firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 06:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bvRSSlQ1XM5tfwVbuAJhI8-tNFe_cbYtehPud2cVtUBPsklBeW18qg==
Age: 3359
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3952
Expires: Tue, 04 Oct 2022 08:48:55 GMT
Date: Tue, 04 Oct 2022 07:43:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nNEnkdw4j7ku0Y2HSHjVNKw4Wk-u3ODr4g0wZrmT_Sd8O1IPiFI9sQ==
age: 8076
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 07:43:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
143.204.55.78301 Moved Permanently 167 B URL HTTP/1.1 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP 143.204.55.78:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 04 Oct 2022 07:43:04 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
X-Cache: Redirect from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wPfVj8vEQPO8-93SyeHOqjP1VEuBtkl7rAuuMetxHsU-0BslG7ADcA==
scripts.iconnode.com/100980.js
54.230.111.124301 Moved Permanently 167 B URL HTTP/1.1 scripts.iconnode.com/100980.js
IP 54.230.111.124:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /100980.js HTTP/1.1
Host: scripts.iconnode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 04 Oct 2022 07:43:04 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://scripts.iconnode.com/100980.js
X-Cache: Redirect from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: R3dRBGvqwmmsv3F3ST_qumJ0cNcRUeNRgjlff0n0-Nu_R8iMxs55Bw==
www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
50.87.170.174200 OK 26 kB URL HTTP/1.1 www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4002), with CRLF, LF line terminators
Hash f19f018a48643933cdf2da5ee8f3ff6c
c56d0f685ad73be530e5d7fc42702de8009812d3
65bbbd84902a7e5ac2ced063878b76889352c0f2fa0c2558a3683416b8dd9965
GET /how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:03 GMT
Server: Apache
Link: <https://www.usbfund.com/wp-json/>; rel="https://api.w.org/", <https://www.usbfund.com/wp-json/wp/v2/posts/4289>; rel="alternate"; type="application/json", <https://www.usbfund.com/?p=4289>; rel=shortlink
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
code.jquery.com/jquery-migrate-1.2.1.js
69.16.175.10200 OK 5.8 kB URL HTTP/2 code.jquery.com/jquery-migrate-1.2.1.js
IP 69.16.175.10:0
Hash ab50f392b13415af57f9720f4d24e981
8bee0d6d15bc0bf62197f6a33493df7494bf42c2
3c7ae468bcd5eefaf92cfac278a5a998f871e0aaa190f87b0f56fd79f93d00b7
GET /jquery-migrate-1.2.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:04 GMT
content-encoding: gzip
content-length: 5783
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-40ed"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664869384.dop017.sk1.t,1664869384.cds261.sk1.hn,1664869384.cds216.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.hsforms.net/forms/v2.js
104.17.184.73301 Moved Permanently 0 B URL HTTP/1.1 js.hsforms.net/forms/v2.js
IP 104.17.184.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forms/v2.js HTTP/1.1
Host: js.hsforms.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 07:43:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 04 Oct 2022 08:43:04 GMT
Location: https://js.hsforms.net/forms/v2.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdcHxEv%2BwsLgRZB9MHqdvnjSUe4aN%2BSIJREF7vkEdj%2B9Z4eEJKn5Bhyr03zKGFceogb2Y42%2Fp4xNu1pXgAJT5ww8mvwuPQgt4%2FuRVic17N4Kb5uWJLNbP%2FTshItJDt31"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754c48d3bce1b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
143.204.55.78200 OK 6.1 kB URL HTTP/2 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP 143.204.55.78:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Hash 5add60196e5f96a414fb4b9586764e5d
633f471b3c2fcedeef9cad90cb5bf56f5fe55588
5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 04 Oct 2022 05:35:19 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CLc2BD84xm2_PywlaBO147xVHyLxd9GfUdAjIXm_60ohnEY0LNgKgg==
age: 7666
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-210860007-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-210860007-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash d63819ecd632fa23aa9aba3123f3ce4e
41c3b0cf0f76858a163e489a543a23eefa41ef2c
6333a33ad8d124fc87210edc353e4f6155d11db134732948caba42cb544253bb
GET /gtag/js?id=UA-210860007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:04 GMT
expires: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42364
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-NW5DZCL
142.250.74.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NW5DZCL
IP 142.250.74.168:0
File type ASCII text, with very long lines (7865)
Hash 79ac55ed8a401a0aeb9a96a8ef112fff
02ad5a8fe7a2deadb0a7404b26709849fec0726f
6db1025ec754771c8b82a1b262cd0bd9bd258283e09a91aa2ac59e8990e647c9
GET /gtm.js?id=GTM-NW5DZCL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:04 GMT
expires: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 53750
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d.impactradius-event.com/A870624-b043-4b58-adb6-a8c4d22ccc5b1.js
35.186.249.72200 OK 13 kB URL HTTP/1.1 d.impactradius-event.com/A870624-b043-4b58-adb6-a8c4d22ccc5b1.js
IP 35.186.249.72:0
File type C source, ASCII text, with very long lines (40914), with no line terminators
Hash 833e9c2431f16a9e4e590d8c18a01169
d932b0dc73f5dbe2f30c5991fbc95d598a7d6855
ba6dea3209c3bf545ed7db2f134ab8d241599d778988697a345124a4aa8d491a
GET /A870624-b043-4b58-adb6-a8c4d22ccc5b1.js HTTP/1.1
Host: d.impactradius-event.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds0z9QQ3wh-3EOUMis2IIByVomocQKR3YmtCLRL9tqwvKKmWKzIMJZlxllGdISJaU7BD4k_0gzxXdCDhDJDHKtsSdAU2nw8
x-goog-generation: 1581997649126919
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 12876
Content-Encoding: gzip
x-goog-hash: crc32c=PZt+Nw==, md5=gz6cJDHxap5OWQ2MGKARaQ==
x-goog-storage-class: MULTI_REGIONAL
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 12876
Server: UploadServer
Date: Tue, 04 Oct 2022 07:43:04 GMT
Expires: Tue, 04 Oct 2022 07:48:04 GMT
Cache-Control: public,max-age=900,s-maxage=300
Last-Modified: Tue, 18 Feb 2020 03:47:29 GMT
ETag: "833e9c2431f16a9e4e590d8c18a01169"
Content-Type: text/javascript; charset=utf-8
Age: 0
koi-3qnetrwct6.marketingautomation.services/client/ss.js?ver=1.1.1
130.211.21.179200 OK 5.0 kB URL HTTP/1.1 koi-3qnetrwct6.marketingautomation.services/client/ss.js?ver=1.1.1
IP 130.211.21.179:0
File type ASCII text, with very long lines (12232), with no line terminators
Hash 6e78f6bf52bb5e54f8f46ca735f69bff
60930ffcdc3803038d38a1d80349719ee586a6ef
645bf1afba1ef352d3b47b1b312da88171be66a9a4cc8fe463e79767dc11f126
GET /client/ss.js?ver=1.1.1 HTTP/1.1
Host: koi-3qnetrwct6.marketingautomation.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 04 Oct 2022 07:43:04 GMT
Content-Type: application/javascript
Last-Modified: Tue, 27 Sep 2022 14:24:23 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"63330797-2fc8"
Expires: Tue, 11 Oct 2022 07:43:04 GMT
Cache-Control: max-age=604800, public
Content-Encoding: gzip
Via: 1.1 google
assets.anytrack.io/1y0o6qdBqYHr.js
54.230.111.122200 OK 103 B URL HTTP/2 assets.anytrack.io/1y0o6qdBqYHr.js
IP 54.230.111.122:0
File type ASCII text, with no line terminators
Hash 69b5271584dd67a9e6ae79216fe30110
7753fe034a0843770954f6979f6830ff9a82f987
b55a87e172f834369dfb6a2176712509026e5b3de676343ccdc64410245081d9
GET /1y0o6qdBqYHr.js HTTP/1.1
Host: assets.anytrack.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 103
access-control-allow-origin: *
date: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: public, max-age=600
etag: W/"67-d1P+A0oIQ3cJVPaXn2gw/5qC+Yc"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iaZ5FctqeLI2-eVPtLBNbef71146UH0pe8-V5Txslmp1Eg4jucetWw==
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
142.250.74.42200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 22:46:19 GMT
expires: Mon, 02 Oct 2023 22:46:19 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 118605
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 07:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 08:26:00 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: t8QoawXG6wI0N496JyaLjo1gBf3y723ZfV3CKb9e2rLngrH9Pbld5Q==
Age: 811
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.hs-scripts.com/5627136.js
104.17.210.204200 OK 535 B URL HTTP/1.1 js.hs-scripts.com/5627136.js
IP 104.17.210.204:0
File type ASCII text, with very long lines (492)
Hash 094046d63949d1ad4a5d86f551e5c290
afc72bbd240bc66c92bb8c7a38ab9da07d6d59a2
863546f2513c707ccfa0c43a4f27ba3f0e99c8d9101fac842add1408390267b5
GET /5627136.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:04 GMT
Content-Type: application/javascript;charset=utf-8
Content-Length: 535
Connection: keep-alive
X-Trace: 2B462E5447C40EEFB365610AA74B1A522CB2B14453000000000000000000
Cache-Control: public, max-age=60
Vary: origin, Accept-Encoding
X-HubSpot-Correlation-Id: 217a5d29-231d-43c5-bd90-b5db84b21ba6
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: http://www.usbfund.com
Last-Modified: Tue, 04 Oct 2022 05:43:14 GMT
CF-Cache-Status: EXPIRED
Expires: Tue, 04 Oct 2022 07:44:04 GMT
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 754c48d3fd5f1c16-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-YYEX7W0G95&l=dataLayer&cx=c
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-YYEX7W0G95&l=dataLayer&cx=c
IP 142.250.74.168:0
File type ASCII text, with very long lines (21348)
Hash fc22f9d03c43d5ac44aa27948367e601
71b55bbaa595fee8a0636e80e418518aca32f6b3
4cbdfdd030f06d995df6dc8440280a6a17d2389287719eaf40747e1b1f9cf50e
GET /gtag/js?id=G-YYEX7W0G95&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:04 GMT
expires: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e615b9d4f376a83ca7c4a9b294e4ae39
6b353334e4bce8628a30fb62f32d8b228fe3d72c
a93e0d9ea7ec5f6a81755153ee1d3d6bebf736ef533b621d3cc899da5f2df39c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A93E0D9EA7EC5F6A81755153EE1D3D6BEBF736EF533B621D3CC899DA5F2DF39C"
Last-Modified: Sun, 02 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14348
Expires: Tue, 04 Oct 2022 11:42:12 GMT
Date: Tue, 04 Oct 2022 07:43:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e615b9d4f376a83ca7c4a9b294e4ae39
6b353334e4bce8628a30fb62f32d8b228fe3d72c
a93e0d9ea7ec5f6a81755153ee1d3d6bebf736ef533b621d3cc899da5f2df39c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A93E0D9EA7EC5F6A81755153EE1D3D6BEBF736EF533B621D3CC899DA5F2DF39C"
Last-Modified: Sun, 02 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14348
Expires: Tue, 04 Oct 2022 11:42:12 GMT
Date: Tue, 04 Oct 2022 07:43:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e615b9d4f376a83ca7c4a9b294e4ae39
6b353334e4bce8628a30fb62f32d8b228fe3d72c
a93e0d9ea7ec5f6a81755153ee1d3d6bebf736ef533b621d3cc899da5f2df39c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A93E0D9EA7EC5F6A81755153EE1D3D6BEBF736EF533B621D3CC899DA5F2DF39C"
Last-Modified: Sun, 02 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14348
Expires: Tue, 04 Oct 2022 11:42:12 GMT
Date: Tue, 04 Oct 2022 07:43:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e615b9d4f376a83ca7c4a9b294e4ae39
6b353334e4bce8628a30fb62f32d8b228fe3d72c
a93e0d9ea7ec5f6a81755153ee1d3d6bebf736ef533b621d3cc899da5f2df39c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A93E0D9EA7EC5F6A81755153EE1D3D6BEBF736EF533B621D3CC899DA5F2DF39C"
Last-Modified: Sun, 02 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14348
Expires: Tue, 04 Oct 2022 11:42:12 GMT
Date: Tue, 04 Oct 2022 07:43:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2604
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:04 GMT
Last-Modified: Tue, 04 Oct 2022 06:59:40 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 50734dd4c3b1c3ad87ad2a2a818b2bdb
63d95afee5ca4db2580c6a82c61e378d97f1afb5
9ff8edf9c547261fda8b79f96dc57478df6fbeb1bbfd9a4a6c1ace61c9935375
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 08 Oct 2022 06:20:14 GMT
ETag: "63d95afee5ca4db2580c6a82c61e378d97f1afb5"
Last-Modified: Tue, 04 Oct 2022 06:20:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754c48d5efcdb511-OSL
www.usbfund.com/wp-content/themes/usb/css/grid.css
50.87.170.174200 OK 10 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/css/grid.css
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type assembler source, ASCII text, with very long lines (3536), with CRLF line terminators
Hash 8ca3e3908b8e627dd53a2bde9ab330b4
dfc94081f2e0acfbc95cb633810897271692e5db
5a17844298059c3adb2103842f6893bf6a798221afa1c7a3217c610fc4aebeec
GET /wp-content/themes/usb/css/grid.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10146
content-type: text/css
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/accounting.min.js
50.87.170.174200 OK 1.3 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/accounting.min.js
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3019)
Hash 05f645a76aff3fc02e18295a07c54e09
509581a5e2e4760e2163d704d21b2604329b514e
c7834a5ef896adfc8b40eb2a1db07bd867fe84da57ad234bfa487cfbc610a16a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/accounting.min.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1345
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
50.87.170.174200 OK 4.6 kB URL HTTP/2 www.usbfund.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Oct 2021 18:27:21 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4618
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/tracking.min.js?ver=2.1.6.1
50.87.170.174200 OK 1.3 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/tracking.min.js?ver=2.1.6.1
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2972), with no line terminators
Hash da0e82022a32e0c42e125fe915cf9955
1c583a11b9e444a26cfd1443d3dade9c6f9e996a
e205081b6febab912d75f2aa70bc3ae2af58bb7d2b1e44927f17cb7631374ff0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/AffiliateWP-master/assets/js/tracking.min.js?ver=2.1.6.1 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:24:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1315
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/jquery.cookie.min.js?ver=1.4.0
50.87.170.174200 OK 758 B URL HTTP/2 www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/jquery.cookie.min.js?ver=1.4.0
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1667), with no line terminators
Hash 94c6b3b214659c68b42fb0c428cac279
eb3a852e1bcf8a32ac304dc89995ffdeaf623033
8cdab12fffba1162b02761c8e7631003efebf03e3af5ca9072023ffda52353ad
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/AffiliateWP-master/assets/js/jquery.cookie.min.js?ver=1.4.0 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:24:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 758
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/site.js
50.87.170.174200 OK 4.8 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/site.js
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash ba21d11b60199ed26dfb2a2d8352065a
3e78915e922b60ca87f5860c67b99861de96830c
c000c3cc081106de80fb4995e40b363752494290c9090e0980a5b4a4cfc37c49
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/site.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4830
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
sendlane.com/js/eventing.js
104.16.166.6200 OK 2.2 kB URL HTTP/2 sendlane.com/js/eventing.js
IP 104.16.166.6:0
File type ASCII text, with very long lines (1809), with no line terminators
Hash 37e7fff503cbaeaa6bfd5d9d5692a2dc
cce21bb31eb58d2408054ff1d48dc64c4467b51f
71864554395f31017bf4183461512065b16b91b66a146acca1c9b1b1b1496c4e
GET /js/eventing.js HTTP/1.1
Host: sendlane.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:04 GMT
content-type: text/javascript
cache-control: public, max-age=60
cf-bgj: minify
etag: W/"711-5900675a88b6e-gzip"
expires: Tue, 04 Oct 2022 07:44:04 GMT
last-modified: Tue, 13 Aug 2019 21:38:21 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-content-type-options: nosniff
server: cloudflare
cf-ray: 754c48d45d7bb51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iNxDEfFlDtNotDrBI27edw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XSqyI/y/vl46uLhL2kw452YNCCw=
scripts.iconnode.com/100980.js
54.230.111.124200 OK 7.7 kB URL HTTP/2 scripts.iconnode.com/100980.js
IP 54.230.111.124:0
File type Unicode text, UTF-8 text, with very long lines (46582), with no line terminators
Hash 05a6d57113e7870d8851ed0faf8ca12f
315c52641f469ec7e571648d5333982579cb6da3
0f4d04e15b0a5cb9f2e59f3cc9a7b36d522db0e7712454d1f962e77723348eb3
GET /100980.js HTTP/1.1
Host: scripts.iconnode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 7683
last-modified: Mon, 26 Sep 2022 18:10:24 GMT
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 07:43:05 GMT
cache-control: max-age=0
etag: "05a6d57113e7870d8851ed0faf8ca12f"
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: P8B-YHFnWxaZAQxTpuXMTgjgQ9Cx0WRLPl7R50jqdSeOUEy77BN--Q==
X-Firefox-Spdy: h2
www.usbfund.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
50.87.170.174200 OK 5.3 kB URL HTTP/1.1 www.usbfund.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Cookie: _gcl_au=1.1.236373320.1664869384; __ss=1664869384024; __ss_referrer=http%3A//www.usbfund.com/how-to-write-a-business-plan-for-a-loan/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1664869384.1.0.1664869384.0.0.0; _ga=GA1.1.1814396137.1664869384; __ss_tk=202210%7C633be408744ba03649301bef
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 17 Aug 2022 11:46:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 5321
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 07:43:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 07:43:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 07:43:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 07:43:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 07:43:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 50556325e5a38a5dd7802b1391815bcb
cf021352d993967e78552b275424ff139e4ef66c
96fd2e848a45d071e334a8d08c8b89215f80f01f947af6da2efaee72dd16914c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9455
x-amzn-requestid: c7e1aa21-0afd-4329-a886-ca52e1a30c7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqJXHLUIAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5708-1905710834041431314b11be;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: D-2NszpZ31D2YAbZRcPdqN3zZ2ScANt6bokfSbANgnsXBoTF2d__AQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:08:09 GMT
age: 34496
etag: "cf021352d993967e78552b275424ff139e4ef66c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 10812
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/plugins.js
50.87.170.174200 OK 44 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/plugins.js
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3830f4f24b1ece48a30d09fd753f9c51
ace00f0955c29bf0c229850618143407c821b3bf
9a5d6adec95a1ec37496689c716476b7cfb0236628945668867c5d1d0840095e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/plugins.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d5745f8e3528f481ae2acf05b4abd3d0
d830b94bea3b5698e5192a7ea05f90b25b2f9cc9
313e11915f0869a608c830637b9dfd236ff28a8fb3354c3cc8748816b0ee18b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8738
x-amzn-requestid: ede4db78-f2ab-4226-a855-dc7373978dfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTFrBoAMFR3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-2776543e774f0016329ddade;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c9bu34_KooZB6Z4d8xXGnsd9jZ7lPl3yIo9II1Dm_2YVId3l9-7n-w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 35239
etag: "d830b94bea3b5698e5192a7ea05f90b25b2f9cc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 126f1f4538e5e4228a4f36d3b02e9d62
16f2fe758de4ebf7d654cb9669c73f030eb1fdef
594210beaabbc35a37d5d648836277f950e46b2d4c2eab2abde2d33beafdff37
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4996
x-amzn-requestid: 2f13b6ea-4426-4b3f-81be-5d8ca0278ce7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcrokFkroAMF0XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5969-421b4993676a68df2b43ad65;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:51:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0s9K75q7TzjbFBJ3vviHLcItPRb6CP2URJRYs2k9JmppyWHKvzv5hg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 34326
etag: "16f2fe758de4ebf7d654cb9669c73f030eb1fdef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F840ae91d-bdbe-4236-ad14-27b04e390b6a.jpeg
34.120.237.76200 OK 2.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F840ae91d-bdbe-4236-ad14-27b04e390b6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb7d0bdcd7cf60e39ee64d92f5694384
0f0c8f45a22563c3c87ab7ec6279fabc96cdfb1f
a6dd1fade6b47e539dd42ed07d2cf58179db10fe946809f201889a1f9c4ef282
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F840ae91d-bdbe-4236-ad14-27b04e390b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2761
x-amzn-requestid: 00090151-da40-48e8-98f0-a0c579fe6d1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpI_EgdIAMFc0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556c-06ceb1750213c44130848bf2;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -VI34uA9q6D2_lYs0LtkmZOKZrBKQsYX9plMuw8zwnCt_3b2ZZ1Uxg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 35239
etag: "0f0c8f45a22563c3c87ab7ec6279fabc96cdfb1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/css/forms.min.css
50.87.170.174200 OK 1.1 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/css/forms.min.css
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3296), with no line terminators
Hash e4f0e46d63eb641d8cfe1579ff0217cb
37e2ef45ef74f0a3b869d447b4d9e22d0b424945
6b7e532056e7c449a8e080eb2967563fdb20ce9cfdcb95216205a769b65033c4
GET /wp-content/plugins/AffiliateWP-master/assets/css/forms.min.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:24:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1141
content-type: text/css
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/images/logo_text.png
50.87.170.174200 OK 6.3 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/images/logo_text.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 250 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 198c7fed73cadb12c23066fcad4e33e8
1f2616bb88b86ec79f3ce8cbbf74b3392c0b46bc
0053eb54a0f54484a915313939d858e1844208d2d0c4b410ce30e25d9cbc09ba
GET /wp-content/themes/usb/images/logo_text.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:36:10 GMT
accept-ranges: bytes
content-length: 6307
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css
50.87.170.174200 OK 239 B URL HTTP/2 www.usbfund.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 21fec527969cbcfec759744ce51f94c0
827130fb99b0005a5206028abfe82e93610184f2
fe2a280a5ffe9f5d3b1bf125035d478e46bae689a2f0cde07d48bef1ba7c74b1
GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 11 Oct 2021 18:28:51 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 239
content-type: text/css
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/images/logo_icon.png
50.87.170.174200 OK 2.2 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/images/logo_icon.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 53 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 50946e7f85431c547526705a530f893f
573eff13df4dc4f2e6e0e1db1a9339d79e22ce3c
05bc3e4202452433d51079e0d6e348cb850ea55330da7786c1d5c7290d13400a
GET /wp-content/themes/usb/images/logo_icon.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:36:10 GMT
accept-ranges: bytes
content-length: 2165
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/?display_custom_css=css&ver=6.0.2
50.87.170.174200 OK 541 B URL HTTP/2 www.usbfund.com/?display_custom_css=css&ver=6.0.2
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 0e67503cdf8a23b7d3aaff6f35c76b72
63edc0c8bf04ceec8dc3c8c44bd129b89adeb61a
d765ab66c61ec9c967f9f2e4b649326eb28a6f8dfb0fe064b4ed1cf9af1f18b6
GET /?display_custom_css=css&ver=6.0.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 541
content-type: text/css;charset=UTF-8
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/formidable/css/formidableforms.css
50.87.170.174200 OK 29 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/formidable/css/formidableforms.css
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65436)
Hash 6a35f36932e30a8d45dfb8a028cd80bc
89c3284eacd7c3ccc309f7f62e1d1663db1a1275
df51ca2f2242aaf0d24ab393e381f0e09584c1c1da062624b4eed9762f0c1a7c
GET /wp-content/plugins/formidable/css/formidableforms.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 30 Aug 2022 16:10:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/accredited-business-usbfunding.png
50.87.170.174200 OK 2.2 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/accredited-business-usbfunding.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 180 x 75, 8-bit colormap, non-interlaced\012- data
Hash 3befe9c6fb5e6602893570b99d3920aa
1e7c1d352448864975a23135097e59593ae71456
d59962c29e3487892da60ef799f75523576b6f006d54fc3dd43bb6993588f1dc
GET /wp-content/uploads/accredited-business-usbfunding.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Last-Modified: Sat, 28 Sep 2019 00:15:06 GMT
Accept-Ranges: bytes
Content-Length: 2244
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
www.usbfund.com/wp-content/uploads/norton-secured.png
50.87.170.174200 OK 3.0 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/norton-secured.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 180 x 75, 8-bit colormap, non-interlaced\012- data
Hash 7d05b62893199c911ab6f798ec8127d2
e7dc7368c55a2fbccb17a82c1a25de39cea2907d
0b691c8e6d1b07ce3e066744ccfbf643d61f013ce51503b0a3ceb7a356562ed6
GET /wp-content/uploads/norton-secured.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Last-Modified: Sat, 28 Sep 2019 00:14:45 GMT
Accept-Ranges: bytes
Content-Length: 3017
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 475737
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15528, version 1.0\012- data
Hash 595fe3fc0b85f3cc9ef5aed2d519abc5
96e76de44987e9dec2f97f1e5eb7a18c738daf5d
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 22:59:07 GMT
expires: Wed, 27 Sep 2023 22:59:07 GMT
cache-control: public, max-age=31536000
age: 549838
last-modified: Tue, 19 Apr 2022 18:53:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 01:31:40 GMT
expires: Mon, 02 Oct 2023 01:31:40 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 195085
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.hsforms.com/embed/v3/form/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43/json?hutk=
104.16.87.5200 OK 18 B URL HTTP/2 forms.hsforms.com/embed/v3/form/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43/json?hutk=
IP 104.16.87.5:0
File type ASCII text, with no line terminators
Hash cc7fd95a87ea3721ce1853bf3c4dd75e
7f687f7881adf0fc407378d375a61b8f198c0912
0f06a4c8d34690d4e42c81f232a5bdfe9fcbde8a54b5ccd0609a313e90da0879
OPTIONS /embed/v3/form/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43/json?hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Referer: http://www.usbfund.com/
Origin: http://www.usbfund.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: text/plain; charset=utf-8
content-length: 18
x-trace: 2BF49F63020E40375EE0D755FEA681E85F7683D5AA000000000000000000
allow: HEAD,GET,OPTIONS
vary: origin
x-hubspot-correlation-id: 3988a959-f6bc-480e-9b42-fcea4c396f6c
access-control-allow-origin: http://www.usbfund.com
access-control-allow-methods: OPTIONS, GET
access-control-allow-headers: x-requested-with
access-control-allow-credentials: false
access-control-max-age: 180
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 754c48d9ea281bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
process.iconnode.com/google-ads/
76.223.116.242200 OK 0 B URL HTTP/1.1 process.iconnode.com/google-ads/
IP 76.223.116.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /google-ads/ HTTP/1.1
Host: process.iconnode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: http://www.usbfund.com/
Content-Length: 0
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/7.4.30
X-Powered-By: PHP/7.4.30
Access-Control-Allow-Origin: http://www.usbfund.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
www.usbfund.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
50.87.170.174200 OK 55 kB URL HTTP/2 www.usbfund.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash c18c7805b2faa6428702ad950048db44
1d680711910bcc8f13e56de81849b49530cfd496
f8122917eedb3b666f75067242987ffba74058199af96fc84dc367c675600f9a
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Oct 2021 18:27:21 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/bg-section-header.png
50.87.170.174200 OK 22 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/bg-section-header.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1920 x 149, 8-bit colormap, non-interlaced\012- data
Hash 65b13235e26653c77b0ed328dfdb8dc2
2dcc21d12b909058345b01f087062f6b59f4f05c
acba6ce2f083bf3e78176be5f1c68dfbeb67e609472b4f8c034ba8676d0995b2
GET /wp-content/uploads/bg-section-header.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:58 GMT
accept-ranges: bytes
content-length: 22531
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:05 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/icon-arrow-down-black.png
50.87.170.174200 OK 195 B URL HTTP/2 www.usbfund.com/wp-content/uploads/icon-arrow-down-black.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash f984736b4b9dfe03bb8831a718c6a238
d95304fa5fed6fdf9020c21ece2b7e35aec4808c
4944824b4a23581a4660857551680fffd806f6fa42e3d9414fb1529ba78651b9
GET /wp-content/uploads/icon-arrow-down-black.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:09 GMT
accept-ranges: bytes
content-length: 195
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:05 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/icon-arrow-down-white.png
50.87.170.174200 OK 172 B URL HTTP/2 www.usbfund.com/wp-content/uploads/icon-arrow-down-white.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 14 x 14, 8-bit gray+alpha, non-interlaced\012- data
Hash 26d3bceaf73fad28fb322b6646860f78
1b70241f618df47a01729534d376a57c57bd8c07
0077bc52b60eb51d8785f3aa812a2cdcce59acd3a0b70a801b82c563787e1a7c
GET /wp-content/uploads/icon-arrow-down-white.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:12 GMT
accept-ranges: bytes
content-length: 172
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:05 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:21 GMT
expires: Thu, 28 Sep 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 475724
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
shield.sitelock.com/shield/usbfund.com
45.60.14.54200 OK 10 kB URL HTTP/1.1 shield.sitelock.com/shield/usbfund.com
IP 45.60.14.54:0
File type PNG image data, 117 x 67, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ddaa1d620687c0a77991f805b2debb
5d627c10e3bc6080a28a725b87b735b9e22586a5
d1e252f9845bde386c7c251503ca765700d95e0027d780a4e709aefebf3379bd
GET /shield/usbfund.com HTTP/1.1
Host: shield.sitelock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Content-Type: image/png; charset=ISO-8859-1
Content-Length: 10514
Date: Tue, 04 Oct 2022 07:42:27 GMT
Server: lighttpd
Set-Cookie: nlbi_275317=3120XfO7ZhqKHpApmBeFbAAAAADCkf6FUZx0wzj1D4ATxa/V; path=/; Domain=.sitelock.com
visid_incap_275317=FVM7H9SQROuqm897rVclygjkO2MAAAAAQUIPAAAAAADEUISmRDNA/exO1tMZav12; expires=Wed, 04 Oct 2023 03:25:04 GMT; HttpOnly; path=/; Domain=.sitelock.com
incap_ses_7235_275317=4ZVKSw+b9nMD2whEpuJnZAnkO2MAAAAAId4Q8s/moKn92Gw5bM+Whw==; path=/; Domain=.sitelock.com
___utmvmFZVuykvY=dhsCZCvHnjw; path=/; Max-Age=900
___utmvaFZVuykvY=NSlYWuv; path=/; Max-Age=900
___utmvbFZVuykvY=gZC XqBOvalv: oth; path=/; Max-Age=900
X-CDN: Imperva
X-Iinfo: 6-30967780-30957695 2NNN RT(1664869384864 2) q(0 0 0 1) r(3 3)
fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15660, version 1.0\012- data
Hash d7b0b953a50fddaa88089b5b787cf719
2f85bc568b27659a3d6452f58f9fd7678450326d
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15660
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 22:17:40 GMT
expires: Wed, 27 Sep 2023 22:17:40 GMT
cache-control: public, max-age=31536000
age: 552325
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.hs-scripts.com/5627136.js?integration=WordPress&ver=8.16.28
104.17.210.204200 OK 16 kB URL HTTP/2 js.hs-scripts.com/5627136.js?integration=WordPress&ver=8.16.28
IP 104.17.210.204:0
File type ASCII text, with very long lines (492)
Hash c00b209ea91d0c2e913146388bddd01d
bed0e6f9163adccedd6fcd9375d7052e47a31f67
1970e92927dff2983e52e0009c2da43ace598c30fed625a693d73d21a1a31586
GET /5627136.js?integration=WordPress&ver=8.16.28 HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:04 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2BA9725502E891144EC9899817B8B490B2B421BB91000000000000000000
cache-control: public, max-age=60
vary: origin, Accept-Encoding
x-hubspot-correlation-id: 686b8b69-0eb0-49d7-a9f0-88858765b512
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-origin: http://www.usbfund.com
last-modified: Tue, 04 Oct 2022 05:43:14 GMT
cf-cache-status: EXPIRED
expires: Tue, 04 Oct 2022 07:44:04 GMT
server: cloudflare
cf-ray: 754c48d43a0ffac0-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-01.png
50.87.170.174200 OK 3.3 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/featured-logo-01.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 164 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 30427e02eea1cec61004e2fdb293e4d2
d3ba51be6c31147f379670d59cab54ec01b3b448
32161c4a44a1dcdddeeb852e2b6eea070839630ac3a719ac79a503cfd4d3892d
GET /wp-content/uploads/featured-logo-01.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 28 Sep 2019 00:14:38 GMT
Accept-Ranges: bytes
Content-Length: 3311
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Content-Type: image/png
www.usbfund.com/wp-content/uploads/featured-logo-03.png
50.87.170.174200 OK 3.8 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/featured-logo-03.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 83 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash ea461093328a47d28ed34df6be0ad850
5fad4dd9e9daea5b1cac739624cbd673c20fe7c2
37ea654d17c80dfb22d0ad091907b6d4009c76c4671728321fd51376a8df7cce
GET /wp-content/uploads/featured-logo-03.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 28 Sep 2019 00:15:13 GMT
Accept-Ranges: bytes
Content-Length: 3840
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Content-Type: image/png
www.usbfund.com/wp-content/uploads/featured-logo-04.png
50.87.170.174200 OK 5.8 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/featured-logo-04.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 123 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash e94a0244f1a51d7565de08744375bd07
dde753e74a85c5f094dda6661ada486fdae50422
47bff975ef1626c064613532b237bd114911cdc835effdccb0d124c1432c17b2
GET /wp-content/uploads/featured-logo-04.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 28 Sep 2019 00:15:18 GMT
Accept-Ranges: bytes
Content-Length: 5757
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Content-Type: image/png
www.usbfund.com/wp-content/uploads/featured-logo-05.png
50.87.170.174200 OK 3.7 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/featured-logo-05.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 135 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 646b30b6704a2457b04bb12da4144c97
acadca7b80819db2100f2cf8341acdf47a2eb773
b6e64d31c4f5ab917ad1cddfe7fa745e7c4bfc2d5af33cfdaa8130eb14247bc8
GET /wp-content/uploads/featured-logo-05.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Last-Modified: Sat, 28 Sep 2019 00:15:03 GMT
Accept-Ranges: bytes
Content-Length: 3721
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
www.usbfund.com/wp-content/uploads/featured-logo-02.png
50.87.170.174200 OK 5.8 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/featured-logo-02.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 93 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash d2bfb41e522705be8e4a48895b996bca
df2507b75f1c0362bd168ea7ecf829f11469a926
968570479e59e9ff339d5c1d25e4c15011f8cb5ad243776b8cf62f51d28b0903
GET /wp-content/uploads/featured-logo-02.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 28 Sep 2019 00:13:58 GMT
Accept-Ranges: bytes
Content-Length: 5795
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Content-Type: image/png
www.usbfund.com/wp-content/uploads/featured-logo-06.png
50.87.170.174200 OK 2.7 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/featured-logo-06.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 175 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash b7b5570d5d29fd453a5e65063849fcb1
b07b87612c74febb32961e10ed154dc2efdf19cb
886d709e142c957b0d93269a57fccc13800907c8ab90acc1f18c8bec259d3992
GET /wp-content/uploads/featured-logo-06.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Last-Modified: Sat, 28 Sep 2019 00:14:38 GMT
Accept-Ranges: bytes
Content-Length: 2693
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
process.iconnode.com/keyword/
76.223.116.242200 OK 37 B URL HTTP/1.1 process.iconnode.com/keyword/
IP 76.223.116.242:0
File type ASCII text, with no line terminators
Hash 47d237a9ed20cca7882969e1f7cabaad
b036919d16d1ffdce3bf3673d49edb255d5983e6
ac783c5fa4807f599b392fc3774e82e8fe8f33998e17f3f523a1c1358fd659c5
POST /keyword/ HTTP/1.1
Host: process.iconnode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1122
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 37
Connection: keep-alive
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/7.4.30
X-Powered-By: PHP/7.4.30
Access-Control-Allow-Origin: http://www.usbfund.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
tag.getdrip.com/9726461.js
143.204.55.121200 OK 8 B URL HTTP/1.1 tag.getdrip.com/9726461.js
IP 143.204.55.121:0
File type ASCII text, with no line terminators
Hash de2e1607e500ee465eca3ec4505c0859
cfd432c8178796a4af548a7ed62f09bdf5fbb897
295bdad3ed86f4eeb0249f30e724344ec7be85582094013a85403ecbb77a0047
GET /9726461.js HTTP/1.1
Host: tag.getdrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 8
Connection: keep-alive
Last-Modified: Fri, 20 May 2022 20:08:53 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Tue, 04 Oct 2022 07:43:06 GMT
ETag: "de2e1607e500ee465eca3ec4505c0859"
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3NzdXqhqfuG-tInYnfuIcKU11LcWpQnDhUEMuENh6ThdYexGxViCSA==
www.usbfund.com/wp-content/uploads/us-business-funding-logo-small.png
50.87.170.174200 OK 2.0 kB URL HTTP/1.1 www.usbfund.com/wp-content/uploads/us-business-funding-logo-small.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash a5a71307aefd12c55fd16f36356f9a83
679b01f07d71f673b74fde71a5a0a9da8a8e486d
a2e02fabad9f481343e4e8050843b371e239956a637488eb7d2a9deff98245de
GET /wp-content/uploads/us-business-funding-logo-small.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/how-to-write-a-business-plan-for-a-loan/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Last-Modified: Sat, 28 Sep 2019 00:14:51 GMT
Accept-Ranges: bytes
Content-Length: 2020
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
js.hs-banner.com/5627136.js
172.64.154.85200 OK 15 kB URL HTTP/2 js.hs-banner.com/5627136.js
IP 172.64.154.85:0
File type ASCII text, with very long lines (60657)
Hash 0520b5c29a4c4fabdb3ae8eab1e6f974
f83cad51eb4630a48f6fd6ed86aa5316fdc872a6
d28682fcee83524c52eba3dec55fdc4e8e674964e895e0609cb98f2faf512b6b
GET /5627136.js HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: text/javascript; charset=UTF-8
x-amz-id-2: PcrNy5JVPsu598PC1/lPElCBYp1cqb3V50xjRUlMVyG5H6zeu5pIrqoFSA3iI3YfKyyK18RQkuQ=
x-amz-request-id: 1KMFHE45754KHE95
last-modified: Tue, 30 Aug 2022 21:14:45 GMT
etag: W/"5c3b164165600a0b6a0c29c630962192"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: .1v3HU9LDUEmg0.4oQ38beGDggSFt1E7
access-control-allow-origin: http://www.usbfund.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
expires: Tue, 04 Oct 2022 07:48:05 GMT
cf-cache-status: REVALIDATED
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c48db6b80fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
wt.soundestlink.com/REST/webTracking/v1/event?timestamp=1664869385140&brandID=60034c978a48f7337bc1a105&shopType=api&shopHostname=www.usbfund.com&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&utmCampaign=how-to-write-a-business-plan-to-get-approved-for-a-loan&utmMedium=campaign-email&utmSource=bayengage&title=How%20to%20Write%20a%20Business%20Plan%20for%20a%20Loan%3F%20-%20US%20Business%20Funding&anonymousID=eZmE499Elknz6S-20221004074305&sessionID=GsSFC5onH3YpNG-20221004074305&type=pageview
104.18.26.48200 OK 42 B URL HTTP/2 wt.soundestlink.com/REST/webTracking/v1/event?timestamp=1664869385140&brandID=60034c978a48f7337bc1a105&shopType=api&shopHostname=www.usbfund.com&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&utmCampaign=how-to-write-a-business-plan-to-get-approved-for-a-loan&utmMedium=campaign-email&utmSource=bayengage&title=How%20to%20Write%20a%20Business%20Plan%20for%20a%20Loan%3F%20-%20US%20Business%20Funding&anonymousID=eZmE499Elknz6S-20221004074305&sessionID=GsSFC5onH3YpNG-20221004074305&type=pageview
IP 104.18.26.48:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /REST/webTracking/v1/event?timestamp=1664869385140&brandID=60034c978a48f7337bc1a105&shopType=api&shopHostname=www.usbfund.com&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&utmCampaign=how-to-write-a-business-plan-to-get-approved-for-a-loan&utmMedium=campaign-email&utmSource=bayengage&title=How%20to%20Write%20a%20Business%20Plan%20for%20a%20Loan%3F%20-%20US%20Business%20Funding&anonymousID=eZmE499Elknz6S-20221004074305&sessionID=GsSFC5onH3YpNG-20221004074305&type=pageview HTTP/1.1
Host: wt.soundestlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: image/gif
content-length: 42
x-envoy-upstream-service-time: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 754c48dbcdf2fac8-OSL
X-Firefox-Spdy: h2
forms.soundestlink.com/REST/inShop/v1/getSettings?callback=_omnisend.setSettings&responseType=jsonp&shopHostname=www.usbfund.com&shopType=api&brandID=60034c978a48f7337bc1a105
104.18.26.48200 OK 467 B URL HTTP/2 forms.soundestlink.com/REST/inShop/v1/getSettings?callback=_omnisend.setSettings&responseType=jsonp&shopHostname=www.usbfund.com&shopType=api&brandID=60034c978a48f7337bc1a105
IP 104.18.26.48:0
File type ASCII text, with no line terminators
Hash 0fb1d49aa162b814a27892e7bfa40ae5
bfa40d8ff427957aefdbc234630e43f6e305ced3
01a24968065bd12ee564163a01a6ed287137c56268c03495d926b014a26c2534
GET /REST/inShop/v1/getSettings?callback=_omnisend.setSettings&responseType=jsonp&shopHostname=www.usbfund.com&shopType=api&brandID=60034c978a48f7337bc1a105 HTTP/1.1
Host: forms.soundestlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/json
cache-control: max-age=0, s-maxage=600, public
last-modified: Tue, 04 Oct 2022 07:43:05 GMT
x-envoy-upstream-service-time: 6
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: EXPIRED
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 754c48dbcde5fac8-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/USBusinessFunding-Home1.png
50.87.170.174200 OK 944 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/USBusinessFunding-Home1.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1696 x 1131, 8-bit colormap, non-interlaced\012- data
Size 944 kB (944072 bytes)
Hash b4b6bd078ef229456fc9d5b22d31ca0e
51cb87382bfb8b0029df296adb021229ad4cf6da
870b85b6771aeb0fc9c84c444ca24919dd6f71e4b34a6bb97003a0a4f34bdfd3
GET /wp-content/uploads/USBusinessFunding-Home1.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:13 GMT
accept-ranges: bytes
content-length: 944072
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:05 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cc1d612794b32a9b725ce16b1fc78f2a
f16f834460b0b77d376611c8d491f5299390a267
5e09c2a9686f25532247cccae05b73e3f42905b4c1b95be7d0dee9545f659b8e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4727
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:05 GMT
Last-Modified: Tue, 04 Oct 2022 06:24:21 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
www.usbfund.com/fonts/socicon.woff
50.87.170.174200 OK 31 kB URL HTTP/2 www.usbfund.com/fonts/socicon.woff
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 31444, version 1.0\012- data
Hash dcbd1f9c4275862f002f21619e96b8f4
a97cd865925e5102ae7c25aa5dd09112ccf50651
a680b776319127695950fd7c490b17cd15120d683bde57845707a2f7dc0f1a74
Analyzer Verdict Alert fortinet Malware
GET /fonts/socicon.woff HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Sep 2019 21:47:06 GMT
accept-ranges: bytes
content-length: 31444
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff
date: Tue, 04 Oct 2022 07:43:05 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/How-to-Write-a-Business-Plan-for-a-Loan.jpg
50.87.170.174200 OK 27 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/How-to-Write-a-Business-Plan-for-a-Loan.jpg
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 720x405, components 3\012- data
Hash 2887f2b7a3db547e0e0e7c5fe4a65402
60701bef2615e773b8a3ad95b126e129c34996b0
f0922c725e6e2b4272fe879379f34776f9702e07d3009ddef57970c44a0bc40d
GET /wp-content/uploads/How-to-Write-a-Business-Plan-for-a-Loan.jpg HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 06 Jul 2022 08:03:14 GMT
accept-ranges: bytes
content-length: 27359
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Tue, 04 Oct 2022 07:43:05 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 8c76ed666937871dd6d5e4e934bc5a1c
569d99bf18e0eb3f27d2971b5e62382946d4a967
66b22efd315e8222c61ef937dd3cc8f2b518752a9cbf2ac3a8c49df8aa5fe504
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:05 GMT
Last-Modified: Tue, 04 Oct 2022 06:22:22 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Fk-2Rze3v5SQa_iaeKK2LEdz0L-lyUV0HrWiYkx4Mg5KdQOlGtzQrA==
Age: 4843
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 8c76ed666937871dd6d5e4e934bc5a1c
569d99bf18e0eb3f27d2971b5e62382946d4a967
66b22efd315e8222c61ef937dd3cc8f2b518752a9cbf2ac3a8c49df8aa5fe504
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:05 GMT
Last-Modified: Tue, 04 Oct 2022 06:39:36 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IV2zJPjJTfo8OpOhnFoy59Y2d9KgU5jWjZp-hsYeh1_UOhEwMB1_cg==
Age: 3809
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 8c76ed666937871dd6d5e4e934bc5a1c
569d99bf18e0eb3f27d2971b5e62382946d4a967
66b22efd315e8222c61ef937dd3cc8f2b518752a9cbf2ac3a8c49df8aa5fe504
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:05 GMT
Last-Modified: Tue, 04 Oct 2022 06:08:29 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Cv3YxC7JHzmuuwB52O7zF9c5fcSS4AFHyyHvpq4Y9fCjfKTT3Mv0JQ==
Age: 5676
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 8c76ed666937871dd6d5e4e934bc5a1c
569d99bf18e0eb3f27d2971b5e62382946d4a967
66b22efd315e8222c61ef937dd3cc8f2b518752a9cbf2ac3a8c49df8aa5fe504
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:05 GMT
Last-Modified: Tue, 04 Oct 2022 05:58:53 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ks4s-laN-ETCA5TskAEGEFouHCbHsiuxasBOP1Bf9eAUoaErNOpYxA==
Age: 6252
track.sendlane.com/track/event?event_id=xWMCUM2gF97YD&uri=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&cb=23sfd8iamdnfzqxf451s
23.250.2.183204 No Content 0 B URL HTTP/1.1 track.sendlane.com/track/event?event_id=xWMCUM2gF97YD&uri=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&cb=23sfd8iamdnfzqxf451s
IP 23.250.2.183:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track/event?event_id=xWMCUM2gF97YD&uri=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&cb=23sfd8iamdnfzqxf451s HTTP/1.1
Host: track.sendlane.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: Apache
Cache-Control: no-cache, private, max-age=2592000
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Set-Cookie: track_session=eyJpdiI6Im9ieFZVaEtsbWdUbVdHZEptaUJOTkE9PSIsInZhbHVlIjoiUlVWUERUVHFsc0czcmJBL2REZ0U5QkcyTkV0aklnUXFJZ2krRTR5TFBQU0hZaUZONkhsNjlNM0NTTTFqNVp1MytwOXlKcS9RNnBXR2FtckErZXBHSjdUbFhnUTNSd1VRNm16QWx0TGpTTFFKVFRFME1UaDhudStCeGlQaytWQloiLCJtYWMiOiJhNzZjNWM0ODNmMjkyOWUwNTEzMTNkNzdiM2UwZTJjNTFmZjRhZjk0NzNiNjM1MjVjMDcyNzZkY2E4ODIyMzY4IiwidGFnIjoiIn0%3D; expires=Tue, 04-Oct-2022 09:43:05 GMT; Max-Age=7200; path=/; domain=sendlane.com; secure; httponly; samesite=none
Expires: Thu, 03 Nov 2022 07:43:05 GMT
Connection: close
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 17ac2348c43a17adfd3f51554917ed8e
b5dd22312f778d084acc6300a1e1c060f552f43e
0fea82dfef8a1d4339fc4cce653e5c4e3a2c067afc898ed3586d49f6561e0bc6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139061
Date: Tue, 04 Oct 2022 07:43:05 GMT
Etag: "633b4c30-1d7"
Expires: Wed, 05 Oct 2022 22:20:46 GMT
Last-Modified: Mon, 03 Oct 2022 20:55:12 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OpVixgfXNErRGT1IMhbNnFdv6FIGbHWBBggWYka2IZIvFg945h0obQ==
Age: 5134
www.checkbca.org/CompanyWidget.aspx?ID=100094667&WidgetType=1
207.137.0.213301 Moved Permanently 196 B URL HTTP/2 www.checkbca.org/CompanyWidget.aspx?ID=100094667&WidgetType=1
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash e4450c4791dadbc8f0fe8409a9b278ec
70f8e597f291a8a247c4f1bbbc4586e300f75723
e350fe60679b3272336147b700171d459374f3a66c6e228673a94ec0d9239b7e
GET /CompanyWidget.aspx?ID=100094667&WidgetType=1 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 196
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700
142.250.74.10200 OK 792 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700
IP 142.250.74.10:0
Hash 22c810f95044f1a274a1f4a7dc1f4b45
20672b02927566cba296e2f2a01d30c7e01ae09c
2c75f04125829a3d82c6fa9fbdb575d8bd89f7c52c0b773921fdc16f4cb403ae
GET /css?family=Roboto+Condensed:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 07:43:04 GMT
date: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
forms.hsforms.com/embed/v3/form/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43/json?hutk=
104.16.87.5404 Not Found 174 B URL HTTP/2 forms.hsforms.com/embed/v3/form/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43/json?hutk=
IP 104.16.87.5:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 147503af18932fcc1efeadf56a947991
8aa8aeb4a4c3cfe88ac9af68dca89776c44443e1
f668285fd02c5b05ee0bed5cdd7f9bcfe651030e2b28deae511b82b7ae2365f1
GET /embed/v3/form/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43/json?hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/json;charset=utf-8
x-trace: 2B605674A4AF1F7ADE0D4F9D2230A3C124E31D39F5000000000000000000
x-hubspot-notfound: true
x-origin-hublet: na1
vary: origin
x-hubspot-correlation-id: df153bdd-90c5-488a-9b5c-f4675accff08
access-control-allow-origin: http://www.usbfund.com
access-control-allow-methods: OPTIONS, GET
access-control-allow-headers: *
access-control-allow-credentials: false
access-control-max-age: 180
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 754c48daeb5e1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aorta.clickagy.com/pixel.gif?clkgypv=jstag
34.237.97.168302 Found 0 B URL HTTP/2 aorta.clickagy.com/pixel.gif?clkgypv=jstag
IP 34.237.97.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?clkgypv=jstag HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/json
content-length: 0
location: https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
server: Aorta/20220929.37e3bd418
x-aorta-host: b3131f3508c5
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
104.18.30.205200 OK 14 kB URL HTTP/2 tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
IP 104.18.30.205:0
File type ASCII text, with very long lines (38960), with no line terminators
Hash af82d3009030b678825bea5a0011ff20
2405ed0632a8c89426c8a23f647947912e00ae12
ad3107b8ac89abaab96613373131afea22ab806aa7e17f04f042e272174a6cda
GET /data.js?rnd=62fe5c0e6ad95 HTTP/1.1
Host: tags.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/javascript
last-modified: Fri, 16 Sep 2022 04:12:14 GMT
etag: W/"9d3ea74a65932cc93f95029e15978232"
x-amz-version-id: voLTTawX.GcVEDQiIRYzY2txm8P5Ii8i
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: knKOThMmEcpgbD9vb9YSFZdb5Fw3IKfRSwsXCBVYYn7eEdF45LRqdQ==
age: 42971
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754c48db7bfb0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hubspot-forms-static-embed.s3.amazonaws.com/prod/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43.json.gz
52.216.228.0403 Forbidden 243 B URL HTTP/1.1 hubspot-forms-static-embed.s3.amazonaws.com/prod/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43.json.gz
IP 52.216.228.0:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 0709054f98be3ca1fb955fa841f644f4
e91afa845416b3516bb8e3f6824529f58f9a00ce
6e8f317045424ecee89b188acfb8ffacf15c7954f464ff5eaf8b8a898510e6da
GET /prod/540751/8e06fd82-42e9-4211-9f65-32b7dbc43b43.json.gz HTTP/1.1
Host: hubspot-forms-static-embed.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: BMS0PPDTHYFGAMAY
x-amz-id-2: Hez4UPu2WGkJVHCzC62rQlt6xsOoxagLwxGub+0bnLoKkM19J0JY55K2Z+TaAfVkCLwTkzqH4hg=
x-amzn-internal-status: 403
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 04 Oct 2022 07:43:05 GMT
Server: AmazonS3
forms.soundestlink.com/REST/forms/v1/renderedForms?v=2022-10-04T07&brandID=60034c978a48f7337bc1a105
104.18.26.48200 OK 2 B URL HTTP/2 forms.soundestlink.com/REST/forms/v1/renderedForms?v=2022-10-04T07&brandID=60034c978a48f7337bc1a105
IP 104.18.26.48:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /REST/forms/v1/renderedForms?v=2022-10-04T07&brandID=60034c978a48f7337bc1a105 HTTP/1.1
Host: forms.soundestlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Origin: http://www.usbfund.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:06 GMT
content-type: application/json
content-length: 2
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
cache-control: max-age=0, s-maxage=600, public
expires: Fri, 04 Nov 2022 07:43:06 GMT
last-modified: Tue, 04 Oct 2022 07:43:06 GMT
x-envoy-upstream-service-time: 3
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 754c48de2b54b4ed-OSL
X-Firefox-Spdy: h2
www.usbfund.com/fonts/socicon.woff2
50.87.170.174200 OK 28 kB URL HTTP/2 www.usbfund.com/fonts/socicon.woff2
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 27648, version 2.26214\012- data
Hash 9c209ec94754375ace43df8a83339180
9e714f49352b50f50396d62d60b6a15b9ff78815
636a5b22bf12b94a00182d913ee203597f57e7b392e438a83ea5de80b9a60958
Analyzer Verdict Alert fortinet Malware
GET /fonts/socicon.woff2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Sep 2019 21:47:06 GMT
accept-ranges: bytes
content-length: 27648
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff2
date: Tue, 04 Oct 2022 07:43:06 GMT
server: Apache
X-Firefox-Spdy: h2
www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
207.137.0.213200 OK 6.8 kB URL HTTP/2 www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (604), with CRLF line terminators
Hash e363d76464047cd561b27805c6446771
cd96f502e025cd47686943eafeadd5eee4d99f98
1f2581d3b8d4e06f51a265bc2838f1fb1c59dabddc15a7afe70243e1c2de82ee
GET /companywidget.aspx?ID=100094667&WidgetType=1 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=bbbluioldybawxkbusvkdmac; path=/; secure; HttpOnly; SameSite=Lax
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 6794
X-Firefox-Spdy: h2
www.usbfund.com/fonts/socicon.ttf
50.87.170.174200 OK 44 kB URL HTTP/2 www.usbfund.com/fonts/socicon.ttf
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type TrueType Font data, 17 tables, 1st "FFTM", 12 names, Microsoft, language 0x409, type 1 string, sociconRegularsociconsocicon RegularVersion 2.4sociconFont generated by IcoMoon.Webfont 1.0Thu A\012- data
Hash 4cd63382b2456736eef43b2e7d8022a2
30544bfef5395086603a3fdd14720e8a695557db
ad9bc5734c8e5e33da5ae5763b578444cc3a8c5c28acbece5980f8d7b5f56d46
Analyzer Verdict Alert fortinet Malware
GET /fonts/socicon.ttf HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Sep 2019 21:47:07 GMT
accept-ranges: bytes
content-length: 44524
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/ttf
date: Tue, 04 Oct 2022 07:43:06 GMT
server: Apache
X-Firefox-Spdy: h2
trackcmp.net/t_prism_sitemessages.php?trackid=224499963&prismid=640936a8-431b-48f7-b44f-2c1075f91723&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
172.64.145.151200 OK 0 B URL HTTP/2 trackcmp.net/t_prism_sitemessages.php?trackid=224499963&prismid=640936a8-431b-48f7-b44f-2c1075f91723&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP 172.64.145.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t_prism_sitemessages.php?trackid=224499963&prismid=640936a8-431b-48f7-b44f-2c1075f91723&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: trackcmp.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:06 GMT
content-type: text/javascript;charset=UTF-8
content-length: 0
x-powered-by: PHP/7.1.33
cache-control: no-cache, private
p3p: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754c48ddad42b506-OSL
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/font-awesome.min.css
207.137.0.213200 OK 7.0 kB URL HTTP/2 www.checkbca.org/stylesheets/font-awesome.min.css
IP 207.137.0.213:0
File type ASCII text, with very long lines (30837)
Hash 775375b17c16dc85854ba29bbba28807
91c2f8c2838211a85090f061340b6c0c24e763af
e05c4f03a6c957e6b769e9ac46b9b6d7f1de8f46f49fc894be7c7493aaf4e033
GET /stylesheets/font-awesome.min.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: text/css
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 18:58:59 GMT
accept-ranges: bytes
etag: "809bbc5d6cd3d81:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 6965
X-Firefox-Spdy: h2
serve.albacross.com/track.js
143.204.55.30200 OK 4.1 kB URL HTTP/1.1 serve.albacross.com/track.js
IP 143.204.55.30:0
File type ASCII text, with very long lines (10418)
Hash fb582e9afc270eff27615efc772d56d1
1467e3e47d8b76d36e319a6574ab72b59983343b
bbc596d579e549bad24d8d7301087ebe50da47adaf9a67a42a3650b914f9be3e
GET /track.js HTTP/1.1
Host: serve.albacross.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 13:13:21 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Tue, 04 Oct 2022 07:43:05 GMT
Cache-Control: max-age=120
ETag: W/"b769e9b4f23be6c9bab7c715fdf2526a"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 00RbPlxp7nMpPgfgwgq_yGTRyiV3ZKRmrXosuSPNvSWBegw_XV0NMA==
Age: 3
www.checkbca.org/stylesheets/jquery.selectBox.css
207.137.0.213301 Moved Permanently 180 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectBox.css
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 65d99af646ca7622a01fc0d3eb7a6b6d
a6b71820c0572f17c183b5669255346947bc3492
425fea6b4acfc8c48eee414af2be035b5c77a87742cf0bb46b136d07e0c29f6a
GET /stylesheets/jquery.selectBox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/stylesheets/jquery.selectbox.css
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 180
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/style.css
207.137.0.213200 OK 11 kB URL HTTP/2 www.checkbca.org/stylesheets/style.css
IP 207.137.0.213:0
File type assembler source, Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators
Hash cef167427944e3fb4d6831c227b30bd0
5900baa9671ec663d3f990e38e7bb763f7edee64
ad26247de1e0e4f3e40fd860a147df0ed041f06e75dc48f7e1ac3684ac7920f1
GET /stylesheets/style.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: text/css
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 18:58:59 GMT
accept-ranges: bytes
etag: "809bbc5d6cd3d81:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 10891
X-Firefox-Spdy: h2
munchkin.marketo.net/munchkin.js
88.221.99.189200 OK 728 B URL HTTP/1.1 munchkin.marketo.net/munchkin.js
IP 88.221.99.189:0
File type ASCII text, with very long lines (521)
Hash 51a92d8c69733d719447dea0416ed039
69f4c1e0b7ebba812bc096708d57627927dff265
cb483c0ea4012ac512bcba6204b37622b388c1aefd4ae9028f60abb965f23d29
GET /munchkin.js HTTP/1.1
Host: munchkin.marketo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 04 Oct 2022 07:43:06 GMT
Content-Length: 728
Connection: keep-alive
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=77276
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
munchkin.marketo.net/162/munchkin.js
88.221.99.189200 OK 4.7 kB URL HTTP/1.1 munchkin.marketo.net/162/munchkin.js
IP 88.221.99.189:0
File type ASCII text, with very long lines (606)
Hash 3e9baed982956735f6e0a0e756d97ed9
9223be6a494a10959101a7942419df7b05b84d73
930a508ed0ea6b4861d19c0738360182514010913c4ebfe9352064ae5006f8a1
GET /162/munchkin.js HTTP/1.1
Host: munchkin.marketo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=8640000
Expires: Thu, 12 Jan 2023 07:43:06 GMT
Date: Tue, 04 Oct 2022 07:43:06 GMT
Content-Length: 4677
Connection: keep-alive
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 04 Oct 2022 06:41:09 GMT
expires: Tue, 04 Oct 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 3717
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rec.smartlook.com/recorder.js
185.76.9.14200 OK 9.4 kB URL HTTP/2 rec.smartlook.com/recorder.js
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (29842), with no line terminators
Hash fb02caab4f854fc99e22e528deab2652
4d0aa19300bdff5b3f9ddc3309b099ea520e1154
dfe396ee598979058561a5935303422fd3669f724ff89a11ed33d68e1f4d86e8
GET /recorder.js HTTP/1.1
Host: rec.smartlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
etag: W/"63392bab-7492"
last-modified: Sun, 02 Oct 2022 06:11:55 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-accel-expires: @1664869629
server: CDN77-Turbo
x-77-nzt: AblMCQ1ejMz/ZQEAAA
x-77-nzt-ray: rhAlNoEdDEk
x-cache: HIT
x-age: 357
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
tag.simpli.fi/sifitag/7c49dfc0-b0ef-0139-b544-06a60fe5fe77
169.50.137.179200 OK 3.1 kB URL HTTP/2 tag.simpli.fi/sifitag/7c49dfc0-b0ef-0139-b544-06a60fe5fe77
IP 169.50.137.179:0
File type ASCII text, with very long lines (3100)
Hash 3f39bd6aa96de4bb5bd9275b06354981
14f61e1cbeb536266027c98d8f48cc3211f1a2b2
4f8cbfd5c952dcec41e51c8cdf551acc7acf44e7e4d51ab90be179a503fb4b00
GET /sifitag/7c49dfc0-b0ef-0139-b544-06a60fe5fe77 HTTP/1.1
Host: tag.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 3101
set-cookie: suid=76C230A68A074AE7A4DBAE21EC89A597; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:06 GMT; SameSite=none; Secure;
suid_legacy=76C230A68A074AE7A4DBAE21EC89A597; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:06 GMT; Secure;
x-request-id: FxrN4tlTJbOL9KCUdCQB
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache, no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash d0cccf4ce8253fd53286a85fef0716e8
12094e4f75e6d03415180d178cfc097ef2aeffd6
83f2b3c3564f374e97a8104b9d2dd8e731b17d886bdbe2d003f36179c0271890
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:06 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 02 Oct 2022 01:42:55 GMT
Expires: Sun, 09 Oct 2022 01:42:54 GMT
Etag: "12094e4f75e6d03415180d178cfc097ef2aeffd6"
Cache-Control: max-age=409787,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754c48e139460b59-OSL
pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
66.155.71.149302 Found 0 B URL HTTP/2 pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
IP 66.155.71.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D HTTP/1.1
Host: pixel-sync.sitescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
set-cookie: ssi=5a2531d4-7a6f-4a4c-a1a7-7d03398d2e55#1664869386497; Domain=.sitescout.com; Expires=Wed, 04-Oct-2023 07:43:06 GMT; Path=/; Secure; SameSite=None
location: https://pixel-sync.sitescout.com/connectors/clickagy/usersync?cookieQ=1&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
content-length: 0
date: Tue, 04 Oct 2022 07:43:05 GMT
server: AC1.1
X-Firefox-Spdy: h2
www.checkbca.org/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBAd-3g2iBrrqGpefWWgmRAZw8TONzGF-aV_9TjkbkyCvwDWnstKlAYe583il9NLzw2&t=637823077705833095
207.137.0.213200 OK 23 kB URL HTTP/2 www.checkbca.org/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBAd-3g2iBrrqGpefWWgmRAZw8TONzGF-aV_9TjkbkyCvwDWnstKlAYe583il9NLzw2&t=637823077705833095
IP 207.137.0.213:0
File type ASCII text, with CRLF line terminators
Hash 20180537e2ac64e5c60143ac90c84998
82d03de61c4dededbc9fd79d8c3a8e18d3b43744
0999cb5dfb2dcd76a944ef880be49f8e2d66fc60d00817e2b251ba0a67090cbf
GET /WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBAd-3g2iBrrqGpefWWgmRAZw8TONzGF-aV_9TjkbkyCvwDWnstKlAYe583il9NLzw2&t=637823077705833095 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-type: application/x-javascript
content-encoding: gzip
expires: Tue, 03 Oct 2023 21:33:16 GMT
last-modified: Tue, 08 Mar 2022 11:42:50 GMT
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 23086
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/cropped-iconusbfund-32x32.png
50.87.170.174200 OK 1.4 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/cropped-iconusbfund-32x32.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 331f8022f00882988b3dd50a45511040
295b137770dedf8de5101ba30c05f515e21b6fb0
f83bb7fbb6ab6b05a6129fdc513d6edeb3b9029b0cbe6cf3eae361ad56c58cf5
GET /wp-content/uploads/cropped-iconusbfund-32x32.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:07 GMT
accept-ranges: bytes
content-length: 1438
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:06 GMT
server: Apache
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
207.137.0.213301 Moved Permanently 188 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6f83537ac9d2567aa0049ad8d28282d8
7e4975fe0edee16d97ab1f59dd7473a95902f30e
c614ae1fc44d88ab3555782295fd0de23f7b1062ef93e0777530a9ff2fdb2fe6
GET /Scripts/WebForms/MsAjax/MicrosoftAjax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 188
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/cropped-iconusbfund-192x192.png
50.87.170.174200 OK 20 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/cropped-iconusbfund-192x192.png
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 273b22a347363c8bfaa20ddcca897d53
0bf5106cb96db26030ae4bee997db3aef8914130
3c673a54e1fea64b6b57dc31365058249f665f327b0e032746b310a2f6a2c0b2
GET /wp-content/uploads/cropped-iconusbfund-192x192.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:06 GMT
accept-ranges: bytes
content-length: 19606
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Tue, 04 Oct 2022 07:43:06 GMT
server: Apache
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
207.137.0.213301 Moved Permanently 196 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 95d708e49ef3d81c5832e354dbdafb01
ddb6aa6d1990a59c42331129fef517bb9101fad1
429e36746d58356e8d7fd50c755f2ec8de5fcf67bc3980f782eef9c14e89db18
GET /Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 196
X-Firefox-Spdy: h2
id.rlcdn.com/711861.gif
35.244.174.68451 Unavailable For Legal Reasons 0 B IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /711861.gif HTTP/1.1
Host: id.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.simplemodal.1.4.4.min.js
207.137.0.213200 OK 3.1 kB URL HTTP/2 www.checkbca.org/scripts/jquery.simplemodal.1.4.4.min.js
IP 207.137.0.213:0
File type ASCII text, with very long lines (626), with CRLF, LF line terminators
Hash 487fda8eb4e12565909588706300e2fb
9224d8c027d499bb7ec852c2bf3c580e593f5d5b
664736273b9cff9b035c3c682e6ea5e1220468bf24d3199d45148b0a45e101dc
GET /scripts/jquery.simplemodal.1.4.4.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 3081
X-Firefox-Spdy: h2
pixel-sync.sitescout.com/connectors/clickagy/usersync?cookieQ=1&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
66.155.71.149204 No Content 0 B URL HTTP/2 pixel-sync.sitescout.com/connectors/clickagy/usersync?cookieQ=1&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
IP 66.155.71.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /connectors/clickagy/usersync?cookieQ=1&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D HTTP/1.1
Host: pixel-sync.sitescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
date: Tue, 04 Oct 2022 07:43:06 GMT
server: AC1.1
X-Firefox-Spdy: h2
c.cdnma.com/apps/18595/capture.js
143.204.55.82200 OK 21 kB URL HTTP/1.1 c.cdnma.com/apps/18595/capture.js
IP 143.204.55.82:0
Hash 97d3e5fda9c9883b4955f3e1cb825bdd
7ae88bca92857b48476af3d07bb1b2757d91518d
a90e7a78a8bbcbd7eb44bdd06e1bc86ddf19541c8986076a25dbd84edf244f63
GET /apps/18595/capture.js HTTP/1.1
Host: c.cdnma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.usbfund.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 13 Jun 2022 17:04:46 GMT
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=0; includeSubDomains; preload
Content-Encoding: gzip
Date: Tue, 04 Oct 2022 07:43:06 GMT
Expires: Tue, 04 Oct 2022 11:43:06 GMT
Cache-Control: max-age=14400
ETag: W/"62a76e2e-6b96"
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q5nc1rTiM0-ISVgXM-VbP9ejLH41h6L0URIMEPSiaLdrFw77BI6EkA==
px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1664869386035%26url%3Dhttp%253A%252F%252Fwww.usbfund.com%252Fhow-to-write-a-business-plan-for-a-loan%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQL1HaejeFAUtwAAAYOh8slTdlDljJxfOif6QXVCmvtMuZPoAs-xUNGE9tl91xWb6xlyzZpStWqnBA; Max-Age=2592000; Expires=Thu, 03 Nov 2022 07:43:06 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJ6kIewiO0D5gAAAYOh8slTHufeDu0vKQiy0Jjwv8r93gE6tC5SHTFxc1gtzlRP09XPQrcf97jWhQD-_8mEeg; Max-Age=2592000; Expires=Thu, 03 Nov 2022 07:43:06 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&61a9469a-afd2-4ffc-8468-650d7236ceaf"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 04-Oct-2023 07:43:06 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2354:u=1:x=1:i=1664869386:t=1664955786:v=2:sig=AQF1_bUZY_9-rUZyOIrad_78eHiEq6Xr"; Expires=Wed, 05 Oct 2022 07:43:06 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXqMJxiSS9r6IVCX3P8wQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8CB15F1CC3E14D12BF45079538027B9B Ref B: OSL30EDGE0505 Ref C: 2022-10-04T07:43:06Z
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 0
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.bxslider.min.js
207.137.0.213200 OK 5.1 kB URL HTTP/2 www.checkbca.org/scripts/jquery.bxslider.min.js
IP 207.137.0.213:0
File type ASCII text, with very long lines (18813)
Hash 9777aab0bd6025cd5c7ecaebd409284d
ab73cc0c1c09e58a1fa0d5bda44c313f697f14da
7b01c6335fa7c91f0b359d56158676c2553323f6e09dd01db242b0da0d104d1b
GET /scripts/jquery.bxslider.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 5135
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectBox.js
207.137.0.213301 Moved Permanently 175 B URL HTTP/2 www.checkbca.org/scripts/jquery.selectBox.js
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 46da262b5b1399dfbf30fac73e57a298
c176cf3cfa6da6a0748c497591ff3619467d6434
4089029c368f61bcc5e6be36c952e1c440e0e20475e247b8316c6ce57ea7cc99
GET /scripts/jquery.selectBox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/jquery.selectbox.js
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 175
X-Firefox-Spdy: h2
www.checkbca.org/scripts/scripts.js
207.137.0.213200 OK 4.3 kB URL HTTP/2 www.checkbca.org/scripts/scripts.js
IP 207.137.0.213:0
File type ASCII text, with CRLF line terminators
Hash 3b38a1caac14cc0685da48549e84da3b
2ce4f852dced2ddee12614640dcfeb0f3a96ae48
4e45d270791d6d30c782e95c1763ef0a1ac7b934d5cb703b651f3c6434c8b22b
GET /scripts/scripts.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 18:58:56 GMT
accept-ranges: bytes
etag: "0d8f25b6cd3d81:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 4272
X-Firefox-Spdy: h2
www.checkbca.org/images/widget_member_seal.png
207.137.0.213200 OK 4.9 kB URL HTTP/2 www.checkbca.org/images/widget_member_seal.png
IP 207.137.0.213:0
File type PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash b16b18a3bc55b39e53d58026662582b1
f1ef3e2605c0eb6afd312dcc7b354b4d0dee54a2
fb715daa7fae403543290995b70576747818581d044e57b5ac072fd27c84e1bf
GET /images/widget_member_seal.png HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: image/png
last-modified: Sat, 09 May 2020 03:31:08 GMT
accept-ranges: bytes
etag: "8a855647b225d61:0"
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 4897
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/jquery.selectbox.css
207.137.0.213200 OK 844 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectbox.css
IP 207.137.0.213:0
File type ASCII text, with very long lines (2823), with no line terminators
Hash ef6ac3dc00cd170fb2e40e76489dc10d
02964dcc31527690062facef2f5ca2c0cf24ea23
06e4f8e3d1d4e68a23c9fd4927304906f912307b71f80025f6b74dfe3945d813
GET /stylesheets/jquery.selectbox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: text/css
content-encoding: gzip
last-modified: Fri, 02 Aug 2019 17:52:06 GMT
accept-ranges: bytes
etag: "0a783ff5a49d51:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 844
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
207.137.0.213200 OK 24 kB URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
IP 207.137.0.213:0
File type ASCII text, with very long lines (65262), with CRLF line terminators
Hash 1aa546445a52ff5e781cb1e335f445c4
a8071c7d8f7c2798100ceed7ef5842a587cc41d2
6a3e80b4cc602560e187e061ff5070fdda5c608125956f878f417b01867f6b09
GET /scripts/webforms/msajax/microsoftajax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 18:58:58 GMT
accept-ranges: bytes
etag: "05245d6cd3d81:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 24320
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
207.137.0.213200 OK 9.6 kB URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
IP 207.137.0.213:0
File type ASCII text, with very long lines (39257), with CRLF line terminators
Hash 211aa6b9096a11187131cbc6c3ab6d16
380ff6b00fc93d78031319a6d1b0e78f2a9e6017
4f1ec7256c84b77776b8c75fd59dca0c6b5560fa3a5010a290e46b6b5d8d4f5f
GET /scripts/webforms/msajax/microsoftajaxwebforms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 28 Sep 2022 18:58:59 GMT
accept-ranges: bytes
etag: "809bbc5d6cd3d81:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 9603
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectbox.js
207.137.0.213200 OK 4.2 kB URL HTTP/2 www.checkbca.org/scripts/jquery.selectbox.js
IP 207.137.0.213:0
File type Unicode text, UTF-8 text, with very long lines (15896), with no line terminators
Hash 786f2eb7bf72098ca18b9afd6d127237
5e75cb575c23f13e064a913cbe55570670e718ab
d8a1f1df33bbe0f528bfd53be5c1388890220e54c5aaa7281b889a1e5dde3189
GET /scripts/jquery.selectbox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 4192
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1664869386035%26url%3Dhttp%253A%252F%252Fwww.usbfund.com%252Fhow-to-write-a-business-plan-for-a-loan%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1664869386035%26url%3Dhttp%253A%252F%252Fwww.usbfund.com%252Fhow-to-write-a-business-plan-for-a-loan%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1664869386035%26url%3Dhttp%253A%252F%252Fwww.usbfund.com%252Fhow-to-write-a-business-plan-for-a-loan%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&c707f40e-d5ce-4be1-88b7-088108502dd8"; Domain=.linkedin.com; Expires=Wed, 04-Oct-2023 07:43:06 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20221004074306c9fc2da7-7701-428b-8b12-411f638483d5AQHNysJgK7mmG7tnS7IhjuDht5FmtCk7"; Domain=.www.linkedin.com; Expires=Wed, 04-Oct-2023 07:43:06 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjQ4NjkzODY7MjswMjGquEnObHUua4fNQ3VCkOVycHpdAWlv7ZnbK6uP6sYQww==; Domain=.linkedin.com; Expires=Sun, 02 Apr 2023 07:43:06 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2354:u=1:x=1:i=1664869386:t=1664955786:v=2:sig=AQF1_bUZY_9-rUZyOIrad_78eHiEq6Xr"; Expires=Wed, 05 Oct 2022 07:43:06 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXqMJxlf8vH6BCP/9O13g==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9133F78029FF4D00BAD61F2BE35EC076 Ref B: OSL30EDGE0505 Ref C: 2022-10-04T07:43:06Z
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 0
X-Firefox-Spdy: h2
js.hs-analytics.net/analytics/1664869200000/5627136.js
104.17.70.176200 OK 20 kB URL HTTP/2 js.hs-analytics.net/analytics/1664869200000/5627136.js
IP 104.17.70.176:0
File type ASCII text, with very long lines (63804)
Hash 954728b9963039e2876d1ebc641ea45e
af68997daa1b97ccea9ec9a30b1cf8956a070472
7cc0de1ff2a94c57ea19bf9870093c788b0344e0918b373cd28557df01dff7a1
GET /analytics/1664869200000/5627136.js HTTP/1.1
Host: js.hs-analytics.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:06 GMT
content-type: text/javascript
x-amz-id-2: dQcG+QsqiWwgstLbNkPU8n4PSXaA5q0fGPbX7leKA79nMBpE/JtEwdHEu4ZfSybEaysxUJ7YSCI=
x-amz-request-id: BMS0WGV9W6F5WBQ3
last-modified: Wed, 31 Aug 2022 12:07:32 GMT
etag: W/"cb02fcda3a5ef043749dfb9126484a5a"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: null
access-control-allow-credentials: false
vary: origin, Accept-Encoding
expires: Tue, 04 Oct 2022 07:48:06 GMT
cf-cache-status: MISS
server: cloudflare
cf-ray: 754c48e11f93b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
511-lvj-854.mktoresp.com/webevents/visitWebPage?_mchNc=1664869386039&_mchCn=&_mchId=511-LVJ-854&_mchTk=_mch-usbfund.com-1664869386039-73287&_mchHo=www.usbfund.com&_mchPo=&_mchRu=%2Fhow-to-write-a-business-plan-for-a-loan%2F&_mchPc=http%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Dbayengage__-__utm_medium%3Dcampaign-email__-__utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
199.15.214.243200 OK 43 B URL HTTP/1.0 511-lvj-854.mktoresp.com/webevents/visitWebPage?_mchNc=1664869386039&_mchCn=&_mchId=511-LVJ-854&_mchTk=_mch-usbfund.com-1664869386039-73287&_mchHo=www.usbfund.com&_mchPo=&_mchRu=%2Fhow-to-write-a-business-plan-for-a-loan%2F&_mchPc=http%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Dbayengage__-__utm_medium%3Dcampaign-email__-__utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP 199.15.214.243:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 7e1a751d6f8efada000e3df3aac35514
4c73d56e1221bcee6aca2e954b71b9d6216de36e
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
POST /webevents/visitWebPage?_mchNc=1664869386039&_mchCn=&_mchId=511-LVJ-854&_mchTk=_mch-usbfund.com-1664869386039-73287&_mchHo=www.usbfund.com&_mchPo=&_mchRu=%2Fhow-to-write-a-business-plan-for-a-loan%2F&_mchPc=http%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Dbayengage__-__utm_medium%3Dcampaign-email__-__utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: 511-lvj-854.mktoresp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.usbfund.com
Connection: keep-alive
Referer: http://www.usbfund.com/
Content-Length: 0
HTTP/1.0 200 OK
Server: BigIP
Connection: Keep-Alive
Content-Length: 43
px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=58092&time=1664869386035&url=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&27006559-4f6c-4a84-85d8-7b5602a66b5c"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 04-Oct-2023 07:43:06 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2401:u=1:x=1:i=1664869386:t=1664955786:v=2:sig=AQGePAbcUN1EOBXU36yc5Lhd4yUZisTz"; Expires=Wed, 05 Oct 2022 07:43:06 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXqMJxoAs5kbgYOeK8vdw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DD165160B9754BE88B91EDE3FFD43FBB Ref B: OSL30EDGE0505 Ref C: 2022-10-04T07:43:06Z
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 0
X-Firefox-Spdy: h2
www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
207.137.0.213200 OK 6.8 kB URL HTTP/2 www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (604), with CRLF line terminators
Hash a82c1c1f1936612e962250f90cbb5918
06dbae8083a84a3092a12c5970206d8b1d3b382b
8a4ee8f3697102bd09f3b7f435a6d780fdf24039031ec0e58c4735e1c5f0611c
GET /companywidget.aspx?ID=100094667&WidgetType=1 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=hqyokmgeimfpvc0zxxcvniir; path=/; secure; HttpOnly; SameSite=Lax
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 6794
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 338daf9e7cf569095b662a23a9b89b8b
e6bd658ecb39bab14124f14a56e84a6790345042
af2d301a53f69c5b4cc48d999775c3cff8f6d7eb52ba02e8263fda421b55522f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF2D301A53F69C5B4CC48D999775C3CFF8F6D7EB52BA02E8263FDA421B55522F"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14718
Expires: Tue, 04 Oct 2022 11:48:25 GMT
Date: Tue, 04 Oct 2022 07:43:07 GMT
Connection: keep-alive
track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=5627136&ct=blog-post&rcu=https%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F&pu=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&t=How+to+Write+a+Business+Plan+for+a+Loan%3F+-+US+Business+Funding&cts=1664869386739&vi=d9462924b23b0d70e251321a4e05bf90&nc=true&u=152200550.d9462924b23b0d70e251321a4e05bf90.1664869386736.1664869386736.1664869386736.1&b=152200550.1.1664869386736&cc=15
104.19.155.83200 OK 45 B URL HTTP/2 track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=5627136&ct=blog-post&rcu=https%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F&pu=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&t=How+to+Write+a+Business+Plan+for+a+Loan%3F+-+US+Business+Funding&cts=1664869386739&vi=d9462924b23b0d70e251321a4e05bf90&nc=true&u=152200550.d9462924b23b0d70e251321a4e05bf90.1664869386736.1664869386736.1664869386736.1&b=152200550.1.1664869386736&cc=15
IP 104.19.155.83:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c8817d472077ebfc04593c1fa019d32d
e1e86f41c86c7b9cd2e8b76c6a925a1a3e7e3247
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=5627136&ct=blog-post&rcu=https%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F&pu=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&t=How+to+Write+a+Business+Plan+for+a+Loan%3F+-+US+Business+Funding&cts=1664869386739&vi=d9462924b23b0d70e251321a4e05bf90&nc=true&u=152200550.d9462924b23b0d70e251321a4e05bf90.1664869386736.1664869386736.1664869386736.1&b=152200550.1.1664869386736&cc=15 HTTP/1.1
Host: track.hubspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: image/gif
content-length: 45
cf-ray: 754c48e67a27b4f1-OSL
cache-control: no-cache, no-store, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-hubspot-correlation-id: 0ffd26cc-da7d-4eb4-8aed-1dae83eff702
x-robots-tag: none
set-cookie: __cf_bm=1OmltKyLnk.ZICEKL3EejxeQYFZANggE.5NtnSiaY.U-1664869387-0-ASdWoyfgfw7CbcpNlJtsS/CA2fpb2WSPMeaWkmkkipCRXmtfTdGz5vcqdOCHS/NgAgrq1HJmagJLvfEd9EgEbhE=; path=/; expires=Tue, 04-Oct-22 08:13:07 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3AnyvWsQnEpi%2FlnWDUzRi1UKK8G3Xo0MVwQTtBWhBXadlEET%2FsUY8H9U7unCkWBxNGfOo5pIrEgddkmUxIQZx2PB1h3Ddzi0blSpCjVBuZXTys5ucSAvTGaR5ECG3yE8zUnn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/font-awesome.min.css
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/stylesheets/font-awesome.min.css
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stylesheets/font-awesome.min.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 28 Sep 2022 18:58:59 GMT
If-None-Match: "809bbc5d6cd3d81:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
i.simpli.fi/p?cid=323546&cb=sifi_att_42656._hp
169.50.137.179200 OK 930 B URL HTTP/2 i.simpli.fi/p?cid=323546&cb=sifi_att_42656._hp
IP 169.50.137.179:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (792)
Hash e6da724f6523214919791643ac316e03
0e357fc11eaea3018ea350def1687a53af135d52
eb37493227df839223a5582388af1467ffb4def81ef30fa1e17018d8956ed078
GET /p?cid=323546&cb=sifi_att_42656._hp HTTP/1.1
Host: i.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: application/javascript; charset=UTF-8
set-cookie: suid=9D85B21086044EC0924813FB3CEE8FC0; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=9D85B21086044EC0924813FB3CEE8FC0; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
uid_syncd=true; path=/; expires=Tue, 11 Oct 2022 07:43:07 GMT; domain=.simpli.fi; secure
uid_syncd_secure=true; path=/; expires=Tue, 11 Oct 2022 07:43:07 GMT; domain=.simpli.fi; samesite=none; secure
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache, no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/style.css
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/stylesheets/style.css
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stylesheets/style.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 28 Sep 2022 18:58:59 GMT
If-None-Match: "809bbc5d6cd3d81:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
207.137.0.213301 Moved Permanently 188 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6f83537ac9d2567aa0049ad8d28282d8
7e4975fe0edee16d97ab1f59dd7473a95902f30e
c614ae1fc44d88ab3555782295fd0de23f7b1062ef93e0777530a9ff2fdb2fe6
GET /Scripts/WebForms/MsAjax/MicrosoftAjax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 188
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
207.137.0.213301 Moved Permanently 196 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 95d708e49ef3d81c5832e354dbdafb01
ddb6aa6d1990a59c42331129fef517bb9101fad1
429e36746d58356e8d7fd50c755f2ec8de5fcf67bc3980f782eef9c14e89db18
GET /Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 196
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery-3.3.1.min.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery-3.3.1.min.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery-3.3.1.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.simplemodal.1.4.4.min.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery.simplemodal.1.4.4.min.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery.simplemodal.1.4.4.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.bxslider.min.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery.bxslider.min.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery.bxslider.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectBox.js
207.137.0.213301 Moved Permanently 175 B URL HTTP/2 www.checkbca.org/scripts/jquery.selectBox.js
IP 207.137.0.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 46da262b5b1399dfbf30fac73e57a298
c176cf3cfa6da6a0748c497591ff3619467d6434
4089029c368f61bcc5e6be36c952e1c440e0e20475e247b8316c6ce57ea7cc99
GET /scripts/jquery.selectBox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/jquery.selectbox.js
date: Tue, 04 Oct 2022 07:43:06 GMT
content-length: 175
X-Firefox-Spdy: h2
www.checkbca.org/scripts/scripts.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/scripts.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/scripts.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 28 Sep 2022 18:58:56 GMT
If-None-Match: "0d8f25b6cd3d81:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
speedyfox.io/anywhere/5f1d4e2f1d5e403592a56487267b609f40807d7ef69744e7aa045795455c9581?t=&u=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=
198.61.165.71403 Forbidden 18 B URL HTTP/1.1 speedyfox.io/anywhere/5f1d4e2f1d5e403592a56487267b609f40807d7ef69744e7aa045795455c9581?t=&u=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=
IP 198.61.165.71:0
File type ASCII text, with no line terminators
Hash 25f009f228cd844020264ff74a36bb64
8e2ada0df86c2ea12930c55ebdc0575aa5e31d87
a4578829918d4df61d980bf0665df65a68d19ea4de6d0dfdb75fb099b47474bf
GET /anywhere/5f1d4e2f1d5e403592a56487267b609f40807d7ef69744e7aa045795455c9581?t=&u=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r= HTTP/1.1
Host: speedyfox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 18
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
X-Timing: lt=0
Date: Tue, 04 Oct 2022 07:43:07 GMT
Connection: close
um.simpli.fi/triplelift
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /triplelift HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://eb2.3lift.com/xuid?mid=7969&xuid=09FA9D8DFF1A4266AD41DC1F187C4135&dongle=yf3
set-cookie: suid=09FA9D8DFF1A4266AD41DC1F187C4135; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=09FA9D8DFF1A4266AD41DC1F187C4135; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/freewheel
34.91.62.186200 OK 43 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /freewheel HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=8F36FBE93DA841848F417C9B9E0130C6; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=8F36FBE93DA841848F417C9B9E0130C6; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/dtnx
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /dtnx HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://fei.pro-market.net/engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;
set-cookie: suid=0FFDB6E9A849435B8D75D721267E2C0A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=0FFDB6E9A849435B8D75D721267E2C0A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/exelatem
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /exelatem HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=B7456A925F8D4900BB4160878578F37A&j=0
set-cookie: suid=B7456A925F8D4900BB4160878578F37A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=B7456A925F8D4900BB4160878578F37A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/yahoo
34.91.62.186200 OK 43 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /yahoo HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=83BA357685594984892554941D446B0B; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=83BA357685594984892554941D446B0B; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/beachfront
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /beachfront HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://sync.bfmio.com/sync?pid=141&uid=CE4E17A7565D4AB2BF020FEEF6CB1B55
set-cookie: suid=CE4E17A7565D4AB2BF020FEEF6CB1B55; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=CE4E17A7565D4AB2BF020FEEF6CB1B55; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/bluekai
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /bluekai HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://stags.bluekai.com/site/29931?id=5E73FA72F0E5492AA7E7E1E999FE306A
set-cookie: suid=5E73FA72F0E5492AA7E7E1E999FE306A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=5E73FA72F0E5492AA7E7E1E999FE306A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/crwdcntrl
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /crwdcntrl HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A
set-cookie: suid=6176BF07F5764656ACAE040F04EDE57A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=6176BF07F5764656ACAE040F04EDE57A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/lj_match
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /lj_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://ce.lijit.com/merge?pid=2&3pid=A746F9A07AF647AC9681D171D6B8830E
set-cookie: suid=A746F9A07AF647AC9681D171D6B8830E; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=A746F9A07AF647AC9681D171D6B8830E; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c2f53a68cf2490044db9c8a8b4ad0083
edcbbb89af1923bed4adfab5da5151af29ba5bcc
c58ae0008416eb3fbebf730eb018dbf378754dbc3cf2e631f003c3bf83d39fd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
um.simpli.fi/liveramp_match
34.91.62.186302 Found 142 B URL HTTP/2 um.simpli.fi/liveramp_match
IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /liveramp_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://idsync.rlcdn.com/419566.gif?partner_uid=68057A8A106041F0A55F7F117FCBE55D
set-cookie: suid=68057A8A106041F0A55F7F117FCBE55D; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=68057A8A106041F0A55F7F117FCBE55D; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
um.simpli.fi/spotx_match
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /spotx_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://sync.search.spotxchange.com/partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79
set-cookie: suid=2C72FA339AF4490EB1842AB44C48DA79; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=2C72FA339AF4490EB1842AB44C48DA79; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/an
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /an HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://ib.adnxs.com/setuid?entity=66&code=0359895A296A46C9BCA67FA720181617
set-cookie: suid=0359895A296A46C9BCA67FA720181617; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=0359895A296A46C9BCA67FA720181617; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/rb_match
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /rb_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0378E13F31BC446885FDE96BFAC6B220&expires=365
set-cookie: suid=0378E13F31BC446885FDE96BFAC6B220; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=0378E13F31BC446885FDE96BFAC6B220; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/ox_match
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /ox_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=0686AAFED2774285B51526E2B0AB1795
set-cookie: suid=0686AAFED2774285B51526E2B0AB1795; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=0686AAFED2774285B51526E2B0AB1795; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/telaria_p
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /telaria_p HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://simplifi.partners.tremorhub.com/sync?UISF=2BBE0692603E4FB597E55DEB457C891E
set-cookie: suid=2BBE0692603E4FB597E55DEB457C891E; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=2BBE0692603E4FB597E55DEB457C891E; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/ad_advisor
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /ad_advisor HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=1FE6EA56560E4B07BD2155048B932E6B
set-cookie: suid=1FE6EA56560E4B07BD2155048B932E6B; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=1FE6EA56560E4B07BD2155048B932E6B; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/intentiq
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /intentiq HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7670738D2F6B46C0A173BA8BAA2DEF9A
set-cookie: suid=7670738D2F6B46C0A173BA8BAA2DEF9A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=7670738D2F6B46C0A173BA8BAA2DEF9A; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/tapad
34.91.62.186302 Found 142 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /tapad HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 142
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782
set-cookie: suid=A7FBC579C8BF4E6FA0FCB7EA866B1782; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=A7FBC579C8BF4E6FA0FCB7EA866B1782; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/jquery.selectbox.css
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectbox.css
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stylesheets/jquery.selectbox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Fri, 02 Aug 2019 17:52:06 GMT
If-None-Match: "0a783ff5a49d51:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
um.simpli.fi/pubmatic
34.91.62.186200 OK 43 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /pubmatic HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=A7844E5CF04D4B70AE85CCD7875FF457; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=A7844E5CF04D4B70AE85CCD7875FF457; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/webforms/msajax/microsoftajaxwebforms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 28 Sep 2022 18:58:59 GMT
If-None-Match: "809bbc5d6cd3d81:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/webforms/msajax/microsoftajax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 28 Sep 2022 18:58:58 GMT
If-None-Match: "05245d6cd3d81:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
www.googleadservices.com/pagead/conversion/1026675585/?random=1664869387272&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
142.250.74.66302 Found 42 B URL HTTP/2 www.googleadservices.com/pagead/conversion/1026675585/?random=1664869387272&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/conversion/1026675585/?random=1664869387272&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Oct 2022 07:43:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=C-Q7Y62SJo-2YYn5mCA&sscte=1&crd=CJqqsQI
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectbox.js
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery.selectbox.js
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery.selectbox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:06 GMT
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
142.250.74.162302 Found 296 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 0103dd025950e32d5eb84f8e72ddb997
9ddb94b670f62f21ddee3157f2ad97d122bf8248
ad325fee7bf9ae842aa1ea62cadbd134bf6590eaa84413165b1b7c6f4e5afd0d
GET /pixel?google_nid=simplifi&google_cm&google_sc HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
date: Tue, 04 Oct 2022 07:43:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 296
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-Oct-2022 07:58:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
142.250.74.162302 Found 248 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 90f3317c598426fe1c249b0cc4845475
72856fffdc53e9e630c38bbd9b4fe04afb72015a
2d722b67473e8cf5282435d3608e9a9fe2092279aceaf9d88d4b89fecac69c8b
GET /pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://um.simpli.fi/g_match?id=&google_error=3
date: Tue, 04 Oct 2022 07:43:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 248
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 1efec525b1614135b5538ca352e4dcd6
5b25056596d7e46465999bc18007f5a7f3101732
bacacd1710cea97390c53ed1c9ce031b1ddf9b92ce4c995a3343fe1d2a958674
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 22:10:17 GMT
Expires: Sat, 08 Oct 2022 22:10:16 GMT
Etag: "5b25056596d7e46465999bc18007f5a7f3101732"
Cache-Control: max-age=603832,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 796
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754c48e939cffab8-OSL
um.simpli.fi/g_match?id=&google_error=3
34.91.62.186204 No Content 0 B URL HTTP/2 um.simpli.fi/g_match?id=&google_error=3
IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /g_match?id=&google_error=3 HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 04 Oct 2022 07:43:07 GMT
set-cookie: suid=262D922FD5404802BEEF1AAD1EBA8440; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; SameSite=none; Secure;
suid_legacy=262D922FD5404802BEEF1AAD1EBA8440; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:07 GMT; Secure;
expires: Mon, 03 Oct 2022 07:43:07 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
fei.pro-market.net/engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;
107.178.240.89302 Found 0 B URL HTTP/2 fei.pro-market.net/engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;
IP 107.178.240.89:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img; HTTP/1.1
Host: fei.pro-market.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver: gapp-eu-5.c.datonics-gcp-01.internal
set-cookie: anProfile="1+1+1f=1+1g=2+1j=57:1+rs=s+rt=5B5A2A9A+s2=(rj7xfv)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin: *
location: https://fei.pro-market.net/engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;sr
content-type: image/gif
content-length: 0
date: Tue, 04 Oct 2022 07:43:07 GMT
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fei.pro-market.net/engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;sr
107.178.240.89200 OK 43 B URL HTTP/2 fei.pro-market.net/engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;sr
IP 107.178.240.89:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 968c3ad2c1183fee0bf0dd479f7904b7
1d770800ecb05eb9133f9b51620c9e4349656859
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
GET /engine?du=24;csync=0FFDB6E9A849435B8D75D721267E2C0A;mimetype=img;sr HTTP/1.1
Host: fei.pro-market.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver: gapp-eu-5.c.datonics-gcp-01.internal
set-cookie: anProfile="0+1+1f=1+1g=2+1j=57:1+rs=s+rt=5B5A2A9A+s2=(rj7xfv)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin: *
content-type: image/gif
content-length: 43
date: Tue, 04 Oct 2022 07:43:07 GMT
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 32bb28ca31875a794be64a3fe0698ab7
d3e59c7371451a8836ea847e56dd70b0a5f97e4d
c67a2ff747735e636fea91ad110b53532a199be894b7d5d303f0931ef10a37a8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 06:12:53 GMT
Server: ECS (nyb/1DD2)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4oVVNCFYAGWLvcJ0ESWhEwm-Z5hxIKzZ2XNKDCJ2SC_VoK6TrQkZgA==
Age: 5414
stags.bluekai.com/site/29931?id=5E73FA72F0E5492AA7E7E1E999FE306A
23.38.201.22200 OK 62 B URL HTTP/2 stags.bluekai.com/site/29931?id=5E73FA72F0E5492AA7E7E1E999FE306A
IP 23.38.201.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3f386f5061436a0338a64e0910db495d
599fe4a552c991a2b3ce5a1660732bf7b21fb901
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
GET /site/29931?id=5E73FA72F0E5492AA7E7E1E999FE306A HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 62
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Tue, 04 Oct 2022 07:43:07 GMT
set-cookie: bku=blx999FAmt1/EhDB; Path=/; Domain=.bluekai.com; Expires=Tue, 04 Apr 2023 07:43:07 GMT; SameSite=None
bkpa=KJy9nyexd02pSUHknp/8mE1hwtkAwEPaBpBsxEz0HMOaBEx81AaOB6DlHEaamEA8HADp1ejO9y93fQF/; Path=/; Domain=.bluekai.com; Expires=Tue, 04 Apr 2023 07:43:07 GMT; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c8ba09e28963a711c7b2ce6c91a3a3a3
7cc64a4bf1691002ed65627d8f5bccd7d742721e
e029fc044883da7fbfd828a7c98822fa3bc814ff7e75abf7a7bcbaa64cb395ba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.checkbca.org/images/widget_member_seal.png
207.137.0.213304 Not Modified 0 B URL HTTP/2 www.checkbca.org/images/widget_member_seal.png
IP 207.137.0.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/widget_member_seal.png HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Sat, 09 May 2020 03:31:08 GMT
If-None-Match: "8a855647b225d61:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Tue, 04 Oct 2022 07:43:07 GMT
X-Firefox-Spdy: h2
eb2.3lift.com/xuid?mid=7969&xuid=09FA9D8DFF1A4266AD41DC1F187C4135&dongle=yf3
76.223.111.18200 OK 37 B URL HTTP/2 eb2.3lift.com/xuid?mid=7969&xuid=09FA9D8DFF1A4266AD41DC1F187C4135&dongle=yf3
IP 76.223.111.18:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3eacd0132310ea44cad756b378a3bc07
e2216a7e9b73f5cb0279351c78ce61c33475cea7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
GET /xuid?mid=7969&xuid=09FA9D8DFF1A4266AD41DC1F187C4135&dongle=yf3 HTTP/1.1
Host: eb2.3lift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: image/gif
content-length: 37
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9fde55b4ba25a0ca5fbf39c50615b2e0
6210374d3f3c48ce99086cf1be4dc7f12d378959
de0b8be4552817341f225c840c3ae5788ce0a21fb09a14f6d0332965b3973cba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6313
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 05:57:54 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a5358101ee9b2c2034556a787bbcd975
9c3a82dc6dff651d19513fc15861b96f124fe86c
c1ab7a663829eb3e1d98fb6748fb672996ce9b46b0af05d81d178b01c94adf47
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4975
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 06:20:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7670738D2F6B46C0A173BA8BAA2DEF9A
143.204.55.23403 Forbidden 986 B URL HTTP/2 sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7670738D2F6B46C0A173BA8BAA2DEF9A
IP 143.204.55.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a411e9fb7fb609db6a5d80aa054b29b0
f08034cbf244a6f036c8614834cb56eb77967f4b
b5b17a30e5c82b15cb12e77b69f87d7dccde5fbf80c945b82013bc6392ab0ded
GET /profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7670738D2F6B46C0A173BA8BAA2DEF9A HTTP/1.1
Host: sync.intentiq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: CloudFront
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: text/html
content-length: 986
x-cache: Error from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pqwirqJBl2wZev9_i5zn3UR3QhHRL4ALwHV0rk_wK3u_R2CLgqoulw==
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0378E13F31BC446885FDE96BFAC6B220&expires=365
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0378E13F31BC446885FDE96BFAC6B220&expires=365
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=6286&nid=2132&put=0378E13F31BC446885FDE96BFAC6B220&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 693f17ec94b6fd0c82d03268b1ba23d6
Content-Type: image/gif
ib.adnxs.com/setuid?entity=66&code=0359895A296A46C9BCA67FA720181617
37.252.173.22307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/setuid?entity=66&code=0359895A296A46C9BCA67FA720181617
IP 37.252.173.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /setuid?entity=66&code=0359895A296A46C9BCA67FA720181617 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0359895A296A46C9BCA67FA720181617
AN-X-Request-Uuid: 28c7cce2-5ed3-45cc-9a1c-7d3064fffee7
Set-Cookie: uuid2=249843775727462993; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 07:43:07 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f92d4a820a7cad6a2a5a6d949cbf6056
4f7de474168ff6b13ef72ddb9717e6977848f8f1
1a67f264dade73839f56671dd600bf7d9add025e53d87ff6b2fc0b68eaa62e55
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4944
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 06:20:43 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
us-u.openx.net/w/1.0/sd?id=537072966&val=0686AAFED2774285B51526E2B0AB1795
34.98.64.218200 OK 43 B URL HTTP/2 us-u.openx.net/w/1.0/sd?id=537072966&val=0686AAFED2774285B51526E2B0AB1795
IP 34.98.64.218:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /w/1.0/sd?id=537072966&val=0686AAFED2774285B51526E2B0AB1795 HTTP/1.1
Host: us-u.openx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 04 Oct 2022 07:43:07 GMT
content-type: image/gif
content-length: 43
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 4494c48ad536470e1ebf712280d3b648
9cfa652eba045068a02f3c28b3b997008b9e60b1
85cdbfde960efde478e82c1234f3f0be5127fe0ca03ad1465526824f27d92e72
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 04 Oct 2022 00:03:09 GMT
Expires: Wed, 05 Oct 2022 00:03:09 GMT
ETag: "9cfa652eba045068a02f3c28b3b997008b9e60b1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ca53d621351d52de22b3ec51c114fd19
bf105ee4582f4dd816c13ce1a5f9a8e6f77a6bf8
08a44cea1ecd157159b7bb79d91f7c93af3c7855f38d703a12fd943d4cae9c81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5439
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 06:12:29 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
sync.search.spotxchange.com/partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=30281288-43b8-11ed-8c31-1e8b65530206; expires=Tue, 01-Nov-2022 07:43:07 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79&__user_check__=1&sync_id=302812bf-43b8-11ed-8c31-1e8b65530206
X-fe: 107
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0359895A296A46C9BCA67FA720181617
37.252.173.22200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0359895A296A46C9BCA67FA720181617
IP 37.252.173.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsetuid%3Fentity%3D66%26code%3D0359895A296A46C9BCA67FA720181617 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: e8457a67-b0cc-469b-9b8b-584bf7f77d38
Set-Cookie: anj=dTM7k!M4.FE:2jUF']wIg2C$Sd^vdE!]tbPl1N!7On*M$=BWIwjG+7cjFzDhglJEUl!a!viIPGoiK5l^i+.2Vhx6:De?BxA(j#iP(Md+>)fy)lw^.8o; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 07:43:07 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a5358101ee9b2c2034556a787bbcd975
9c3a82dc6dff651d19513fc15861b96f124fe86c
c1ab7a663829eb3e1d98fb6748fb672996ce9b46b0af05d81d178b01c94adf47
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 06:23:10 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=C-Q7Y62SJo-2YYn5mCA&sscte=1&crd=CJqqsQI
142.250.74.130302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=C-Q7Y62SJo-2YYn5mCA&sscte=1&crd=CJqqsQI
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=C-Q7Y62SJo-2YYn5mCA&sscte=1&crd=CJqqsQI HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Oct 2022 07:43:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-Oct-2022 07:58:07 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c20571a71a3179e9d2d585efaff085aa
301109feec0141923b578353a29afb205a365d3d
e99c7cc64b45c6f6c24cb412d9de7e522cb0b9726dbd8ad4b4fba204ad78d274
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6486
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 05:55:01 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A
52.18.161.218302 Found 0 B URL HTTP/2 bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A
IP 52.18.161.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /map/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 07:43:07 GMT
content-length: 0
location: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.2.190
set-cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net;SameSite=None;Secure
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
loadm.exelator.com/load/?p=204&g=2191&simid=B7456A925F8D4900BB4160878578F37A&j=0
34.254.143.3204 No Content 0 B URL HTTP/2 loadm.exelator.com/load/?p=204&g=2191&simid=B7456A925F8D4900BB4160878578F37A&j=0
IP 34.254.143.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /load/?p=204&g=2191&simid=B7456A925F8D4900BB4160878578F37A&j=0 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 07:43:07 GMT
cache-control: no-cache
x-powered-by: Undertow/1
access-control-allow-credentials: true
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 25b54eb264c53b289e975c66fda3c1a5
7cdbc16d3902840ca958ed1adb71d0ec224f2ce6
0dd6e2539491e0714b4d73290b3031db4f446c2da815d377304bdff23afad375
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6134
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:07 GMT
Last-Modified: Tue, 04 Oct 2022 06:00:54 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 727
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash e1864a4b36e5395c23ec15af047d92b2
6089fc57803cdeb3fbca3cc01c3aeb7392b19878
0492f8fbcfca2a0c604c1766ce5f61cad89421af6c9112a59849ac422e9b9522
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 03 Oct 2022 22:22:25 GMT
Expires: Tue, 04 Oct 2022 22:22:25 GMT
ETag: "6089fc57803cdeb3fbca3cc01c3aeb7392b19878"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
sync.search.spotxchange.com/partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79&__user_check__=1&sync_id=302812bf-43b8-11ed-8c31-1e8b65530206
185.94.180.125200 OK 43 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79&__user_check__=1&sync_id=302812bf-43b8-11ed-8c31-1e8b65530206
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /partner?adv_id=7797&uid=2C72FA339AF4490EB1842AB44C48DA79&__user_check__=1&sync_id=302812bf-43b8-11ed-8c31-1e8b65530206 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 07:43:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: audience=30317775-43b8-11ed-8663-152b84bd0406; expires=Tue, 01-Nov-2022 07:43:07 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 80
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782
35.227.248.159302 Found 0 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782
IP 35.227.248.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idsync/ex/receive?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782 HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 07:43:07 GMT
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1664869387995;Expires=Sat, 03 Dec 2022 07:43:07 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=6f665174-ea20-4d07-abed-2784f7e0e27f;Expires=Sat, 03 Dec 2022 07:43:07 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A
52.18.161.218200 OK 49 B URL HTTP/2 bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A
IP 52.18.161.218:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 56398e76be6355ad5999b262208a17c9
a1fdee122b95748d81cee426d717c05b5174fe96
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
GET /map/ct=y/c=7625/tp=SIMP/tpid=6176BF07F5764656ACAE040F04EDE57A HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:08 GMT
content-type: image/gif
content-length: 49
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.22.4
x-consent: absent
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
ce.lijit.com/merge?pid=2&3pid=A746F9A07AF647AC9681D171D6B8830E
216.52.2.39204 No Content 0 B URL HTTP/1.1 ce.lijit.com/merge?pid=2&3pid=A746F9A07AF647AC9681D171D6B8830E
IP 216.52.2.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /merge?pid=2&3pid=A746F9A07AF647AC9681D171D6B8830E HTTP/1.1
Host: ce.lijit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Tue, 04 Oct 2022 07:43:08 GMT
x-merge: GDPR Optout true
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
expires: Fri, 20 Mar 2009 00:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pod: X-Sovrn-Pod: ad_ap7ams1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b45b15bb651cc185ea82d91a51f06b5a
44987727be72bb12b4e4fc4fac50145835512750
f0b61426de169cf2efde87ac98d5123ea785004ad05c05932a099b644b2fdf64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c20571a71a3179e9d2d585efaff085aa
301109feec0141923b578353a29afb205a365d3d
e99c7cc64b45c6f6c24cb412d9de7e522cb0b9726dbd8ad4b4fba204ad78d274
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6487
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:08 GMT
Last-Modified: Tue, 04 Oct 2022 05:55:01 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash e2c715eaa85b800a6c292288badb3073
e1a42a6c7506e9c3c372973bec3a51c721ca67f3
3e96ad49aae303216252582d8a39bb649adefab83a89564d9e095353e5773c30
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:08 GMT
Last-Modified: Tue, 04 Oct 2022 05:58:10 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s1x9Fz29JLlt8OQWTWh03ViBxzla058el06e3X9TlK4Yj6maOocJmw==
Age: 6298
pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782
35.227.248.159200 OK 95 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782
IP 35.227.248.159:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /idsync/ex/receive/check?partner_id=2305&partner_device_id=A7FBC579C8BF4E6FA0FCB7EA866B1782 HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:08 GMT
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1664869388041;Expires=Sat, 03 Dec 2022 07:43:08 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=35c0ec7d-497d-423c-aebd-23c64fe51e07;Expires=Sat, 03 Dec 2022 07:43:08 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_3WAY_SYNCS=;Expires=Sat, 03 Dec 2022 07:43:08 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
content-type: image/png
content-length: 95
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560
142.250.74.164302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Oct 2022 07:43:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash bdb95e6379de01f974d31872ed940a5f
77dc35b3a02b64adccce339347abb986d9b7b928
d4ccb157ec8c90b6de7a518451bf6d8ccd73518771b971e7c8c63734a3e641bb
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:08 GMT
Last-Modified: Tue, 04 Oct 2022 07:06:16 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yqiXodUimLtewke86Lvjk_7k7TF7Ha0g10Xb4SEP--uuw5QAKSThkg==
Age: 2212
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 129fe858bf2aa7291fd2c6dd4cf9d226
e3e048b964b851ebbdcfb5bd80ebdbad13720cf6
addc7e4ddab73c8c7ee50f6d33fc1e4ff73b71cc014e481049a393c3b87b0924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e13df37c7a0102aa69d97512e4f3bad4
2c3019bef2f4bc34b3f3dc212b30d4fad04f8b37
cfbc8bfd83a8eb63bf5d189e398e1373222f1d1bde223fba70e3c7b560c708aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sync.bfmio.com/sync?pid=141&uid=CE4E17A7565D4AB2BF020FEEF6CB1B55
54.145.148.127204 0 B URL HTTP/1.1 sync.bfmio.com/sync?pid=141&uid=CE4E17A7565D4AB2BF020FEEF6CB1B55
IP 54.145.148.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?pid=141&uid=CE4E17A7565D4AB2BF020FEEF6CB1B55 HTTP/1.1
Host: sync.bfmio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
Date: Tue, 04 Oct 2022 07:43:07 GMT
Set-Cookie: __141_cid=CE4E17A7565D4AB2BF020FEEF6CB1B55; Domain=.bfmio.com; Expires=Wed, 04-Oct-2023 07:43:08 GMT; Path=/
__io_cid=50401508d0932cc927ffede85d52fc1aa877015b; Domain=.bfmio.com; Expires=Wed, 04-Oct-2023 07:43:08 GMT; Path=/
Connection: keep-alive
www.google.no/pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560&ipr=y&prhg=0
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560&ipr=y&prhg=0
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/1026675585/?random=758820475&cv=7&fst=1664869387272&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&is_vtc=1&ocp_id=C-Q7Y62SJo-2YYn5mCA&random=722184560&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Oct 2022 07:43:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
d.agkn.com/pixel/10751/?che=1664869388011&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219723204294000760961
34.248.212.187302 Found 0 B URL HTTP/1.1 d.agkn.com/pixel/10751/?che=1664869388011&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219723204294000760961
IP 34.248.212.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/10751/?che=1664869388011&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219723204294000760961 HTTP/1.1
Host: d.agkn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate
Date: Tue, 04 Oct 2022 07:43:07 GMT
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://um.simpli.fi/aa_px?sk=219723204294000760961
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: ab=0001%3Aa6smM4TkhtU6jLfF4H%2BPKthzCDO8BjXi;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
u=C|0AAAqzqCMKs6gjAAAAAAA;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
Content-Length: 0
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e13df37c7a0102aa69d97512e4f3bad4
2c3019bef2f4bc34b3f3dc212b30d4fad04f8b37
cfbc8bfd83a8eb63bf5d189e398e1373222f1d1bde223fba70e3c7b560c708aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 07:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
um.simpli.fi/aa_px?sk=219723204294000760961
34.91.62.186302 Found 142 B URL HTTP/2 um.simpli.fi/aa_px?sk=219723204294000760961
IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /aa_px?sk=219723204294000760961 HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 04 Oct 2022 07:43:08 GMT
content-type: text/html
content-length: 142
set-cookie: suid=EE2B74999D9B4869A5D0CAF9F00B81D7; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:08 GMT; SameSite=none; Secure;
suid_legacy=EE2B74999D9B4869A5D0CAF9F00B81D7; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:08 GMT; Secure;
location: /empty.gif
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/empty.gif
34.91.62.186200 OK 43 B IP 34.91.62.186:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /empty.gif HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:08 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=94CA717A027B4AE9852046F28508506C; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:08 GMT; SameSite=none; Secure;
suid_legacy=94CA717A027B4AE9852046F28508506C; Path=/; domain=simpli.fi; Expires=Thu, 05-Oct-23 07:43:08 GMT; Secure;
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash b636aef0f4a54d68dcf58fafd7eb9a8f
2d73f45aaec02ed7bd8cd6afe92daa035a074094
029297a2d6457ed33954cd9ed5b1c26925626797ccc4eb71e6671f8cd63e49e8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 07:43:09 GMT
Last-Modified: Tue, 04 Oct 2022 06:49:48 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: StxYvP5bjjYX4si5l_Rp7ZxH8PpnPJ-EmKAe9g5wUhOtOVUbRX4fbA==
Age: 3201
new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&c0=89342177&t0=1664869385961&ur0=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&ti0=How%20to%20Write%20a%20Business%20Plan%20for%20a%20Loan%3F%20-%20US%20Business%20Funding&re0=1280&re0=1024&o0=landscape-primary&us0=bayengage&um0=campaign-email&uca0=how-to-write-a-business-plan-to-get-approved-for-a-loan&e1=pageview_ping&ci1=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v1=44b0c5eb-28da-4cbb-aac5-eaa968929393&p1=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u1=7fb6a295-20ad-c77c-8673-db034f538d54&c1=89342177&t1=1664869385961&li1=1664869385959&e2=pageview_ping&ci2=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v2=44b0c5eb-28da-4cbb-aac5-eaa968929393&p2=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u2=2d185569-42bd-ede2-b6e0-53aa08ad1359&c2=89342177&t2=1664869385962&li2=1664869385959
52.48.206.34200 OK 37 B URL HTTP/2 new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&c0=89342177&t0=1664869385961&ur0=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&ti0=How%20to%20Write%20a%20Business%20Plan%20for%20a%20Loan%3F%20-%20US%20Business%20Funding&re0=1280&re0=1024&o0=landscape-primary&us0=bayengage&um0=campaign-email&uca0=how-to-write-a-business-plan-to-get-approved-for-a-loan&e1=pageview_ping&ci1=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v1=44b0c5eb-28da-4cbb-aac5-eaa968929393&p1=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u1=7fb6a295-20ad-c77c-8673-db034f538d54&c1=89342177&t1=1664869385961&li1=1664869385959&e2=pageview_ping&ci2=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v2=44b0c5eb-28da-4cbb-aac5-eaa968929393&p2=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u2=2d185569-42bd-ede2-b6e0-53aa08ad1359&c2=89342177&t2=1664869385962&li2=1664869385959
IP 52.48.206.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 637eb2cda011678b8ccd6b5b3c6e3570
300ffa6cb3b70adc05038ef2a4e9936978459ff2
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
GET /e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&c0=89342177&t0=1664869385961&ur0=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&ti0=How%20to%20Write%20a%20Business%20Plan%20for%20a%20Loan%3F%20-%20US%20Business%20Funding&re0=1280&re0=1024&o0=landscape-primary&us0=bayengage&um0=campaign-email&uca0=how-to-write-a-business-plan-to-get-approved-for-a-loan&e1=pageview_ping&ci1=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v1=44b0c5eb-28da-4cbb-aac5-eaa968929393&p1=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u1=7fb6a295-20ad-c77c-8673-db034f538d54&c1=89342177&t1=1664869385961&li1=1664869385959&e2=pageview_ping&ci2=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v2=44b0c5eb-28da-4cbb-aac5-eaa968929393&p2=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u2=2d185569-42bd-ede2-b6e0-53aa08ad1359&c2=89342177&t2=1664869385962&li2=1664869385959 HTTP/1.1
Host: new-collect.albacross.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:09 GMT
content-type: image/gif
content-length: 37
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59c6121e6f6cb833939e12585aca131e
5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df
88b8a458ad437bf40d154b21d844ba56530ae05c2f42b417cfb0e6cffcb294e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 35cc0acc-ac90-4f36-a976-c61c34cfe4fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqNXG3mIAMFujg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5722-112061742493dd5255c3fb00;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VeeA3FQIKbAt5xmPr99k9gQjGbbwrRLM1lFYWaVIO3TCVM19GUKJaA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 35170
etag: "5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=27577fa8-88d4-f06b-3f89-2df05e3b20a7&c0=89342177&t0=1664869390462&li0=1664869385959
52.48.206.34200 OK 37 B URL HTTP/2 new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=27577fa8-88d4-f06b-3f89-2df05e3b20a7&c0=89342177&t0=1664869390462&li0=1664869385959
IP 52.48.206.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 637eb2cda011678b8ccd6b5b3c6e3570
300ffa6cb3b70adc05038ef2a4e9936978459ff2
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
GET /e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=27577fa8-88d4-f06b-3f89-2df05e3b20a7&c0=89342177&t0=1664869390462&li0=1664869385959 HTTP/1.1
Host: new-collect.albacross.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:12 GMT
content-type: image/gif
content-length: 37
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f385d19-576b-44dc-833a-4146626070e5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f385d19-576b-44dc-833a-4146626070e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23ba112cb712c07d19994e82fbaa17c0
0aba06667d4cb108fddaf2c54c4ae628f56018e3
f8095524c5ade5bb5e12a6a5d23e34eab6dd61acf658664f83a0c39821fd3a33
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f385d19-576b-44dc-833a-4146626070e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12252
x-amzn-requestid: 41962b0e-db82-4872-9a9c-7bf2d5a0fb13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuGLWIAMFpbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-708b71f71a538c1112b60863;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rJoxxp0Qi2vpD-vBjYeMl49oj1i8rXaBR_J6idOWyg1Enk-ZSX-g8Q==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:34:30 GMT
age: 32922
etag: "0aba06667d4cb108fddaf2c54c4ae628f56018e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=166e251a-c3f5-3507-1a1a-9a496bcddcf5&c0=89342177&t0=1664869392589&li0=1664869385959
52.48.206.34200 OK 37 B URL HTTP/2 new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=166e251a-c3f5-3507-1a1a-9a496bcddcf5&c0=89342177&t0=1664869392589&li0=1664869385959
IP 52.48.206.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 637eb2cda011678b8ccd6b5b3c6e3570
300ffa6cb3b70adc05038ef2a4e9936978459ff2
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
GET /e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=eb31e012-2ab1-5b1f-6c0c-a57b1ec5a3c8&v0=44b0c5eb-28da-4cbb-aac5-eaa968929393&p0=9d20e0fe-b1cb-5b07-7bda-d2c5bf70a932&u0=166e251a-c3f5-3507-1a1a-9a496bcddcf5&c0=89342177&t0=1664869392589&li0=1664869385959 HTTP/1.1
Host: new-collect.albacross.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:13 GMT
content-type: image/gif
content-length: 37
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,900,700,500,300,100
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,900,700,500,300,100
IP 142.250.74.10:0
GET /css?family=Roboto:400,900,700,500,300,100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 07:43:04 GMT
date: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.hsforms.net/forms/v2.js
104.17.184.73200 OK 0 B URL HTTP/2 js.hsforms.net/forms/v2.js
IP 104.17.184.73:0
GET /forms/v2.js HTTP/1.1
Host: js.hsforms.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:04 GMT
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
last-modified: Mon, 26 Sep 2022 10:31:32 UTC
etag: W/"c0d6f823847acd673fef3bd504e7469e"
x-amz-server-side-encryption: AES256
x-amz-version-id: oqhXIu0zY73DszgncA5TEsG3kIYczGpO
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-amz-cf-id: MX23Ht7fzHDnWVVVlv2bh_EaAim-GBRjlWH6PgErWn5jJgspw9GF3Q==
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: FormsNext/static-5.533/bundles/project_with_deps.js
access-control-allow-origin: *
x-hs-cache-status: HIT
cache-tag: staticjsapp-FormsNext-web-prod,staticjsapp-prod
cf-cache-status: HIT
age: 201
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QFY0CEK9bawYUjGf%2BWa%2Br0PLREOWIL7FG6lLbkMPFRrQiVIGRdfT%2FGUwW1M5i28msFTfz3AkoHws4eKts%2BVxUQJitYHMdR9CO4UGQGE57xUz%2F8f06vHr0ibS8fjiH%2F%2F7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 754c48d49955b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
omnisnippet1.com/inShop/forms.js?v=2022-10-04T07
104.18.20.138200 OK 0 B URL HTTP/2 omnisnippet1.com/inShop/forms.js?v=2022-10-04T07
IP 104.18.20.138:0
GET /inShop/forms.js?v=2022-10-04T07 HTTP/1.1
Host: omnisnippet1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 14:16:25 GMT
etag: W/"6335a8b9-206e2"
expires: Tue, 04 Oct 2022 07:15:36 GMT
cache-control: max-age=3600
x-envoy-upstream-service-time: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 3490
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 754c48dd59f8b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
omnisrc.com/inshop/launcher-v2.js
104.18.5.28200 OK 0 B URL HTTP/2 omnisrc.com/inshop/launcher-v2.js
IP 104.18.5.28:0
GET /inshop/launcher-v2.js HTTP/1.1
Host: omnisrc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 14:16:25 GMT
etag: W/"6335a8b9-de42"
expires: Tue, 04 Oct 2022 08:22:05 GMT
cache-control: max-age=3600
x-envoy-upstream-service-time: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1228
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 754c48db5893b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/style.css
50.87.170.174200 OK 0 B URL HTTP/2 www.usbfund.com/wp-content/themes/usb/style.css
IP 50.87.170.174:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/themes/usb/style.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 13 Apr 2022 22:11:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Tue, 04 Oct 2022 07:43:04 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 07:43:04 GMT
date: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery-3.3.1.min.js
207.137.0.213200 OK 0 B URL HTTP/2 www.checkbca.org/scripts/jquery-3.3.1.min.js
IP 207.137.0.213:0
GET /scripts/jquery-3.3.1.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Tue, 04 Oct 2022 07:43:05 GMT
content-length: 30394
X-Firefox-Spdy: h2
diffuser-cdn.app-us1.com/diffuser/diffuser.js
104.17.145.91200 OK 0 B URL HTTP/2 diffuser-cdn.app-us1.com/diffuser/diffuser.js
IP 104.17.145.91:0
GET /diffuser/diffuser.js HTTP/1.1
Host: diffuser-cdn.app-us1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/javascript
last-modified: Thu, 21 Oct 2021 17:42:06 GMT
etag: W/"4d482a43613d3966f353ec9d97452e0c"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=300
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 059f85e5e664bc876c915622803d9e28.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: LYgb7O-05A19YisedsHdW7Gqa3Bw46pjlPKvIkZSVBpaULKohYEzzQ==
cf-cache-status: HIT
age: 118
server: cloudflare
cf-ray: 754c48db2e31b518-OSL
X-Firefox-Spdy: h2
koi-3qnetrwct6.marketingautomation.services/koi?rf=&hn=www.usbfund.com&lg=en-US&sr=1280x1024&cd=24&vr=2.4.0&se=1664869384024&ac=KOI-41FUPAF63M&ts=1664869384&pt=0&pl=0&loc=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&tp=page&ti=
130.211.21.179200 OK 0 B URL HTTP/2 koi-3qnetrwct6.marketingautomation.services/koi?rf=&hn=www.usbfund.com&lg=en-US&sr=1280x1024&cd=24&vr=2.4.0&se=1664869384024&ac=KOI-41FUPAF63M&ts=1664869384&pt=0&pl=0&loc=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&tp=page&ti=
IP 130.211.21.179:0
GET /koi?rf=&hn=www.usbfund.com&lg=en-US&sr=1280x1024&cd=24&vr=2.4.0&se=1664869384024&ac=KOI-41FUPAF63M&ts=1664869384&pt=0&pl=0&loc=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&tp=page&ti= HTTP/1.1
Host: koi-3qnetrwct6.marketingautomation.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 04 Oct 2022 07:43:04 GMT
content-type: application/javascript
vary: Accept-Encoding
pod-hostname: koi-5b99cb468c-qshgj
p3p: CP='This is not a P3P policy! See https://sharpspring.com/legal/privacy/ for more info.'
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 04 Oct 2022 07:43:04 GMT
cache-control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
pragma: no-cache
set-cookie: koitk=202210%7C633be408744ba03649301bef; expires=Fri, 01-Oct-2032 07:43:04 GMT; Max-Age=315360000; path=/; domain=.marketingautomation.services; secure; SameSite=None
x-xss-protection: 1; mode=block
x-clacks-overhead: GNU Terry Pratchett
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prism.app-us1.com/?a=224499963&u=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
104.17.145.91200 OK 0 B URL HTTP/2 prism.app-us1.com/?a=224499963&u=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP 104.17.145.91:0
GET /?a=224499963&u=http%3A%2F%2Fwww.usbfund.com%2Fhow-to-write-a-business-plan-for-a-loan%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: prism.app-us1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:05 GMT
content-type: application/javascript
cache-control: no-cache, private
set-cookie: prism_224499963=640936a8-431b-48f7-b44f-2c1075f91723; expires=Thu, 03-Nov-2022 07:43:05 GMT; Max-Age=2592000; path=/; secure; httponly; samesite=none
x-envoy-upstream-service-time: 56
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754c48dc5f91b518-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=1FE6EA56560E4B07BD2155048B932E6B
34.250.137.124302 Found 0 B URL HTTP/2 aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=1FE6EA56560E4B07BD2155048B932E6B
IP 34.250.137.124:0
GET /adscores/g.pixel?sid=9201915418&sifi_uid=1FE6EA56560E4B07BD2155048B932E6B HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 07:43:08 GMT
location: https://d.agkn.com/pixel/10751/?che=1664869388011&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219723204294000760961
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3AD6Ck8dz2Yn86jLfF4H%2BPKvjlMDhGRLZ9; Path=/; Domain=.agkn.com; Expires=Wed, 04-Oct-2023 07:43:08 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
simplifi.partners.tremorhub.com/sync?UISF=2BBE0692603E4FB597E55DEB457C891E
54.92.133.28200 OK 0 B URL HTTP/2 simplifi.partners.tremorhub.com/sync?UISF=2BBE0692603E4FB597E55DEB457C891E
IP 54.92.133.28:0
GET /sync?UISF=2BBE0692603E4FB597E55DEB457C891E HTTP/1.1
Host: simplifi.partners.tremorhub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 07:43:08 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2