.com/ct/lib/ 62 KB
18 KB 22ms
22ms Script
application/javascript 2600:1480:4000:41::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.b68cecd9.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1480:4000:41:: , United States, ASN33905 (AKAMAI-AMS, NL),
Reverse DNS
Software: /
Resource Hash: a603139b3b85a956beb096a23eb80bad0a19c119df91b618122779fe16bbff91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: br
x-cdn: akamai
etag: "c7f9533bd6b4e2008590df3f4d1a5fbe"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 17974

GET
H2 200 info Show response
web.lon.infinity-tracking.com/v3/ 3 KB
3 KB 58ms
57ms Fetch
application/json 3.9.75.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web.lon.infinity-tracking.com/v3/info?pv=3&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&features=30&inf=8099
Requested by: Host: script.infinity-tracking.com
URL: https://script.infinity-tracking.com/infinitytrack.js?i=8099
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.75.2 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-75-2.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 3b54182c934fe57fda25ddf18c88c3bf485113ae595f32f246aa408715873583

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 30 May 2023 15:42:38 GMT
content-length: 3135
apigw-requestid: FvjpTgOHrPEEPsA=
content-type: application/json

GET
H2 200 / Show response
ct.pinterest.com/user/ 568 B
498 B 194ms
52ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2614120955514&ov=%7B%22page_name%22%3A%22Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud%22%2C%22page_category%22%3A%22%22%7D&pd=%7B%22np%22%3A%22tealium%22%7D&cb=1685461358230&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.b68cecd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 159ec23a6b35726aca57348e6615a6db4fa63c8bb12490cca4d260c8e05f9434

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pin-unauth: dWlkPU5HWTJaV1UwTVRjdE9XUTBZUzAwWlRJekxUaGtNREl0TURGaU1tSTJNekE1TkRSaA
pragma: no-cache
content-encoding: gzip
referrer-policy: origin
date: Tue, 30 May 2023 15:42:38 GMT
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
x-pinterest-rid: 8614632135932982
content-length: 385
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 568 B
769 B 192ms
51ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22currency%22%3A%22USD%22%2C%22line_items%22%3A%5B%7B%22product_quantity%22%3A1%7D%5D%7D&tid=2614120955514&cb=1685461358232&dep=5%2CEVENT_TAGS_ABSENT
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.b68cecd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 159ec23a6b35726aca57348e6615a6db4fa63c8bb12490cca4d260c8e05f9434

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pin-unauth: dWlkPVptTTFZemszTmprdE1UQTRNUzAwWXpnM0xXRmhOVEl0TlRGaU16RmhaVFUzWmpoag
pragma: no-cache
content-encoding: gzip
referrer-policy: origin
date: Tue, 30 May 2023 15:42:38 GMT
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
x-pinterest-rid: 6796351131557086
content-length: 385
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=*;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=1103484001.1685461358;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit...
https://ad.doubleclick.net/activity;dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=1103484001.1685461358;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~or...
https://adservice.google.com/ddm/fls/z/dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=*;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2F...

42 B
401 B

117ms
60ms

Image
image/gif

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=*;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US

Protocol

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CLvAq-ywnf8CFdKGsgodjt8E3A;src=1996823;type=;cat=;gtm=45fe35o0;auiddc=*;gdid=dYmQxMT;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 142ms
21ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-202392873-2&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 30 May 2023 15:04:54 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2264
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Tue, 30 May 2023 17:04:54 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
96 B 171ms
52ms Image
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2614120955514&ov=%7B%22page_name%22%3A%22Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud%22%2C%22page_category%22%3A%22%22%7D&pd=%7B%22np%22%3A%22tealium%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22b68cecd9%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1685461358254
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
x-pinterest-rid: 6582928345343279
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 64ms
20ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=850485508311844&ev=PageView&dl=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&rl=&if=false&ts=1685461358271&cd[region]=us&sw=1600&sh=1200&ud[external_id]=213c94723376c81549996387f4a54b9263250fd61db651b9565cb52beafe83f0&v=2.9.104&r=stable&a=tmtealium&ec=0&o=29&fbp=fb.1.1685461358269.684440049&it=1685461358136&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&exp=a0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 30 May 2023 15:42:38 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
258 B 92ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-DNDL793VKR&gtm=45je35o0&_p=1672892896&_gaz=1&gdid=dYmQxMT&cid=1601324429.1685461358&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1685461358&sct=1&seg=0&dl=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&dt=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&up.ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DNDL793VKR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://quickbooks.intuit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 92ms
29ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-DNDL793VKR&cid=1601324429.1685461358&gtm=45je35o0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DNDL793VKR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://quickbooks.intuit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 129ms
58ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DNDL793VKR&cid=1601324429.1685461358&gtm=45je35o0&aip=1&z=571442749

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pk_jE31QW1QgwtMCZG9mmrljQqbwaOxpkIe Show response
partnerlinks.io/pr/gpk/ 0
206 B 111ms
40ms XHR
text/plain 2606:4700::6812:1e85
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://partnerlinks.io/pr/gpk/pk_jE31QW1QgwtMCZG9mmrljQqbwaOxpkIe
Requested by: Host: js.partnerstack.com
URL: https://js.partnerstack.com/v1/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1e85 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:42:38 GMT
server: cloudflare
vary: Accept-Encoding
p3p: CP="This is not a P3P policy! See our docs for more info."
access-control-allow-origin: https://quickbooks.intuit.com
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
cf-ray: 7cf81691ea7b036e-FRA
content-length: 0

POST
H/1.1 200
OK event Show response
turbotax.demdex.net/ 2 KB
1 KB 106ms
106ms XHR
application/json 52.19.14.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://turbotax.demdex.net/event?d_dil_ver=9.5&_ts=1685461358308

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.14.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-14-35.eu-west-1.compute.amazonaws.com

Software

Resource Hash

229d06c87f95d9e72f4bc946c8a1f6b80494412baccbe080d56c9e6863c86e7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v048-04f30eb4e.edge-irl1.demdex.com 4 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: vt4gtdH/SGc=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://quickbooks.intuit.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 649
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

s16830238316493
sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/
Redirect Chain

https://sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/s16830238316493?AQB=1&ndh=1&pf=1&t=30%2F4%2F2023%2015%3A42%3A38%202%200&fid=7DD1ECCDF45F1951-3BCA298AE8A2FC7A&ce=UTF-8&ns=intuitinc&pageName=%7...
https://sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/s16830238316493?AQB=1&pccr=true&vidn=323B0CB71D912DBF-40001A2DA2477A5C&ndh=1&pf=1&t=30%2F4%2F2023%2015%3A42%3A38%202%200&fid=7DD1ECCDF45F1951-3...

43 B
264 B

99ms
98ms

Image
image/gif

63.140.62.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/s16830238316493?AQB=1&pccr=true&vidn=323B0CB71D912DBF-40001A2DA2477A5C&ndh=1&pf=1&t=30%2F4%2F2023%2015%3A42%3A38%202%200&fid=7DD1ECCDF45F1951-3BCA298AE8A2FC7A&ce=UTF-8&ns=intuitinc&pageName=%7C%7Cquickbooks.intuit.com%7Clearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2Fl2nzzqnzu_us_en_us%2Findex&g=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&cc=USD&ch=%7C&server=quickbooks.intuit.com&c1=D%3Dv1&v1=%7C%7Cquickbooks.intuit.com&c2=D%3DpageName&h2=%7C%7Cquickbooks.intuit.com%7Clearn-support%7Cen-us%7Chelp-article%7Cfraud%7Cidentify-suspicious-activity-phishing-scams-fraud%7Cl2nzzqnzu_us_en_us%7Cindex&v12=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&v13=L2NzZQnZu_US_en_US&c16=Lookers&c20=44561187936105858673187640383477529103&c26=D%3Dv26&v26=cid%3A%7Csc%3A%7Cext%3AQOE-COM%7Cint%3Aquickbooks.intuit.com%7C&c27=D%3Dg&v27=D%3Dg&c30=page%7Cwa.track%20%28page%20load%29&c33=intuitsbgprod&c36=2.22.0%3Awa2%7C2022%7C12%7C21%7Csbseg-us-prod&c49=D%3DpageName&v54=a2c330c8-7c86-53e1-9ef6-f6cb84873896&c60=D%3Dv60&v60=us&c67=D%3Dv67&v67=2023-05-30%2007%3A42%3A38&c73=D%3Dv73&v73=1619&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Protocol

Server

63.140.62.160 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-160.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 31 May 2023 15:42:38 GMT
server: jag
etag: 3619500707227959296-4619803389616283928
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 29 May 2023 15:42:38 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 31 May 2023 15:42:38 GMT
server: jag
vary: Origin
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
location: https://sci.intuit.com/b/ss/intuitsbgprod/1/JS-2.22.0/s16830238316493?AQB=1&pccr=true&vidn=323B0CB71D912DBF-40001A2DA2477A5C&ndh=1&pf=1&t=30%2F4%2F2023%2015%3A42%3A38%202%200&fid=7DD1ECCDF45F1951-3BCA298AE8A2FC7A&ce=UTF-8&ns=intuitinc&pageName=%7C%7Cquickbooks.intuit.com%7Clearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2Fl2nzzqnzu_us_en_us%2Findex&g=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&cc=USD&ch=%7C&server=quickbooks.intuit.com&c1=D%3Dv1&v1=%7C%7Cquickbooks.intuit.com&c2=D%3DpageName&h2=%7C%7Cquickbooks.intuit.com%7Clearn-support%7Cen-us%7Chelp-article%7Cfraud%7Cidentify-suspicious-activity-phishing-scams-fraud%7Cl2nzzqnzu_us_en_us%7Cindex&v12=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&v13=L2NzZQnZu_US_en_US&c16=Lookers&c20=44561187936105858673187640383477529103&c26=D%3Dv26&v26=cid%3A%7Csc%3A%7Cext%3AQOE-COM%7Cint%3Aquickbooks.intuit.com%7C&c27=D%3Dg&v27=D%3Dg&c30=page%7Cwa.track%20%28page%20load%29&c33=intuitsbgprod&c36=2.22.0%3Awa2%7C2022%7C12%7C21%7Csbseg-us-prod&c49=D%3DpageName&v54=a2c330c8-7c86-53e1-9ef6-f6cb84873896&c60=D%3Dv60&v60=us&c67=D%3Dv67&v67=2023-05-30%2007%3A42%3A38&c73=D%3Dv73&v73=1619&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
content-type: text/plain;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 29 May 2023 15:42:38 GMT

OPTIONS
H2 204 info
web.lon.infinity-tracking.com/v3/ Frame 0
0 184ms
38ms Preflight 3.9.75.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web.lon.infinity-tracking.com/v3/info?pv=3&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&features=30&inf=8099
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.75.2 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-75-2.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET,OPTIONS,PUT
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: FvjpSh8prPEEPJw=
date: Tue, 30 May 2023 15:42:38 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
211 B 30ms
28ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1672892896&t=pageview&_s=1&dl=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&ul=en-us&de=UTF-8&dt=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4CDAAUABAAAAACAAI~&jid=1674808330&gjid=534011035&cid=1601324429.1685461358&tid=UA-202392873-2&_gid=997928131.1685461358&_r=1&cd6=a2c330c8-7c86-53e1-9ef6-f6cb84873896&gtm=457e35o0&did=dYmQxMT&gdid=dYmQxMT&z=26213049

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://quickbooks.intuit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
68 B 29ms
28ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1672892896&t=pageview&_s=1&dl=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&ul=en-us&de=UTF-8&dt=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4CDACUABBAAAACAAI~&jid=1069791596&gjid=1536057452&cid=1601324429.1685461358&tid=UA-97500898-2&_gid=997928131.1685461358&_r=1&cd6=a2c330c8-7c86-53e1-9ef6-f6cb84873896&gtm=457e35o0&did=dYmQxMT&gdid=dYmQxMT&z=635654879

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://quickbooks.intuit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
132 B 22ms
21ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&a=1672892896&t=pageview&_s=2&dl=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&ul=en-us&de=UTF-8&dt=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4CDAAUABAAAAACAAI~&jid=&gjid=&cid=1601324429.1685461358&tid=UA-202392873-2&_gid=997928131.1685461358&cd6=a2c330c8-7c86-53e1-9ef6-f6cb84873896&gtm=457e35o0&did=dYmQxMT&gdid=dYmQxMT&z=2144824376

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 May 2023 23:50:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 57111
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ct.html Show response
ct.pinterest.com/ Frame D478 565 B
400 B 50ms
50ms Document
text/html 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.b68cecd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer: https://quickbooks.intuit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Tue, 30 May 2023 15:42:38 GMT
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1539545133665656

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
331 B 48ms
47ms Image
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22currency%22%3A%22USD%22%2C%22line_items%22%3A%5B%7B%22product_quantity%22%3A1%7D%5D%7D&tid=2614120955514&cb=1685461358463&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22tealium%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22b68cecd9%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
x-pinterest-rid: 1229312509591856
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1030811807/ 42 B
108 B 88ms
33ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1030811807/?random=1685461358119&cv=11&fst=1685458800000&bg=ffffff&guid=ON&async=1&gtm=45be35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&frm=0&tiba=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&data=event%3Dpage_view&fmt=3&is_vtc=1&random=648257319&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1030811807/ 42 B
455 B 36ms
33ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1030811807/?random=1685461358119&cv=11&fst=1685458800000&bg=ffffff&guid=ON&async=1&gtm=45be35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&frm=0&tiba=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&data=event%3Dpage_view&fmt=3&is_vtc=1&random=648257319&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1030811807/ 42 B
455 B 86ms
32ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1030811807/?random=1685461358112&cv=11&fst=1685458800000&bg=ffffff&guid=ON&async=1&gtm=45be35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&frm=0&tiba=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&data=event%3Dpage_view&fmt=3&is_vtc=1&random=315874768&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1030811807/ 42 B
108 B 37ms
36ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1030811807/?random=1685461358112&cv=11&fst=1685458800000&bg=ffffff&guid=ON&async=1&gtm=45be35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&frm=0&tiba=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&data=event%3Dpage_view&fmt=3&is_vtc=1&random=315874768&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
353 B 41ms
29ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-202392873-2&cid=1601324429.1685461358&jid=1674808330&gjid=534011035&_gid=997928131.1685461358&_u=4CDAAUAAAAAAACAAI~&z=1543109455

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://quickbooks.intuit.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inf_248.js Show response
script.infinity-tracking.com/ 573 B
961 B 22ms
21ms Script
text/javascript 52.222.214.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.infinity-tracking.com/inf_248.js?h=d6ebb061fcc704b51570
Requested by: Host: script.infinity-tracking.com
URL: https://script.infinity-tracking.com/infinitytrack.js?i=8099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-86.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 40809eecdeb0734d74f9782b97d7beadeb8d4bd3735f597129382904af940b0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 15:06:49 GMT
via: 1.1 081c7bef6b5d3c12829ac4c99182ccea.cloudfront.net (CloudFront)
last-modified: Wed, 24 May 2023 15:55:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 2150
x-amz-server-side-encryption: AES256
etag: "eacd11e3b10b0d951f6aee5ed3fbad2d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 573
x-amz-cf-id: MKd9ieidZLv6e8L1ny869MCuwmsa4CfTs9pfMBRNfr1rnNax8rCTEw==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 60ms
59ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-202392873-2&cid=1601324429.1685461358&jid=1674808330&_u=4CDAAUAAAAAAACAAI~&z=1377022508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 59ms
58ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-202392873-2&cid=1601324429.1685461358&jid=1674808330&_u=4CDAAUAAAAAAACAAI~&z=1377022508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://quickbooks.intuit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 May 2023 15:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 allocate Show response
nas.lon.infinity-tracking.com/ 230 B
361 B 146ms
146ms Fetch
application/json 13.40.239.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nas.lon.infinity-tracking.com/allocate?pv=3&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&autoformat=1&igrp=8099&ictvid=883fd5df-ab28-40c5-b285-4ce1d80865b6&href=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&vref=&t=Identify+suspicious+activity%2C+phishing+scams%2C+and+potential+fraud&state=rlt%7E1685461359%7Eland%7E2_95564_direct_b40c957d1bf862c4e17a2327eb4e78b7&nums=18776833280%2C%2B18776833280
Requested by: Host: script.infinity-tracking.com
URL: https://script.infinity-tracking.com/infinitytrack.js?i=8099
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.40.239.91 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-40-239-91.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: db6752f0312bb2140eedfffa1fd51f1580684a3ef8f5e62177ee1d9399ee996d

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 30 May 2023 15:42:38 GMT
content-length: 230
apigw-requestid: FvjpVie3LPEEMqA=
content-type: application/json; charset=utf-8

OPTIONS
H2 204 allocate
nas.lon.infinity-tracking.com/ Frame 0
0 128ms
39ms Preflight 13.40.239.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nas.lon.infinity-tracking.com/allocate?pv=3&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&autoformat=1&igrp=8099&ictvid=883fd5df-ab28-40c5-b285-4ce1d80865b6&href=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&vref=&t=Identify+suspicious+activity%2C+phishing+scams%2C+and+potential+fraud&state=rlt%7E1685461359%7Eland%7E2_95564_direct_b40c957d1bf862c4e17a2327eb4e78b7&nums=18776833280%2C%2B18776833280
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.40.239.91 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-40-239-91.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: FvjpVjTBLPEEMgQ=
date: Tue, 30 May 2023 15:42:38 GMT

OPTIONS
H2 200 saveUserData
xds-writesvc.api.intuit.com/v2/ Frame 0
0 666ms
203ms Preflight 52.37.128.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://xds-writesvc.api.intuit.com/v2/saveUserData

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.37.128.179 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-37-128-179.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: date,content-length,x-b3-parentspanid,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,if-unmodified-since,content-transfer-encoding,content-disposition,content-md5,fragment-location,content-type,connection,if-match,cache-control,intuit_tid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:39 GMT
intuit_tid: 1-6476196f-7ecd15d5711b98cc1cbeea6f
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 0

POST
H2 200 saveUserData Show response
xds-writesvc.api.intuit.com/v2/ 68 B
873 B 636ms
219ms XHR
application/json 52.37.128.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://xds-writesvc.api.intuit.com/v2/saveUserData

Requested by

Host: quickbooks.intuit.com
URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.37.128.179 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-37-128-179.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

91532ffa1ca29ab0b7bd1ce2f4f9a6f881f4303972d76c30e8b3ac561746fa03

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
Authorization: Intuit_APIKey intuit_apikey=prdakyresfsWwwDOBJFu0iasToyULgEx1PyFohAy, intuit_apkey_version=1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 May 2023 15:42:40 GMT
content-security-policy: default-src 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
intuit_tid: 1-64761970-0a705fe853179c2e0babcc5c
x-envoy-upstream-service-time: 9
x-xss-protection: 1; mode=block
x-spanid: 2b1e28bf-be55-4438-88eb-52fc0fae703c
server: envoy
x-amzn-trace-id: Root=1-64761970-0a705fe853179c2e0babcc5c
etag: W/"44-dBy2cFtSVj2zB75o39nUTemzf8M"
x-frame-options: SAMEORIGIN
content-type: application/json;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: date,content-length,x-b3-parentspanid,expires,vary,origin,x-b3-sampled,authorization,keep-alive,tracestate,if-unmodified-since,content-transfer-encoding,content-disposition,content-md5,fragment-location,content-type,connection,if-match,cache-control,intuit_tid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-credentials: true

GET
H/1.1 200
OK track Show response
ict.infinity-tracking.net/ 590 B
944 B 172ms
52ms Fetch
application/json 109.169.42.14
IOMART-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ict.infinity-tracking.net/track?pv=2&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&igrp=8099&href=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&vref=&t=Identify+suspicious+activity%2C+phishing+scams%2C+and+potential+fraud&res=1600x1200&channelOverride=1&d%5Bmaster%5D=vid%7E883fd5df-ab28-40c5-b285-4ce1d80865b6&d%5Bil8099%5D=rlt%7E1685461359%7Eland%7E2_95564_direct_b40c957d1bf862c4e17a2327eb4e78b7&d%5Bin8099%5D=rlt%7E1685461359%7Eland%7E2_95564_direct_b40c957d1bf862c4e17a2327eb4e78b7&c_ecid=MCMID%7C44561187936105858673187640383477529103&c_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896&isNew=1&isLand=1
Requested by: Host: script.infinity-tracking.com
URL: https://script.infinity-tracking.com/infinitytrack.js?i=8099
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 109.169.42.14 , United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS: ict.infinity-tracking.net
Software: nginx /
Resource Hash: 9e9343706cc7e492d6779b1469a035608c94441a499062920a677eb88e2bd55d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 30 May 2023 15:42:39 GMT
Server: nginx
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID ADM PSA OUR IND COM NAV INT"
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 590
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 allocate Show response
nas.lon.infinity-tracking.com/ 230 B
362 B 162ms
161ms Fetch
application/json 13.40.239.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nas.lon.infinity-tracking.com/allocate?pv=3&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&autoformat=1&igrp=8099&ictvid=883fd5df-ab28-40c5-b285-4ce1d80865b6&href=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&vref=&t=Identify+suspicious+activity%2C+phishing+scams%2C+and+potential+fraud&state=rlt%7E1685461359%7Eland%7E2_95564_direct_b40c957d1bf862c4e17a2327eb4e78b7&c_ecid=MCMID%7C44561187936105858673187640383477529103&c_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896&nums=18776833280%2C%2B18776833280
Requested by: Host: script.infinity-tracking.com
URL: https://script.infinity-tracking.com/infinitytrack.js?i=8099
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.40.239.91 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-40-239-91.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: db6752f0312bb2140eedfffa1fd51f1580684a3ef8f5e62177ee1d9399ee996d

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 30 May 2023 15:42:39 GMT
content-length: 230
apigw-requestid: FvjpggznLPEEMMA=
content-type: application/json; charset=utf-8

OPTIONS
H2 204 allocate
nas.lon.infinity-tracking.com/ Frame 0
0 40ms
39ms Preflight 13.40.239.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nas.lon.infinity-tracking.com/allocate?pv=3&v=20230524&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F113.0.5672.126+Safari%2F537.36&autoformat=1&igrp=8099&ictvid=883fd5df-ab28-40c5-b285-4ce1d80865b6&href=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&vref=&t=Identify+suspicious+activity%2C+phishing+scams%2C+and+potential+fraud&state=rlt%7E1685461359%7Eland%7E2_95564_direct_b40c957d1bf862c4e17a2327eb4e78b7&c_ecid=MCMID%7C44561187936105858673187640383477529103&c_ivid=a2c330c8-7c86-53e1-9ef6-f6cb84873896&nums=18776833280%2C%2B18776833280
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.40.239.91 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-40-239-91.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: Fvjpgi3qrPEEN6Q=
date: Tue, 30 May 2023 15:42:39 GMT

OPTIONS
H2 200 web
rum.api.intuit.com/v1/rum/ Frame 0
0 202ms
202ms Preflight 52.10.241.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.api.intuit.com/v1/rum/web

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.241.57 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-241-57.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-encoding,content-type
Access-Control-Request-Method: POST
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: date,content-length,x-b3-parentspanid,expires,x-opentelemetry-outgoing-request,vary,origin,content-encoding,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,upgrade-insecure-requests,content-type,connection,if-match,cache-control,intuit_tid,intuit-sessionid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:39 GMT
intuit_tid: 1-6476196f-3f7c0f7b6aa7faad0bccfd21
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 0

POST
H2 202 web Show response
rum.api.intuit.com/v1/rum/ 2 B
793 B 208ms
207ms Fetch
application/json 52.10.241.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.api.intuit.com/v1/rum/web

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-exporter.f038b89c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.241.57 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-241-57.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Content-Encoding: gzip
Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
authorization: Intuit_APIKey intuit_apikey=prdakyrestfgxpgDr7rPV3NgoTMkxfTVx4N9PrHP, intuit_apkey_version=1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 May 2023 15:42:40 GMT
x-spanid: ddc05a94-198b-4386-9a85-7cce840c68c4
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
server: envoy
intuit_tid: 1-64761970-077130ec3e7a89f07210b6a1
x-amzn-trace-id: Root=1-64761970-077130ec3e7a89f07210b6a1
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: date,content-length,x-b3-parentspanid,expires,x-opentelemetry-outgoing-request,vary,origin,content-encoding,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,upgrade-insecure-requests,content-type,connection,if-match,cache-control,intuit_tid,intuit-sessionid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
content-length: 26

OPTIONS
H2 200 web
rum.api.intuit.com/v1/rum/ Frame 0
0 202ms
202ms Preflight 52.10.241.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.api.intuit.com/v1/rum/web

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.241.57 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-241-57.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-encoding,content-type
Access-Control-Request-Method: POST
Origin: https://quickbooks.intuit.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: date,content-length,x-b3-parentspanid,expires,x-opentelemetry-outgoing-request,vary,origin,content-encoding,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,upgrade-insecure-requests,content-type,connection,if-match,cache-control,intuit_tid,intuit-sessionid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-methods: DELETE,POST,GET,OPTIONS,PUT
access-control-allow-origin: https://quickbooks.intuit.com
access-control-max-age: 900
content-length: 0
date: Tue, 30 May 2023 15:42:39 GMT
intuit_tid: 1-6476196f-6c4b77b22175424212b296d9
server: envoy
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 0

POST
H2 202 web Show response
rum.api.intuit.com/v1/rum/ 2 B
794 B 404ms
404ms Fetch
application/json 52.10.241.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.api.intuit.com/v1/rum/web

Requested by

Host: uxfabric.intuitcdn.net
URL: https://uxfabric.intuitcdn.net/web-app/sh-exp-sbg-app-experience/vendors~o11y-rum-web-exporter.f038b89c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.241.57 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-241-57.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Content-Encoding: gzip
Referer: https://quickbooks.intuit.com/
accept-language: de-DE,de;q=0.9
authorization: Intuit_APIKey intuit_apikey=prdakyrestfgxpgDr7rPV3NgoTMkxfTVx4N9PrHP, intuit_apkey_version=1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 May 2023 15:42:40 GMT
x-spanid: 49f61280-3a64-4b02-bf05-6a8dcecb8f5a
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
server: envoy
intuit_tid: 1-64761970-524322fe4d51e6fb41814ba7
x-amzn-trace-id: Root=1-64761970-524322fe4d51e6fb41814ba7
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://quickbooks.intuit.com
access-control-expose-headers: date,content-length,x-b3-parentspanid,expires,x-opentelemetry-outgoing-request,vary,origin,content-encoding,x-b3-sampled,authorization,keep-alive,tracestate,content-disposition,content-transfer-encoding,if-unmodified-since,content-md5,fragment-location,upgrade-insecure-requests,content-type,connection,if-match,cache-control,intuit_tid,intuit-sessionid,pragma,accept,x-b3-traceid,x-b3-spanid,traceparent,x-requested-with,content-location,content-range,x-csrf-token,etag,intuit_originalurl
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 26

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

51 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud	1969-12-31 23:59:59	Name: ivid_synced Value: true
quickbooks.intuit.com/	1970-01-20 21:47:01	Name: hosted-shell Value: %7B%22clientId%22%3A%22b547bfa8-aebc-4299-9365-f4a73b02c98e%22%7D
.intuit.com/	1969-12-31 23:59:59	Name: akid Value: gip104.102.35.78_gsip2.16.240.161_clip84.19.175.184_rclip84.19.175.184
.intuit.com/	1969-12-31 23:59:59	Name: AKES_GEO Value: DE~HE
digitalasset.intuit.com/	1970-01-20 12:11:02	Name: AWSELB Value: A9793527026B1D7C8E25D4FD7025E7B5A03873434496192D7CE20564A1BFC378AB5E2F79072CB6F8398A901BFA7EBD57972D43FA45469EC1F4569A044CFEFFA4345AB1A81A
digitalasset.intuit.com/	1970-01-20 12:11:02	Name: AWSELBCORS Value: A9793527026B1D7C8E25D4FD7025E7B5A03873434496192D7CE20564A1BFC378AB5E2F79072CB6F8398A901BFA7EBD57972D43FA45469EC1F4569A044CFEFFA4345AB1A81A
.intuit.com/	1970-01-20 21:47:01	Name: provisional_ivid Value: cf8bddab-21c5-48c5-a1a1-dbb04f63b21d
.intuit.com/	1970-01-20 20:56:37	Name: utag_main Value: v_id:01886d53499e00034532ba83ce9803074008906c00b08$_sn:1$_se:1$_ss:1$_st:1685463154911$ses_id:1685461354911%3Bexp-session$_pn:1%3Bexp-session
.intuit.com/	1970-01-20 12:11:02	Name: websdk_swiper_flags Value: first_sc_hit%2Cwait_for_sc
.intuit.com/	1970-01-20 21:47:01	Name: ivid_b Value: 229e8cef-a9df-42ac-a3bd-880db2b7d5d4
.intuit.com/	1970-01-20 12:11:04	Name: AKA_A2 Value: A
.demdex.net/	1970-01-20 16:30:13	Name: demdex Value: 44388711281899140783202516324105885402
.intuit.com/	1969-12-31 23:59:59	Name: AMCVS_969430F0543F253D0A4C98C6%40AdobeOrg Value: 1
.intuit.com/	1970-01-20 21:47:01	Name: s_ecid Value: MCMID%7C44561187936105858673187640383477529103
.intuit.com/	1970-01-20 21:47:01	Name: AMCV_969430F0543F253D0A4C98C6%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19508%7CMCMID%7C44561187936105858673187640383477529103%7CMCAAMLH-1686066155%7C6%7CMCAAMB-1686066155%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1685468555s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.4.0
.accounts.intuit.com/	1970-01-20 12:21:06	Name: RT Value: "z=1&dm=accounts.intuit.com&si=7c712a89-4c20-4fee-9e47-7bf009212975&ss=liag68tn&sl=1&tt=7l&bcn=%2F%2F02179915.akstat.io%2F&ld=nb"
.w55c.net/	1970-01-20 21:42:42	Name: wfivefivec Value: wFSipc031Q41uz5
.w55c.net/	1970-01-20 12:54:13	Name: matchdmx Value: 5
.dpm.demdex.net/	1970-01-20 16:30:13	Name: dpm Value: 44388711281899140783202516324105885402
.doubleclick.net/	1970-01-20 21:32:37	Name: IDE Value: AHWqTUnZVY2lvPsOcegY-fThtgVXmWy5HLw2BPIi-F5Bgqe4Gc84cRteWFLsAmMlsro
.intuit.com/	1969-12-31 23:59:59	Name: pageProperties Value: $quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US$$quickbooks.intuit.com$sbseg\|care\|mktg_site\|\|$
.intuit.com/	1970-01-20 20:56:37	Name: ajs_anonymous_id Value: %22a2c330c8-7c86-53e1-9ef6-f6cb84873896%22
.bing.com/	1970-01-20 21:32:37	Name: MUID Value: 2E6E5C7DCB1F60CE0CFC4F5CCAB361ED
.c.bing.com/	1970-01-20 12:21:06	Name: MR Value: 0
.demdex.net/	1970-01-20 16:30:13	Name: dextp Value: 359-1-1685461355807\|477-1-1685461355908\|601-1-1685461356009\|771-1-1685461356110\|903-1-1685461356210\|1957-1-1685461356311\|30646-1-1685461356412\|57282-1-1685461356512
.yahoo.com/	1970-01-20 20:56:58	Name: A3 Value: d=AQABBGwZdmQCELzLOyO_LxNKetASidURDdwFEv__AP8AAAAAAOAPyiMAAAAAgA&S=AQAAAkT0uDqrBi6krkNA0Bh0HRg
.intuit.com/	1970-01-20 21:47:01	Name: ivid Value: a2c330c8-7c86-53e1-9ef6-f6cb84873896
.intuit.com/	1970-01-20 14:20:37	Name: qbn.qbo_sctimer Value: 1693237357928
.intuit.com/	1970-01-20 14:20:37	Name: qbn.qbo_sc Value: cid:\|sc:\|ext:QOE-COM\|int:quickbooks.intuit.com\|
.intuit.com/	1970-01-20 14:19:10	Name: qbse.cid Value: cid%3A%7Csc%3A%7Cext%3AQOE-COM%7Cint%3Aquickbooks.intuit.com%7C
.intuit.com/	1970-01-20 14:19:10	Name: qbse.cid_timer Value: 1693237357
.intuit.com/	1970-01-20 21:42:42	Name: ccpa Value: 1\|1
.intuit.com/	1970-01-20 21:42:42	Name: cpra Value: 1\|1
.intuit.com/	1970-01-20 20:58:03	Name: CONSENTMGR Value: c1:1%7Cc2:1%7Cc3:1%7Cc4:1%7Cc5:1%7Cc6:1%7Cc7:1%7Cc8:1%7Cc9:1%7Cc10:1%7Cc11:1%7Cc12:1%7Cc13:1%7Cc14:1%7Cc15:1%7Cts:1685461357937%7Cconsent:true
.intuit.com/	1970-01-20 14:20:37	Name: _rdt_uuid Value: 1685461358077.e72e97a2-3854-4a49-9aa2-6974d4eed394
.intuit.com/	1970-01-20 14:20:37	Name: _gcl_au Value: 1.1.1103484001.1685461358
.intuit.com/	1970-01-20 21:47:01	Name: nmstat Value: 82243ca2-8207-1959-facc-24f338eb1179
.intuit.com/	1970-01-20 12:11:03	Name: gpv_pn Value: %7C%7Cquickbooks.intuit.com%7Clearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2Fl2nzzqnzu_us_en_us%2Findex
.intuit.com/	1970-01-20 14:20:37	Name: _fbp Value: fb.1.1685461358269.684440049
.intuit.com/	1970-01-20 21:47:01	Name: _ga_DNDL793VKR Value: GS1.1.1685461358.1.1.1685461358.60.0.0
.intuit.com/	1970-01-20 14:20:37	Name: ps_mode Value: trackingV1
.intuit.com/	1970-01-20 21:47:01	Name: s_fid Value: 7DD1ECCDF45F1951-3BCA298AE8A2FC7A
.intuit.com/	1969-12-31 23:59:59	Name: s_cc Value: true
2796.global.siteimproveanalytics.io/	1970-01-20 12:21:06	Name: AWSALBCORS Value: sqmsECL+IfRyJImvrrS6TgyOkOVIfyicDkhwFmjHvM+wSWHM9s888Cq7OilV8SVpo8SmKk3k07IUh1n9+XOUdp1Z7Anj4M+7EwEYapqVYAAUspFWK+ssJqt/oDOB
.intuit.com/	1970-01-20 21:47:01	Name: s_vi Value: [CS]v1\|323B0CB71D912DBF-40001A2DA2477A5C[CE]
.intuit.com/	1970-01-20 21:47:01	Name: _ga Value: GA1.2.1601324429.1685461358
.intuit.com/	1970-01-20 12:12:27	Name: _gid Value: GA1.2.997928131.1685461358
.intuit.com/	1970-01-20 12:11:01	Name: _gat_gtag_UA_202392873_2 Value: 1
.intuit.com/	1970-01-20 12:11:01	Name: _gat_gtag_UA_97500898_2 Value: 1
.quickbooks.intuit.com/	1970-01-20 20:56:37	Name: _pin_unauth Value: dWlkPU5HWTJaV1UwTVRjdE9XUTBZUzAwWlRJekxUaGtNREl0TURGaU1tSTJNekE1TkRSaA
.ct.pinterest.com/	1970-01-20 20:56:37	Name: _pinterest_ct_ua Value: "TWc9PSZSODhaajlIbjFCS09vTGM3WUkrendZMnRxdG93RlY4MW5xTTZqMkkyZVhudXltWUxkcGg4OFl2SDVwTXl2cXBIY2NMT3RVeW9aemllU2wxb3VaZjNpYWJoUUlTQ2ROUDlPQ0hRRUtrUUkwND0mMjJ5WlIzc1hxNmFwaEJZMi8zdXU5SkpLdWpzPQ=="

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.intuit.com/access_client/verify_ticket Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=44388711281899140783202516324105885402 Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://tags.tiqcdn.com/utag/intuit/sbseg-us/prod/utag.js(Line 68) Message: [Report Only] Refused to load the script 'https://siteimproveanalytics.com/js/siteanalyze_2796.js' because it violates the following Content Security Policy directive: "script-src 'self' https://tags.srv.stackadapt.com/ https://.outbrain.com/ https://z.moatads.com/ https://js.hsleadflows.net/ https://tags.tiqcdn.com/ https://.lpsnmedia.net/ https://s.yimg.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://d.turn.com/ https://cdn.m-t.io/ https://intuit.tt.omtrdc.net/ https://platform.twitter.com/ https://cdn.permutive.com/ https://.google.com/ https://bat.bing.com/ https://aa.agkn.com/ https://s2.intuitstatic.com/ https://s.go-mpulse.net/ https://static.quickbooks.com/ https://.doubleclick.net/ https://.hs-scripts.com/ https://secure.adnxs.com/ https://js.chilipiper.com/ https://unpkg.com/ https://img03.en25.com/ https://static.chartbeat.com/ https://js.hsforms.net/ https://js.hs-banner.com/ https://slxzb.csb.app/ https://script.infinity-tracking.com/ 'unsafe-eval' https://pxl.jivox.com/ https://cdnjs.cloudflare.com/ 'unsafe-inline' https://.d41.co/ https://static.ads-twitter.com/ https://www.instagram.com/ https://www.dwin1.com/ https://.liveperson.net/ https://maxcdn.bootstrapcdn.com/ https://.addthis.com/ https://code.jquery.com/ https://.qualtrics.com/ https://js.hscollectedforms.net/ https://.tvsquared.com/ https://js.adsrvr.org/ https://s.pinimg.com/ https://.taboola.com/ https://pagead2.googlesyndication.com/ https://pixel.mathtag.com/ https://analytics.tiktok.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://.adform.net/ https://cdn-akamai.mookie1.com/ https://js.partnerstack.com/ https://cdn.appdynamics.com/ https://.google-analytics.com/ https://.serving-sys.com/ https://.leadsmonitor.io/ https://.intuitcdn.net/ https://js.hsadspixel.net/ https://.liveperson.com/ https://.googleapis.com/ https://www.redditstatic.com/ https://js.hs-analytics.net/ https://id.rlcdn.com/ https://go.affec.tv/ https://static-ssl.responsetap.com/ https://*.intuit.com/ https://www.clarity.ms/ https://www.linkedin.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://quickbooks.intuit.com/learn-support/en-us/help-article/fraud/identify-suspicious-activity-phishing-scams-fraud/L2NzZQnZu_US_en_US Message: [Report Only] Refused to load the image 'https://2796.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fquickbooks.intuit.com%2Flearn-support%2Fen-us%2Fhelp-article%2Ffraud%2Fidentify-suspicious-activity-phishing-scams-fraud%2FL2NzZQnZu_US_en_US&title=Identify%20suspicious%20activity%2C%20phishing%20scams%2C%20and%20potential%20fraud&res=1600x1200&accountid=2796&rt=5261&prev=82243ca2-8207-1959-facc-24f338eb1179&luid=7cf7fd45-3986-a9e8-9f57-46da278841cb&rnd=41423' because it violates the following Content Security Policy directive: "img-src https://tr.outbrain.com/ 'self' https://idsync.segment.com/ http://ad.doubleclick.net/ https://pt.ispot.tv/ https://.bing.com/ https://cdn.tsheets.com/ https://.adsrvr.org/ https://.w55c.net/ https://alb.reddit.com/ https://www.google.ie/ https://www.googleadservices.com/ https://s0.2mdn.net/ https://sp.analytics.yahoo.com/ https://www.google.com.sg/ https://.google.de/ https://.amazon-adsystem.com/ https://intuitcorp.quickbase.com/ https://.adnxs.com/ https://www.google.com.ua/ https://.google.com/ https://privacy-policy.truste.com/ https://s2.intuitstatic.com/ https://ping.chartbeat.net/ https://.twitter.com/ https://.doubleclick.net/ https://www.facebook.com/ https://sjs.bizographics.com/ https://www.google.co.nz/ https://uip.semasio.net/ https://.google.com.au/ http://.intuit.com/ https://.krxd.net/ https://track.hubspot.com/ https://ct.pinterest.com/ https://cdn.jsdelivr.net/ https://c.clarity.ms/ https://selfemployeduk.uservoice.com/ https://www.google.co.id/ https://.google.fr/ https://adservice.google.com.af/ https://.qualtrics.com/ https://.tvsquared.com/ https://p.adsymptotic.com/ https://.gstatic.com/ https://pixel.mathtag.com/ https://.google.co.uk/ https://www.googletagmanager.com/ https://.online-metrix.net/ https://forms.hsforms.com/ https://google.com/ https://.affec.tv/ https://.google.ca/ https://www.google.com.br/ https://.google-analytics.com/ https://.linkedin.com/ https://intuitb2b--c.na42.content.force.com/ https://lh3.googleusercontent.com/ https://.google.co.jp/ https://.leadsmonitor.io/ https://.intuitcdn.net/ https://trk.clinch.co/ https://img.youtube.com/ https://www.google.nl/ https://s113755760.t.eloqua.com/ https://.ytimg.com/ https://t.co/ https://www.everestjs.net/ https://codahosted.io/ https://www.google.co.kr/ https://*.intuit.com/ data: https://www.google.co.in/".
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N5506.nso.codesrv/B21324452.223563153;sz=1x2;ord=815987329;tfua=? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N5506.nso.codesrv/B21324452.223563153;sz=1x2;ord=815987329;tfua=?(Line 145) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' *.intuit.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179915.akstat.io
2796.global.siteimproveanalytics.io
accounts.intuit.com
ad.doubleclick.net
adservice.google.com
alb.reddit.com
assets.intuitcdn.net
c.bing.com
c.go-mpulse.net
cdn-0.d41.co
cdn.websdk.intuit.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
csp.intuit.com
ct.pinterest.com
digitalasset.intuit.com
dp2.33across.com
dpm.demdex.net
ds.reson8.com
eventbus.intuit.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
grsm.io
ict.infinity-tracking.net
idsync.rlcdn.com
idsync.segment.com
intuitvisitorid.api.intuit.com
js.partnerstack.com
marketdataservice.api.intuit.com
match.adsrvr.org
nas.lon.infinity-tracking.com
pagead2.googlesyndication.com
partnerlinks.io
plugin.intuitcdn.net
pm.w55c.net
privacy-policy.truste.com
quickbooks.intuit.com
region1.analytics.google.com
rum.api.intuit.com
s.go-mpulse.net
s.pinimg.com
sci.intuit.com
script.infinity-tracking.com
segment.intuitcdn.net
shtaxonomyservice.api.intuit.com
siteimproveanalytics.com
stats.g.doubleclick.net
tags.tiqcdn.com
trinity.platform.intuit.com
turbotax.demdex.net
uxfabric.intuitcdn.net
vi4820.d41.co
vid1005.d41.co
web.lon.infinity-tracking.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.redditstatic.com
xds-writesvc.api.intuit.com
104.102.35.78
104.102.57.56
104.18.9.110
104.86.62.242
109.169.42.14
13.249.9.24
13.40.239.91
142.250.186.134
142.250.186.162
142.250.186.98
143.204.98.126
151.101.0.84
151.101.129.140
2001:4860:4802:32::178
2001:4860:4802:34::36
212.82.100.182
23.215.20.35
2600:1480:4000:41::
2600:9000:2156:7e00:9:618e:3dc0:93a1
2600:9000:223e:ca00:7:2bfb:7c00:93a1
2606:4700::6812:1e85
2606:4700::6812:6da
2606:4700::6812:ad4
2606:4700:e2::ac40:8e22
2620:1ec:c11::200
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9b
2a02:26f0:480:980::11a6
2a02:26f0:6c00:1bb::11a6
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42::396
3.77.191.72
3.9.75.2
34.211.82.75
34.218.113.203
35.159.47.190
35.166.154.88
35.166.227.37
35.244.174.68
35.80.101.197
44.229.178.231
44.235.153.176
52.10.241.57
52.19.14.35
52.222.214.53
52.222.214.86
52.223.40.198
52.37.128.179
54.171.19.100
54.173.184.55
54.81.54.200
63.140.62.160
67.202.105.22
99.86.4.95
00d0a8cb156fcd17a7349a307f4e4b22de094d694c3dbfef2b70246cc262f359
03a284557d1548a22b476dbea28fca45f06d3113443d06926c152e8504ac4a6d
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0aaacbf9f7f742cc45e5d60c933522227f5bcce2f56c9bbb6fd2ea6ca76fa00c
0f71d7acc91e770d2a7d6ae5f4c9a22f5993bfbe1384a917b47f9b95cfa2cde1
11de1fb6ecc5aa2391fb155b0c72c200025cc187a96c509000667c9e67a0c98c
12a67f4742e3e88b0c210c666fdd45d84865656e72f3ed88f7c37eed632c833b
14f4bdbc940a57e0480b75e2d2eb600b32d7129caef0f08dd3485245969f5615
159ec23a6b35726aca57348e6615a6db4fa63c8bb12490cca4d260c8e05f9434
1c68299e6eee48e1062d03f5575fad138d00a6be46983a34ffb3e17fda7f03d0
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1fbb596bff8419f863750a282dd464be1f7687894bd73de77a191ccbc4a58e5a
229d06c87f95d9e72f4bc946c8a1f6b80494412baccbe080d56c9e6863c86e7e
24389989ff5914dc504fb0daebd578c08c6e29ce8a32d36336dd2cf2cc349f25
27e68ead658f69f0db6964741b16b14f87eef1167a1ec787ced314599bd8ad2e
2eb8d4c567e7f2da2e40f197f6fc3ce173e316a88e8c2b2f82cffe10bcd7ae9d
30dd2f3fab6f0cd23c485ce0ca3f35f0cf8a603a27c562d7b8339103f0f0fec6
342e0ef411af161cc493329f810e087030357b17b22ac678c8da93b761b13634
36530676d58361e36336ee12467ce05a9a1558d5e2c734d78572164bc2db6cd1
366650bf66f8b1a3f31275e0a093fd3182a4fadcebfe4301c8ba8e8f63369160
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
38eb9e1264b615b11424780f91ac8235d05b9c6bc9b61e6c69cb47efa87c8e0a
3b54182c934fe57fda25ddf18c88c3bf485113ae595f32f246aa408715873583
3fab37b9edf16aba2a952ac0adbac1502757aba04f660b5409f3c9d350994041
40809eecdeb0734d74f9782b97d7beadeb8d4bd3735f597129382904af940b0a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183
55d97500d57e27a4897061b7b5dee43bcf49cb196b9fb87819b6cee5c03b18c7
5a66b400ed3590731f8335b4bd05758241ff8a9641da75a262e7112ffe0aff57
6040cfdf94430d86bef87e21bb75e29a28fc8674856405de50c7efff73537414
65d0378994e6d73d1aede01c4893a2b65099a218480bbc7f302a2b885777b621
66acef47eadd99279c6fd3b0d728efd3bb0c5d7f2474f4a47d1b4c644e1ab74b
677ad6e2848e0b6b1d7117e1d85577e77435749cfa5b3ed42d43694642bebf61
6b59034d520321abc96ed69ffbe45f00feade7c66ac3bcf99e3ba51059f2a2a2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b9b507dd8567e00c25c8f0132acbdee06d025f09132a573825386868428bb1c
7451ebe0d08190016051768486eeaf9d724a0cd0cddd08456674adb2781584bf
778b1db9f1b9c649a30f0c7c0adfb691d0c79c0303b829b156e58523ad64b298
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c4f7c36c97783a2d20b3470f102abfcf667604845ae36fe284d85b27c2d84ad
7e86f52cb0d423805ec541a4bccae5156a01fbe36355e6d798a450593212651f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
91532ffa1ca29ab0b7bd1ce2f4f9a6f881f4303972d76c30e8b3ac561746fa03
958d32d6b9ff95986e7ecb449bfa3823e48b182c97540015490097a8e70573e7
97096df74a185aeb6d607527b690c776ed118b450540931869e200d20ac0a928
974c1874fe9a6562e4598b202268ba80d8421b6f29ff311a2e1fe54a71649901
98383574e542e9c11a1718559faab43e9f8f2aade6729699569acfa993253ce3
99fe8eef8e59b83d4c9047c6cc1b4dd1de6fff4b8fa15d8bb56fcdb65d6365e0
9c9df3971d5391ce3a91e143b52f1d17413c32cf3fb789a9a922b007f32d3ce8
9e587b3c98c477e23f48028fb501ff786599c0c8854e88136a2979ec41278f8a
9e9343706cc7e492d6779b1469a035608c94441a499062920a677eb88e2bd55d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a47997e5797ad2207ae265f9b0ac45c9cbd71dbdf17195722298c53262f84796
a496f0a5fc51aac0cac43be7e4c6a81425194480f138a7a97e895071fd628260
a50310fbb041fef2406c3e559ae5702fd5675ad7d2bcec902748c1dabafcf0ac
a5bce2739e899ed05b23d6a4ce72228258fee2a068813667628175c97bb31076
a603139b3b85a956beb096a23eb80bad0a19c119df91b618122779fe16bbff91
a62387c9826311dd23b686c73af32a3922cbbb087222698947a74301414b87ba
a6d850ae2a9cf69a96272b75ba70a768f13110a9cc4190abb754c0d1a7920206
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
ac2fbf6c1022534cbaf5e125b4bdc66084f7a0e7b07a67f63d48903cd4584d0c
ac45edf6779ebcb73942e167d410da44ec96277e903119a193e46ef76693b245
b02ba5f322701b8d9c590f48d4dd5cb38f1f70d04284f7e10856a02fae83d887
b0e85a08c5dd19e9cf3cc98c8ace50ea5661575b2f33e4d499d61ad9eef66265
b406c35a6d317b896aef159ce69f94480e3e690a9e5f2bfab4fb8311b767a9b0
bd60665a06ff740d72bcf3a63e7ed95cad6dc8dbf8f73d89726c2d1b50f87062
bf1f19dc9293aa6b78ea028a77fa8b75c749be51ac4254b418780acdfcf5a194
c047fa48c9ac1424589812948981d079b137a72216d64f804f2801cc370fd1f2
c0623ab11e6ca783586b42e6be75b908b42122233600c83835f4f3e7c81cef0a
c1d26316e237f90f9e7ad6f2f1808a8b1b33023fcefcc01767adcc5eec445bd2
c5100cd90a95aa459fe237adc409043e20f8fd06caa5cd3b74d66f79387ae0fb
c528269f0f2708b736ff1489f1a3983ee8c8c0c8fbb01e66404c0c203dbca874
c882ebcc81f6c93bfb6a6932e7af0701aadf81e588f4dfe1675552e6e468b1e6
cc9e55a81bf7130eed299e8229a8ccb93684019d08156cbc8bfc6148a65c7941
cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a
d421d73481c3b653dea21f6b1603412c2c1918133f556b47cecdd19cbdcec2b5
d42538957486733362259fc4c1c1dbd13df052bfb97099e1d5aa19ab66bee9a6
db6752f0312bb2140eedfffa1fd51f1580684a3ef8f5e62177ee1d9399ee996d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1aa817849e89126f529a1878d7c87471a0d9c0a0c0d4596119c6eec869c535f
e2371c9aa4598d541ebdcf10313be25f4103a81754fcae451600526cea3253d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e88f1bd27a55f60a32c065c780e0c6d5cd1ef1f87e5271e6c471592bb8d72743
ec8f5ce73334c295d13af52206999a12142041c133daf40d7d86449a45281249
ed831f8aa7cdc8ff850d52a1bfe5befb9ce31ab3ced20d9768b8d4a2c272c07a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3c5c2547a262ab22db063213a0eedc0e434531c165a0b54ba668b2439afe8ae
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
fa2cc44c86571e36d7b81c829500e7c6e3376292b31bf21bd93d0affcf0f1491
fa5a49696c4191bde69f8d31212c99d7c4b1ffac315d7ae688c1f860886bb446
fafd82d9bf70595be54ba2563d65771ad4f5e46fb63f296e7c180e1e1127a676
fca3358b758673efef61591111dce4efe9060ba478b736b3ce7008aeecdf4c9c

quickbooks.intuit.com Open in urlscan Pro 104.102.35.78 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

139 Requests

94 %HTTPS

37 %IPv6

35 Domains

62 Subdomains

57 IPs

6 Countries

2325 kBTransfer

7942 kBSize

51 Cookies

24 Outgoing links

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

quickbooks.intuit.com Open in urlscan Pro
104.102.35.78 Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

94 %
HTTPS

37 %
IPv6

35
Domains

62
Subdomains

57
IPs

6
Countries

2325 kB
Transfer

7942 kB
Size

51
Cookies

139 HTTP transactions
4 data transactions