r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14189
Expires: Sat, 10 Dec 2022 03:46:28 GMT
Date: Fri, 09 Dec 2022 23:49:59 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4023
Expires: Sat, 10 Dec 2022 00:57:02 GMT
Date: Fri, 09 Dec 2022 23:49:59 GMT
Connection: keep-alive
email.mail.iloancloud.com/c/eJxNkcFuhSAQRb9Gdxh1kOdbsGjS9DfMAKOSIliEZ_r3xb62acJimHPDnbmQ7ITgI4exhdrIm-HQq_pIIdIUaZZdBxzqVZpB6DsZgNsAoqg7uvc3PvBB0KjG4VaniPodlaMpfe4kq77XuO1oF1_K2sk1pf2o4KXq38o5z7PJh5qzN40OW-nMkYh95JDoUsBbTtt0hBw1VfCq8JP8gkth4gIbGZu3An49GG1o3Q_9M4bXNZwsBXZGm4ghU_mwno6D7Q79BRZKDPc9hgcZNodYNC6g_7eNNbJEMHS1lX3b913b8rYFAfdGcSUEzLoD3ZZ4VMXba4jGXi9oF_L3anWU74_FOkfHbqlofHigTyuhS2sT4lInqTc1PTBOT6Mkk0_TM_gn-_mPnMswJU2DMxgcFSJX5foFxjmT0g
302 Found 668 B URL HTTP/1.1 email.mail.iloancloud.com/c/eJxNkcFuhSAQRb9Gdxh1kOdbsGjS9DfMAKOSIliEZ_r3xb62acJimHPDnbmQ7ITgI4exhdrIm-HQq_pIIdIUaZZdBxzqVZpB6DsZgNsAoqg7uvc3PvBB0KjG4VaniPodlaMpfe4kq77XuO1oF1_K2sk1pf2o4KXq38o5z7PJh5qzN40OW-nMkYh95JDoUsBbTtt0hBw1VfCq8JP8gkth4gIbGZu3An49GG1o3Q_9M4bXNZwsBXZGm4ghU_mwno6D7Q79BRZKDPc9hgcZNodYNC6g_7eNNbJEMHS1lX3b913b8rYFAfdGcSUEzLoD3ZZ4VMXba4jGXi9oF_L3anWU74_FOkfHbqlofHigTyuhS2sT4lInqTc1PTBOT6Mkk0_TM_gn-_mPnMswJU2DMxgcFSJX5foFxjmT0g
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash d98dafef21e6f742a4c98f84f6ad5cfe
adc4785dfb3c4b231c6157987164a610b08fd611
394a9b728f8f633616d95045c89b2c1f05ba749e565772655ad4e83ab1d9dc36
GET /c/eJxNkcFuhSAQRb9Gdxh1kOdbsGjS9DfMAKOSIliEZ_r3xb62acJimHPDnbmQ7ITgI4exhdrIm-HQq_pIIdIUaZZdBxzqVZpB6DsZgNsAoqg7uvc3PvBB0KjG4VaniPodlaMpfe4kq77XuO1oF1_K2sk1pf2o4KXq38o5z7PJh5qzN40OW-nMkYh95JDoUsBbTtt0hBw1VfCq8JP8gkth4gIbGZu3An49GG1o3Q_9M4bXNZwsBXZGm4ghU_mwno6D7Q79BRZKDPc9hgcZNodYNC6g_7eNNbJEMHS1lX3b913b8rYFAfdGcSUEzLoD3ZZ4VMXba4jGXi9oF_L3anWU74_FOkfHbqlofHigTyuhS2sT4lInqTc1PTBOT6Mkk0_TM_gn-_mPnMswJU2DMxgcFSJX5foFxjmT0g HTTP/1.1
Host: email.mail.iloancloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Length: 668
Content-Type: text/html
Date: Fri, 09 Dec 2022 23:49:59 GMT
Location: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
X-Robots-Tag: noindex
X-Xss-Protection: 1; mode=block
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10852
Expires: Sat, 10 Dec 2022 02:50:51 GMT
Date: Fri, 09 Dec 2022 23:49:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 23:33:15 GMT
content-type: application/json
age: 1004
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YIJ/WfsIV2QjQfSm6WFHKrJe5QXgGPhFgMOY8CM829JXRV+4YpWMaX4reUigFV3wBx7Tu5/FNik=
x-amz-request-id: YWY9M5MFP2C3PXBT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 23:48:34 GMT
age: 85
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 23:49:59 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 23:07:55 GMT
age: 2524
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 41612ede6bbc257d482c22f85d08da13
4a51824be1a37deb06ba0bc5430e8feeaefb81d3
25f40ef838264f33b28bdd1540576cb12080c416eac33fa31377acbccbe08baa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F40EF838264F33B28BDD1540576CB12080C416EAC33FA31377ACBCCBE08BAA"
Last-Modified: Wed, 07 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 10 Dec 2022 05:49:59 GMT
Date: Fri, 09 Dec 2022 23:49:59 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2859
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:49:59 GMT
Last-Modified: Fri, 09 Dec 2022 23:02:20 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NygRiTQcQRjoh7LL3tnXzg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RAzxlFjYWiamymH9Q6jHzNRbU3E=
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
200 OK 6.1 kB URL HTTP/2 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Hash 5add60196e5f96a414fb4b9586764e5d
633f471b3c2fcedeef9cad90cb5bf56f5fe55588
5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Fri, 09 Dec 2022 01:28:24 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TazOWNXrPla8YAi3Do8lK6Em1wXRFN7_IiI1p6CyPxdToMCOsGfoQA==
age: 80497
X-Firefox-Spdy: h2
code.jquery.com/jquery-migrate-1.2.1.js
200 OK 5.8 kB URL HTTP/2 code.jquery.com/jquery-migrate-1.2.1.js
IP
Hash ab50f392b13415af57f9720f4d24e981
8bee0d6d15bc0bf62197f6a33493df7494bf42c2
3c7ae468bcd5eefaf92cfac278a5a998f871e0aaa190f87b0f56fd79f93d00b7
GET /jquery-migrate-1.2.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:00 GMT
content-encoding: gzip
content-length: 5783
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-40ed"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670629800.dop013.sk1.t,1670629800.cds237.sk1.hn,1670629800.cds234.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 08:31:51 GMT
expires: Fri, 08 Dec 2023 08:31:51 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 141489
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
assets.anytrack.io/1y0o6qdBqYHr.js
200 OK 103 B URL HTTP/2 assets.anytrack.io/1y0o6qdBqYHr.js
IP
File type ASCII text, with no line terminators
Hash 69b5271584dd67a9e6ae79216fe30110
7753fe034a0843770954f6979f6830ff9a82f987
b55a87e172f834369dfb6a2176712509026e5b3de676343ccdc64410245081d9
GET /1y0o6qdBqYHr.js HTTP/1.1
Host: assets.anytrack.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 103
access-control-allow-origin: *
date: Fri, 09 Dec 2022 23:44:26 GMT
cache-control: public, max-age=600
etag: W/"67-d1P+A0oIQ3cJVPaXn2gw/5qC+Yc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: otfooUAkaEw7f0A0o62DJJ6XrGmrdIVi4ddAVbcortPPbt_6mcYQtw==
age: 334
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/css/grid.css
200 OK 10 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/css/grid.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type assembler source, ASCII text, with very long lines (3536), with CRLF line terminators
Hash 8ca3e3908b8e627dd53a2bde9ab330b4
dfc94081f2e0acfbc95cb633810897271692e5db
5a17844298059c3adb2103842f6893bf6a798221afa1c7a3217c610fc4aebeec
GET /wp-content/themes/usb/css/grid.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10146
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-210860007-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-210860007-1
IP
File type ASCII text, with very long lines (1921)
Hash 3632855c66e60da2b09e90dd07e36199
e3e589fe935990a59772a7bd351b212d9554be3c
701acda5c31fc8bc365d971bc5cdb49096dd7d9ad947d8d93390acad411add37
GET /gtag/js?id=UA-210860007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:00 GMT
expires: Fri, 09 Dec 2022 23:50:00 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43633
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-NW5DZCL
200 OK 55 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NW5DZCL
IP
File type ASCII text, with very long lines (7865)
Hash 13a10cf726dec03f5f1da4c06525171f
658d42855893a953434951d28241aef333b415d8
30871e2e8ad35bb14a581d0dd9b55106ce5cbb530a2c573ca94c8348de62fb2a
GET /gtm.js?id=GTM-NW5DZCL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:00 GMT
expires: Fri, 09 Dec 2022 23:50:00 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55085
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
IP
Hash 31ae53727e7e9e5dba60f5df9e7eb83a
1e063ef32b145911118f758d09a791f6f94ae371
9cba06523a8b0485c80a1593d1ab4be345b25aaf3e1a62778d8cc958a00869b6
GET /css?family=Open+Sans:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 23:50:00 GMT
date: Fri, 09 Dec 2022 23:50:00 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 54284a18050572fb86c9cd06e4436929
914ef3f4abac56b105573d3a1b8603e173f7e263
0fdc3af1f2367519ed2f35b9c90276b83b4ecbf8575e647190bb774dc1b53f85
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=147185
Date: Fri, 09 Dec 2022 23:50:00 GMT
Etag: "63935073-1d7"
Expires: Sun, 11 Dec 2022 16:43:05 GMT
Last-Modified: Fri, 09 Dec 2022 15:12:51 GMT
Server: ECS (dcb/7EA4)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: I_n9xymcqFT2cr8Arr5Fmh0a9NcMItTrPWCUIFvFxxJhJFFyBcmR3A==
Age: 5414
fonts.googleapis.com/css?family=Roboto:400,900,700,500,300,100
200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,900,700,500,300,100
IP
Hash b45170de066d7c73f012cfdb01dd3337
8729b349d38d8af3ea9e71c9326c1146ddc427f4
d13d940942da41413895036da020d24adda8d9b4e8ddaafa55924dba812d55c3
GET /css?family=Roboto:400,900,700,500,300,100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 23:50:00 GMT
date: Fri, 09 Dec 2022 23:50:00 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700
200 OK 949 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700
IP
Hash 4d16ca34a66552905161b64539259462
d7ee2453e034cbf4e7ba93e2c0ba0980ce19ad7a
7bb60daa6aaa8144393734c029dc05e76d03c802128160a4385790a92bd5e278
GET /css?family=Roboto+Condensed:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 23:50:00 GMT
date: Fri, 09 Dec 2022 23:50:00 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
scripts.iconnode.com/100980.js
200 OK 7.7 kB URL HTTP/2 scripts.iconnode.com/100980.js
IP
File type Unicode text, UTF-8 text, with very long lines (46582), with no line terminators
Hash 05a6d57113e7870d8851ed0faf8ca12f
315c52641f469ec7e571648d5333982579cb6da3
0f4d04e15b0a5cb9f2e59f3cc9a7b36d522db0e7712454d1f962e77723348eb3
GET /100980.js HTTP/1.1
Host: scripts.iconnode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 7683
last-modified: Mon, 26 Sep 2022 18:10:24 GMT
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 04:30:24 GMT
cache-control: max-age=0
etag: "05a6d57113e7870d8851ed0faf8ca12f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZNNDU5kxfixZAETXYrbMeAOM_LAdUjxuXURlXEeBrrlzqwnmPGgT6w==
age: 69577
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 4cc2d51bb7e5c9779924a4e8166b2efa
d4209940cbf89db749650fe880d9c81554cf21ba
8241f63ff1dd8f0d310ff8679e77ca63d204675af94146228413f3b82164dabe
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:50:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 13 Dec 2022 20:59:31 GMT
ETag: "d4209940cbf89db749650fe880d9c81554cf21ba"
Last-Modified: Fri, 09 Dec 2022 20:59:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1112
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7771a3fe28191c0a-OSL
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=6.0.3
200 OK 554 B URL HTTP/2 www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=6.0.3
IP
File type ASCII text, with very long lines (852), with no line terminators
Hash 0a628b8a14a877262721824930709597
31bbb380c04a4229a099a1fb6dea09cf717bcb5f
6c63432c24b1f8eed67f792c68214710fd6444ede5c28f56202e966770d20121
GET /recaptcha/api.js?hl=en&render=explicit&ver=6.0.3 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 09 Dec 2022 23:50:00 GMT
date: Fri, 09 Dec 2022 23:50:00 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 554
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/css/forms.min.css
200 OK 1.1 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/css/forms.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3296), with no line terminators
Hash e4f0e46d63eb641d8cfe1579ff0217cb
37e2ef45ef74f0a3b869d447b4d9e22d0b424945
6b7e532056e7c449a8e080eb2967563fdb20ce9cfdcb95216205a769b65033c4
GET /wp-content/plugins/AffiliateWP-master/assets/css/forms.min.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:24:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1141
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/jquery.cookie.min.js?ver=1.4.0
200 OK 758 B URL HTTP/2 www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/jquery.cookie.min.js?ver=1.4.0
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1667), with no line terminators
Hash 94c6b3b214659c68b42fb0c428cac279
eb3a852e1bcf8a32ac304dc89995ffdeaf623033
8cdab12fffba1162b02761c8e7631003efebf03e3af5ca9072023ffda52353ad
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/AffiliateWP-master/assets/js/jquery.cookie.min.js?ver=1.4.0 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:24:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 758
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/tracking.min.js?ver=2.1.6.1
200 OK 1.3 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/AffiliateWP-master/assets/js/tracking.min.js?ver=2.1.6.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2972), with no line terminators
Hash da0e82022a32e0c42e125fe915cf9955
1c583a11b9e444a26cfd1443d3dade9c6f9e996a
e205081b6febab912d75f2aa70bc3ae2af58bb7d2b1e44927f17cb7631374ff0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/AffiliateWP-master/assets/js/tracking.min.js?ver=2.1.6.1 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:24:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1315
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 4.6 kB URL HTTP/2 www.usbfund.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Oct 2021 18:27:21 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4618
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css
200 OK 239 B URL HTTP/2 www.usbfund.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 21fec527969cbcfec759744ce51f94c0
827130fb99b0005a5206028abfe82e93610184f2
fe2a280a5ffe9f5d3b1bf125035d478e46bae689a2f0cde07d48bef1ba7c74b1
GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Oct 2021 18:28:51 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 239
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 641dd08110cd22c6000a060226f2b374
9bf3cfedbae68eb77e484780c5a9ac5693567194
6bdd6387148149a1e35b1222854c09f524b5773210e7a4ecb7df2d2d369dfe20
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:50:00 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 23:46:42 GMT
Expires: Wed, 14 Dec 2022 23:46:41 GMT
Etag: "9bf3cfedbae68eb77e484780c5a9ac5693567194"
Cache-Control: max-age=431200,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7771a3fdba3c0b69-OSL
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 4cc2d51bb7e5c9779924a4e8166b2efa
d4209940cbf89db749650fe880d9c81554cf21ba
8241f63ff1dd8f0d310ff8679e77ca63d204675af94146228413f3b82164dabe
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:50:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 13 Dec 2022 20:59:31 GMT
ETag: "d4209940cbf89db749650fe880d9c81554cf21ba"
Last-Modified: Fri, 09 Dec 2022 20:59:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1112
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7771a3ff18971c0a-OSL
www.usbfund.com/?display_custom_css=css&ver=6.0.3
200 OK 541 B URL HTTP/2 www.usbfund.com/?display_custom_css=css&ver=6.0.3
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 0e67503cdf8a23b7d3aaff6f35c76b72
63edc0c8bf04ceec8dc3c8c44bd129b89adeb61a
d765ab66c61ec9c967f9f2e4b649326eb28a6f8dfb0fe064b4ed1cf9af1f18b6
GET /?display_custom_css=css&ver=6.0.3 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 541
content-type: text/css;charset=UTF-8
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/css/browsers.min.css
200 OK 1.5 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/css/browsers.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (7331), with no line terminators
Hash 0ddc7bbf7f229432e2e210bd8f9e5740
611f9e4882bafc903a755244a04aa93180217638
5c66fc4715630392c576310b7cba589aab7e49193ff06892c14293b0d88f960d
GET /wp-content/plugins/gravityforms/css/browsers.min.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:25 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1487
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.1.2
200 OK 959 B URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.1.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1847), with no line terminators
Hash 4a29032699b49818d64ec9bd6aa97d63
7615297a8ee0653b1215d1f39c765264035d1e4b
66b8cc2b313291b28fbfded96cf33699d487d35e6dc724d7207a042d9b30e4fc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.1.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 959
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
js.hs-scripts.com/5627136.js
200 OK 44 kB URL HTTP/2 js.hs-scripts.com/5627136.js
IP
File type ASCII text, with very long lines (867), with no line terminators
Hash f289cf37180e5bf2da75d36e73e949ad
8b5b8d6479ef871844d7eaa905af4b9aebd422e9
ff9780a7438351ac321b16d6a6fa7a479f0212f76aaae8ea8878e4193bd07d72
GET /5627136.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:00 GMT
content-type: application/javascript;charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://www.usbfund.com
access-control-max-age: 3600
cache-control: public, max-age=60
cf-bgj: minify
cf-polished: origSize=974
vary: origin, Accept-Encoding
x-hubspot-correlation-id: 22032fcd-fc08-404c-a864-967724b23c4e
x-trace: 2B883A4AAAB4D87199C5C5F00001D0FCC5C346E6DD000000000000000000
last-modified: Fri, 09 Dec 2022 23:49:58 GMT
cf-cache-status: HIT
expires: Fri, 09 Dec 2022 23:51:00 GMT
server: cloudflare
cf-ray: 7771a3fdbe42b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 41a957a58a349d749d5580218f20dd27
c9f2b017749e811ff1a25498774c6b4dfebdcac3
119ed3f7d25eced8c981e0a221a1f182b598684a085141c3b8a7b07da2120376
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5118
Cache-Control: max-age=130003
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Etag: "63930e7d-118"
Expires: Sun, 11 Dec 2022 11:56:43 GMT
Last-Modified: Fri, 09 Dec 2022 10:31:25 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
www.usbfund.com/wp-content/uploads/trust-pilot-usbfunding.png
200 OK 4.2 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/trust-pilot-usbfunding.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 352 x 175, 8-bit colormap, non-interlaced\012- data
Hash 8db5639231938ddfa4ab52c5b278232c
80e620869cd3dcb7570634232ec32e77754ce3d6
8b2066888a8b3566ffddcd6d5fe12cbf145577e09e780a9497ef0303f72016d5
GET /wp-content/uploads/trust-pilot-usbfunding.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:55 GMT
accept-ranges: bytes
content-length: 4231
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/bbb3-usbfunding.png
200 OK 5.5 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/bbb3-usbfunding.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 626 x 166, 8-bit colormap, non-interlaced\012- data
Hash 4174109b2d630d1a3a55c74471d41f2d
76e85cba42ef8e71c697c4d9be0319cd34903f08
8b3f1f31595b770fd37ff6d65e46066e9c604e8da3da0427d6a45b9f1c2758f5
GET /wp-content/uploads/bbb3-usbfunding.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:04 GMT
accept-ranges: bytes
content-length: 5544
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/ssl-secure-connection-usbfunding.png
200 OK 24 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/ssl-secure-connection-usbfunding.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 519 x 231, 8-bit colormap, non-interlaced\012- data
Hash 232fc793318ef0e7dc8ddafa873ce9c9
d993ed70f8351dbd5242c59cf59c7b4aebbc103e
cc8d8ae1a4690a5ef3294c0e9045244b80da11f1a8a0be0ed162ee827d02f69b
GET /wp-content/uploads/ssl-secure-connection-usbfunding.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:52 GMT
accept-ranges: bytes
content-length: 24372
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-01.png
200 OK 3.3 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/featured-logo-01.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 164 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 30427e02eea1cec61004e2fdb293e4d2
d3ba51be6c31147f379670d59cab54ec01b3b448
32161c4a44a1dcdddeeb852e2b6eea070839630ac3a719ac79a503cfd4d3892d
GET /wp-content/uploads/featured-logo-01.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:38 GMT
accept-ranges: bytes
content-length: 3311
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
d.impactradius-event.com/A870624-b043-4b58-adb6-a8c4d22ccc5b1.js
200 OK 13 kB URL HTTP/2 d.impactradius-event.com/A870624-b043-4b58-adb6-a8c4d22ccc5b1.js
IP
File type C source, ASCII text, with very long lines (40914), with no line terminators
Hash 833e9c2431f16a9e4e590d8c18a01169
d932b0dc73f5dbe2f30c5991fbc95d598a7d6855
ba6dea3209c3bf545ed7db2f134ab8d241599d778988697a345124a4aa8d491a
GET /A870624-b043-4b58-adb6-a8c4d22ccc5b1.js HTTP/1.1
Host: d.impactradius-event.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycduEX341UZE9ryOGxFm2ESHyACoiI1xwh7ZfiTE1ANUhRaW7EVyMNVGzIu4C15pWWZJZBZUqjywhnmdbXptFNe8SuNhK5kBf
x-goog-generation: 1581997649126919
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 12876
content-encoding: gzip
x-goog-hash: crc32c=PZt+Nw==, md5=gz6cJDHxap5OWQ2MGKARaQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 12876
server: UploadServer
date: Fri, 09 Dec 2022 23:50:00 GMT
expires: Fri, 09 Dec 2022 23:55:00 GMT
cache-control: public,max-age=900,s-maxage=300
last-modified: Tue, 18 Feb 2020 03:47:29 GMT
etag: "833e9c2431f16a9e4e590d8c18a01169"
content-type: text/javascript; charset=utf-8
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/parsley.js
200 OK 13 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/parsley.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (32005)
Hash 28b93b4a60a3b3e2ccdd2b9ae2e2e338
b15daa3e165bbe3f517a6ccf642d145948d2661b
22dd53f39ba5beba81987a910442f8325f7d62eff28e97a2925aaedd250fb7b9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/parsley.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 13125
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/us-business-funding-logo-small.png
200 OK 2.0 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/us-business-funding-logo-small.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash a5a71307aefd12c55fd16f36356f9a83
679b01f07d71f673b74fde71a5a0a9da8a8e486d
a2e02fabad9f481343e4e8050843b371e239956a637488eb7d2a9deff98245de
GET /wp-content/uploads/us-business-funding-logo-small.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:51 GMT
accept-ranges: bytes
content-length: 2020
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/images/logo_text.png
200 OK 6.3 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/images/logo_text.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 250 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 198c7fed73cadb12c23066fcad4e33e8
1f2616bb88b86ec79f3ce8cbbf74b3392c0b46bc
0053eb54a0f54484a915313939d858e1844208d2d0c4b410ce30e25d9cbc09ba
GET /wp-content/themes/usb/images/logo_text.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:36:10 GMT
accept-ranges: bytes
content-length: 6307
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-03.png
200 OK 3.8 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/featured-logo-03.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 83 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash ea461093328a47d28ed34df6be0ad850
5fad4dd9e9daea5b1cac739624cbd673c20fe7c2
37ea654d17c80dfb22d0ad091907b6d4009c76c4671728321fd51376a8df7cce
GET /wp-content/uploads/featured-logo-03.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:13 GMT
accept-ranges: bytes
content-length: 3840
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
koi-3qnetrwct6.marketingautomation.services/client/ss.js?ver=1.1.1
200 OK 21 kB URL HTTP/2 koi-3qnetrwct6.marketingautomation.services/client/ss.js?ver=1.1.1
IP
Hash dfdbdebac1f29feeb7557e47f874d3d8
a401c9b451005cdde79456535ea1c68cb5b427e6
5e2b0208254eee1b3f2a3a8141d40afa031d0bac9fd4da7be52d3ef0a8ff75f5
GET /client/ss.js?ver=1.1.1 HTTP/1.1
Host: koi-3qnetrwct6.marketingautomation.services
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Fri, 09 Dec 2022 23:50:00 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 20:16:54 GMT
vary: Accept-Encoding
etag: W/"6387ba36-2fc8"
expires: Fri, 16 Dec 2022 23:50:00 GMT
cache-control: max-age=604800, public
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/formidable/css/formidableforms.css
200 OK 30 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/formidable/css/formidableforms.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 84db54acc4fbe78c8bc5d5cc4c9f7218
4a9c05309287a912ed420a3a862bc60bad1f6666
2f9f63471c2253770b4b5eb10bc44dcf72436eecf1f622046e259e8c227ffa31
GET /wp-content/plugins/formidable/css/formidableforms.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 30 Aug 2022 16:10:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15528, version 1.0\012- data
Hash 595fe3fc0b85f3cc9ef5aed2d519abc5
96e76de44987e9dec2f97f1e5eb7a18c738daf5d
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 23:00:06 GMT
expires: Wed, 06 Dec 2023 23:00:06 GMT
cache-control: public, max-age=31536000
age: 262194
last-modified: Tue, 19 Apr 2022 18:53:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:54 GMT
expires: Thu, 07 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 188166
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sendlane.com/js/eventing.js
200 OK 17 kB URL HTTP/2 sendlane.com/js/eventing.js
IP
File type ASCII text, with very long lines (1809), with no line terminators
Hash cf38695271786737481803c7238edbde
994d7909b5153fa58c65cc11b1168a2f81ff45d3
2343e88f020e0b0c7873219972bc179c66124106e3c2b8f5e987e480302d6961
GET /js/eventing.js HTTP/1.1
Host: sendlane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:00 GMT
content-type: text/javascript
cache-control: public, max-age=60
cf-bgj: minify
etag: W/"711-5900675a88b6e-gzip"
expires: Fri, 09 Dec 2022 23:51:00 GMT
last-modified: Tue, 13 Aug 2019 21:38:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7771a3fe2c6d0afe-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
200 OK 40 kB URL HTTP/2 www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3ae459794dc949369b49fd6353fe8421
903a07ba383dd63baec9a73ce377b333e6d990dc
df16f68a39d56b83d9aed504b1f3b623f8a507d4a48a165f0a1a2e151e8570bc
GET /free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
link: <https://www.usbfund.com/wp-json/>; rel="https://api.w.org/", <https://www.usbfund.com/wp-json/wp/v2/pages/1017>; rel="alternate"; type="application/json", <https://www.usbfund.com/?p=1017>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:42:34 GMT
expires: Thu, 07 Dec 2023 19:42:34 GMT
cache-control: public, max-age=31536000
age: 187646
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/css/readyclass.min.css
200 OK 4.8 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/css/readyclass.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (32180), with no line terminators
Hash 515dae47f763d8a6f3b11653afbda37d
a799058edcf5f09b0f0a967cebf24221c9b6dac1
d01cc59df8ac768ae1ac4b8d4d4ad1e3d2f3c103502dc41d867c77cf81968b9a
GET /wp-content/plugins/gravityforms/css/readyclass.min.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4754
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/css/formsmain.min.css
200 OK 16 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/css/formsmain.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3098a2303c595bbea6e1953596c448ca
e65d9eaf562a3492b9a8fe4ae260f0fe11d7161e
ea687f84a351aec9f313118b5d6af2e7f32477c43aa17742f31a67d25c58dece
GET /wp-content/plugins/gravityforms/css/formsmain.min.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:23 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 16397
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:13 GMT
expires: Sat, 09 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 37008
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-04.png
200 OK 5.8 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/featured-logo-04.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 123 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash e94a0244f1a51d7565de08744375bd07
dde753e74a85c5f094dda6661ada486fdae50422
47bff975ef1626c064613532b237bd114911cdc835effdccb0d124c1432c17b2
GET /wp-content/uploads/featured-logo-04.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:18 GMT
accept-ranges: bytes
content-length: 5757
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-05.png
200 OK 3.7 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/featured-logo-05.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 135 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 646b30b6704a2457b04bb12da4144c97
acadca7b80819db2100f2cf8341acdf47a2eb773
b6e64d31c4f5ab917ad1cddfe7fa745e7c4bfc2d5af33cfdaa8130eb14247bc8
GET /wp-content/uploads/featured-logo-05.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:03 GMT
accept-ranges: bytes
content-length: 3721
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/accredited-business-usbfunding.png
200 OK 2.2 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/accredited-business-usbfunding.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 180 x 75, 8-bit colormap, non-interlaced\012- data
Hash 3befe9c6fb5e6602893570b99d3920aa
1e7c1d352448864975a23135097e59593ae71456
d59962c29e3487892da60ef799f75523576b6f006d54fc3dd43bb6993588f1dc
GET /wp-content/uploads/accredited-business-usbfunding.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:06 GMT
accept-ranges: bytes
content-length: 2244
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/images/logo_icon.png
200 OK 2.2 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/images/logo_icon.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 53 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 50946e7f85431c547526705a530f893f
573eff13df4dc4f2e6e0e1db1a9339d79e22ce3c
05bc3e4202452433d51079e0d6e348cb850ea55330da7786c1d5c7290d13400a
GET /wp-content/themes/usb/images/logo_icon.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:36:10 GMT
accept-ranges: bytes
content-length: 2165
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-02.png
200 OK 5.8 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/featured-logo-02.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 93 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash d2bfb41e522705be8e4a48895b996bca
df2507b75f1c0362bd168ea7ecf829f11469a926
968570479e59e9ff339d5c1d25e4c15011f8cb5ad243776b8cf62f51d28b0903
GET /wp-content/uploads/featured-logo-02.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:13:58 GMT
accept-ranges: bytes
content-length: 5795
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/accounting.min.js
200 OK 1.3 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/accounting.min.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3019)
Hash 05f645a76aff3fc02e18295a07c54e09
509581a5e2e4760e2163d704d21b2604329b514e
c7834a5ef896adfc8b40eb2a1db07bd867fe84da57ad234bfa487cfbc610a16a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/accounting.min.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1345
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/featured-logo-06.png
200 OK 2.7 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/featured-logo-06.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 175 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash b7b5570d5d29fd453a5e65063849fcb1
b07b87612c74febb32961e10ed154dc2efdf19cb
886d709e142c957b0d93269a57fccc13800907c8ab90acc1f18c8bec259d3992
GET /wp-content/uploads/featured-logo-06.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:38 GMT
accept-ranges: bytes
content-length: 2693
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/norton-secured.png
200 OK 3.0 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/norton-secured.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 180 x 75, 8-bit colormap, non-interlaced\012- data
Hash 7d05b62893199c911ab6f798ec8127d2
e7dc7368c55a2fbccb17a82c1a25de39cea2907d
0b691c8e6d1b07ce3e066744ccfbf643d61f013ce51503b0a3ceb7a356562ed6
GET /wp-content/uploads/norton-secured.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:45 GMT
accept-ranges: bytes
content-length: 3017
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/site.js
200 OK 4.8 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/site.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash ba21d11b60199ed26dfb2a2d8352065a
3e78915e922b60ca87f5860c67b99861de96830c
c000c3cc081106de80fb4995e40b363752494290c9090e0980a5b4a4cfc37c49
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/site.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4830
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/css/formreset.min.css
200 OK 522 B URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/css/formreset.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3840), with no line terminators
Hash 2823bcb90b7fc43df4ce927bece3d127
f57ac5676272d6ab4a410fc77ad77ba5a6f9080d
93e7e5d498f02259db5320493882623800e737facddd1b5d4ed29a9fc5d00572
GET /wp-content/plugins/gravityforms/css/formreset.min.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:28 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 522
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.1.2
200 OK 1.9 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.1.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4610)
Hash d14949e0cba838b3a06f5387a250d743
79561f8df67bf352458ed83161d915599bf564f1
f6b49ef2f1f46aedcd466a32f4352bee160efd852c889d5c2c56c64b5ea4d1ff
GET /wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.1.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1902
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.1.2
200 OK 10 kB URL HTTP/2 www.usbfund.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.1.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (26634), with no line terminators
Hash 7dffcabbe2b1130c369887eb54102ed9
b9dffc3bfb0f528a3d7dc4c134699b9acf7f4e12
7c4ae2c88ccec8465f71e166cc7393ac7dabc7aeebe56b8fc54737143936f032
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.1.2 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:22:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10306
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
200 OK 5.3 kB URL HTTP/2 www.usbfund.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2022 11:46:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 5321
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.usbfund.com/wp-content/uploads/bg-section-header.png
200 OK 22 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/bg-section-header.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1920 x 149, 8-bit colormap, non-interlaced\012- data
Hash 65b13235e26653c77b0ed328dfdb8dc2
2dcc21d12b909058345b01f087062f6b59f4f05c
acba6ce2f083bf3e78176be5f1c68dfbeb67e609472b4f8c034ba8676d0995b2
GET /wp-content/uploads/bg-section-header.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:58 GMT
accept-ranges: bytes
content-length: 22531
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/icon-arrow-down-black.png
200 OK 195 B URL HTTP/2 www.usbfund.com/wp-content/uploads/icon-arrow-down-black.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash f984736b4b9dfe03bb8831a718c6a238
d95304fa5fed6fdf9020c21ece2b7e35aec4808c
4944824b4a23581a4660857551680fffd806f6fa42e3d9414fb1529ba78651b9
GET /wp-content/uploads/icon-arrow-down-black.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:09 GMT
accept-ranges: bytes
content-length: 195
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 4ae6cc5279ee07c9ed38504ca268713a
e32779a94189ea39ff332c49f940fc4cec383c37
8ab51737f2b7a0c63473c2ef4e2c252f1bfa1f6fa38ffda5944f2f9c0e1e8ffd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2125
Cache-Control: max-age=112960
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "6392d79c-117"
Expires: Sun, 11 Dec 2022 07:12:41 GMT
Last-Modified: Fri, 09 Dec 2022 06:37:16 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
shield.sitelock.com/shield/usbfund.com
200 OK 11 kB URL HTTP/1.1 shield.sitelock.com/shield/usbfund.com
IP
File type PNG image data, 117 x 67, 8-bit/color RGBA, non-interlaced\012- data
Hash 47a0283c2717077daab4cb3928b14329
5f805c88784474e1c7a8f7bd981da948ed1571b1
3d6ed410ec3b57a54f40f15121dc0181e78f5ab5e0193d4236a53e946627e64a
GET /shield/usbfund.com HTTP/1.1
Host: shield.sitelock.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png; charset=ISO-8859-1
Content-Length: 10556
Date: Fri, 09 Dec 2022 23:50:01 GMT
Server: lighttpd
Set-Cookie: nlbi_275317=c+dlWwhpJz+WC2RpmBeFbAAAAABd+W93e6hiE6BqgWLv2LiI; path=/; Domain=.sitelock.com
visid_incap_275317=UyRX6PTfSGOX4V5ipAMB0KjJk2MAAAAAQUIPAAAAAABhGDUUvFP5Q49GIr5bWh6W; expires=Sat, 09 Dec 2023 22:33:49 GMT; HttpOnly; path=/; Domain=.sitelock.com
incap_ses_721_275317=0KYUJMDQoE2JQfzz84EBCqjJk2MAAAAAmTxwevrmzaax9n0q0aEIQQ==; path=/; Domain=.sitelock.com
X-CDN: Imperva
X-Iinfo: 4-32811180-32810023 2NNN RT(1670629800190 21) q(0 0 0 -1) r(4 4)
ocsp.sectigo.com/
200 OK 472 B IP
Hash 641dd08110cd22c6000a060226f2b374
9bf3cfedbae68eb77e484780c5a9ac5693567194
6bdd6387148149a1e35b1222854c09f524b5773210e7a4ecb7df2d2d369dfe20
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:50:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 23:46:42 GMT
Expires: Wed, 14 Dec 2022 23:46:41 GMT
Etag: "9bf3cfedbae68eb77e484780c5a9ac5693567194"
Cache-Control: max-age=431199,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7771a4002c110b69-OSL
ocsp.digicert.com/
200 OK 278 B IP
Hash 03fb7985d1836a45bd6cb58e7c45719e
621f0a9daee0bdc1d97b141fd751be5ad371297f
5db7dcfd04f965bdefc9e689a3c1bf882226514bdeeb2fcaf6d47b2bed8ee95b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5999
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Last-Modified: Fri, 09 Dec 2022 22:10:02 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 77e282219f62b4898cfd4d38f7f3889d
b149631454ea079e110bb93485635c3adb48dda8
342b4881d00e569cdafeb8ad9234bd02bfce58ccd0b14425456c2122a898c7ee
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 23:50:01 GMT
Last-Modified: Fri, 09 Dec 2022 23:38:28 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iWA1U1k9oGqiuZMfg9J_1Dlms4-oxFonvxpRetFZWJyxKz9qAZq2Tg==
Age: 694
ocsp.digicert.com/
200 OK 280 B IP
Hash 1a455a4563a6877d0d26dc8c267012ed
86c043a097534e2c9457b04d115fdfba6523aa2c
0997f9e6bb11ac968d20bb84d8275b60b2eec0ecf59b52775b16fac7245af2bd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5562
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Last-Modified: Fri, 09 Dec 2022 22:17:19 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
ws.zoominfo.com/pixel/62e2c4ac62a6b2008e05e3be
200 OK 1.9 kB URL HTTP/2 ws.zoominfo.com/pixel/62e2c4ac62a6b2008e05e3be
IP
Hash 098e7d052179d27a7ea4b37e1523b942
ca5375230d77e166b8e9183a65fbce476c26c6ce
14d596bf9c6adb68a4f845d58977a14537a54d7cba85a6d8746ce942fdd94c3e
GET /pixel/62e2c4ac62a6b2008e05e3be HTTP/1.1
Host: ws.zoominfo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
x-content-type-options: nosniff
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
set-cookie: visitorId=ce1220104ada8e99cd9d3c8a0c468aea1207b2f62e4f13c27854f5a277c67996; Max-Age=31536000; Domain=ws.zoominfo.com; Path=/; Expires=Sat, 09 Dec 2023 23:50:01 GMT; Secure; SameSite=None
__cf_bm=G328fMiFqjLODdyvg0IOZ000yl5b9pKjR1VOzxqhN0g-1670629801-0-AYUppFwA7eyO6k3Z5IwTB+c5MdEVxhpgZN6LW0Ieceu11cZA/i9U5K9kegUWbRtvAyFuDlpSHLn3jw1md2Tow9I=; path=/; expires=Sat, 10-Dec-22 00:20:01 GMT; domain=.zoominfo.com; HttpOnly; Secure; SameSite=None
_cfuvid=xny0AQ05upqcmvITgxeCXZEi9G613MA4QyVPEHffzoI-1670629801102-0-604800000; path=/; domain=.zoominfo.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7771a3ffec770b02-OSL
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/icon-arrow-down-white.png
200 OK 172 B URL HTTP/2 www.usbfund.com/wp-content/uploads/icon-arrow-down-white.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 14 x 14, 8-bit gray+alpha, non-interlaced\012- data
Hash 26d3bceaf73fad28fb322b6646860f78
1b70241f618df47a01729534d376a57c57bd8c07
0077bc52b60eb51d8785f3aa812a2cdcce59acd3a0b70a801b82c563787e1a7c
GET /wp-content/uploads/icon-arrow-down-white.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:12 GMT
accept-ranges: bytes
content-length: 172
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 1a455a4563a6877d0d26dc8c267012ed
86c043a097534e2c9457b04d115fdfba6523aa2c
0997f9e6bb11ac968d20bb84d8275b60b2eec0ecf59b52775b16fac7245af2bd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5562
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Last-Modified: Fri, 09 Dec 2022 22:17:19 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
www.usbfund.com/wp-content/uploads/USBusinessFunding-Home1.png
200 OK 944 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/USBusinessFunding-Home1.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1696 x 1131, 8-bit colormap, non-interlaced\012- data
Size 944 kB (944072 bytes)
Hash b4b6bd078ef229456fc9d5b22d31ca0e
51cb87382bfb8b0029df296adb021229ad4cf6da
870b85b6771aeb0fc9c84c444ca24919dd6f71e4b34a6bb97003a0a4f34bdfd3
GET /wp-content/uploads/USBusinessFunding-Home1.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:13 GMT
accept-ranges: bytes
content-length: 944072
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 3fe5fa457db455b03769ec4ad7210220
20d28fadf4cf9fe0ad2345d5fcac809896f1adf9
f2cf20e3aeb67da193372b299ec1dbbaf32b5343ab56bfa6c3c7042236a8078a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4177
Cache-Control: max-age=154211
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "639370bb-118"
Expires: Sun, 11 Dec 2022 18:40:12 GMT
Last-Modified: Fri, 09 Dec 2022 17:30:35 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
process.iconnode.com/google-ads/
200 OK 0 B URL HTTP/2 process.iconnode.com/google-ads/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /google-ads/ HTTP/1.1
Host: process.iconnode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: text/html; charset=UTF-8
content-length: 0
server: Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/7.4.30
x-powered-by: PHP/7.4.30
access-control-allow-origin: https://www.usbfund.com
access-control-allow-credentials: true
access-control-max-age: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:50:01 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:50:01 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:50:01 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:50:01 GMT
Connection: keep-alive
www.usbfund.com/fonts/socicon.woff
200 OK 31 kB URL HTTP/2 www.usbfund.com/fonts/socicon.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 31444, version 1.0\012- data
Hash dcbd1f9c4275862f002f21619e96b8f4
a97cd865925e5102ae7c25aa5dd09112ccf50651
a680b776319127695950fd7c490b17cd15120d683bde57845707a2f7dc0f1a74
Analyzer Verdict Alert fortinet Malware
GET /fonts/socicon.woff HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; IR_gbd=usbfund.com; IR_7486=1670629799898%7C0%7C1670629799898%7C%7C
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Sep 2019 21:47:06 GMT
accept-ranges: bytes
content-length: 31444
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff
date: Fri, 09 Dec 2022 23:50:01 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:50:01 GMT
Connection: keep-alive
www.usbfund.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
200 OK 52 kB URL HTTP/2 www.usbfund.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 4874ec59dc9d51c36b9f02532b82ccc4
b85fcacbc24eaa8f37389b3ce173fc64722fb2a2
fed350a78a82a7825ab92c267f11d04a839a65c2f076847514328934f73788d9
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Oct 2021 18:27:21 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fdfa83b-145c-4be3-a6b8-f5793f03bb94.jpeg
200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fdfa83b-145c-4be3-a6b8-f5793f03bb94.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2670e991a43d526b00562ed6451dd0aa
7ba541ab2af223148304d413e8a19d9e55d9ed7a
f703500f0bcef3b64f97fa17d6d6bb510b71d1fe43098964ff028de8155f1291
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fdfa83b-145c-4be3-a6b8-f5793f03bb94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7933
x-amzn-requestid: a1238d4e-29a4-433f-89a0-7f5e1c9d380f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eVeHUXoAMF4xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa89-26d996ae7911586c07a35c6d;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -naGV8_QoDyJ7fHOE6SZD7cUwZzC5_XMWx6J_KvVy-SExS0LdFWmcw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:07 GMT
age: 7014
etag: "7ba541ab2af223148304d413e8a19d9e55d9ed7a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 44ee520c9a084ee2a04638b6abbb2b0b
ed170b8b964db1163e02c21fe4e9dbfe58e9d42d
e4f33f6556c414b498f99d6b43c4d94fa15e9b235596647d4a8513c78c21e6eb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5302
x-amzn-requestid: ababe39a-ea1a-4a20-9de4-ad71500d9c59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWE-eoAMFZJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-19c2e2c1445527c13b4b66e0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w2vv_xDK6MNt2CX1nqsqt9mRjSOPMxVNrar2XcR44gJPtC0vaK68sg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:48:59 GMT
age: 3662
etag: "ed170b8b964db1163e02c21fe4e9dbfe58e9d42d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 59806
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3481e34b-ab9e-46b1-acd8-f9e532860477.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3481e34b-ab9e-46b1-acd8-f9e532860477.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3acf5a494a6bb8b26858974ede70a33
4bccc3032f7427d881a49250e576c05dd7d5614f
786db0da1198986aeba9aa420a7c89b5b27a09bc48c3806769342159f116705d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3481e34b-ab9e-46b1-acd8-f9e532860477.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12047
x-amzn-requestid: 87cb3342-c784-4ea1-a96e-d1e581a86bea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czqP1Fd0IAMFdww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63915731-178eb2960448312e146f5bd4;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 03:17:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BjbkkmxxwK9xut7yloGC9fRwhMLQRtfcU1JWiyqAUfMNk-WPQab1Cg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:03:10 GMT
age: 6411
etag: "4bccc3032f7427d881a49250e576c05dd7d5614f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 803eac5599fbf8a2a7d9fcb5baf0ea84
ccbfc07e4d07341f3b8484042d0070ec4692d0a3
5f49897d21f1050db53d6e9a80bfffd4b31eecaa1338926b3782584a71bb892a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F49897D21F1050DB53D6E9A80BFFFD4B31EECAA1338926B3782584A71BB892A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8438
Expires: Sat, 10 Dec 2022 02:10:39 GMT
Date: Fri, 09 Dec 2022 23:50:01 GMT
Connection: keep-alive
www.usbfund.com/wp-content/themes/usb/images/currency-dollar.png
200 OK 3.1 kB URL HTTP/2 www.usbfund.com/wp-content/themes/usb/images/currency-dollar.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b1473fe5280b8aae309e98e8ca1a8232
c4e9ba291adbfc8ab86eecec326bcdd608166903
1c4180542bb8cc16485b766aa5259c8f7a181572a9d4d4a83b490525b4b1c6ef
GET /wp-content/themes/usb/images/currency-dollar.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/wp-content/themes/usb/style.css
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; IR_gbd=usbfund.com; IR_7486=1670629799898%7C0%7C1670629799898%7C%7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:36:10 GMT
accept-ranges: bytes
content-length: 3121
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:01 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2b4c44cc196e1f4263a895ef54e6650
c5cea524045b3394c1dfe5e5fcac4637416f8587
e31f4b95811c01b2f2f181e11b7a8e1b4c57c3c7fc067c304e8dacc6fb176442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3963
x-amzn-requestid: f067a6cf-758c-4c35-be64-3970b690ea7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e7VHdnoAMF0Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab7b-485a18b738763b2029f6c653;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s34c1vAKHso9NwDfhOn5053VIDeRGdwNscoMDkkfcNx95irwIB9Hrg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:23 GMT
age: 6938
etag: "c5cea524045b3394c1dfe5e5fcac4637416f8587"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-YYEX7W0G95>m=2oebu0&_p=1033617984&cid=272647737.1670629800&ul=en-us&sr=1280x1024&_s=1&sid=1670629799&sct=1&seg=0&dl=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&dt=Free%20Quote%20-%20US%20Business%20Funding&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debud_mode=false
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-YYEX7W0G95>m=2oebu0&_p=1033617984&cid=272647737.1670629800&ul=en-us&sr=1280x1024&_s=1&sid=1670629799&sct=1&seg=0&dl=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&dt=Free%20Quote%20-%20US%20Business%20Funding&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debud_mode=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-YYEX7W0G95>m=2oebu0&_p=1033617984&cid=272647737.1670629800&ul=en-us&sr=1280x1024&_s=1&sid=1670629799&sct=1&seg=0&dl=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&dt=Free%20Quote%20-%20US%20Business%20Funding&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debud_mode=false HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.usbfund.com
date: Fri, 09 Dec 2022 23:50:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 21c290dbfb25c41b16d5f4b173510852
f4c00a3bc9676065eb11a97b843336b42f2e8fb3
829d70bad600fde828ec521038fa246b0a92d34d95d63e18650850c942a53683
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2941
Cache-Control: max-age=142578
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "6393481e-117"
Expires: Sun, 11 Dec 2022 15:26:19 GMT
Last-Modified: Fri, 09 Dec 2022 14:37:18 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 441bfb76847bd6a1daf09519dd87fd63
3235debe88f57e312dac372bb4454d4ed3092684
2daf744a82546459a750bfb2872c15aa8061be6b66a6d60df0dc0d59a473cbae
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=137893
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "6393387d-1d7"
Expires: Sun, 11 Dec 2022 14:08:14 GMT
Last-Modified: Fri, 09 Dec 2022 13:30:37 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9p86-2YLjcAhPwzOBFpnOQAsOul3NoiJNWaJRsZwHfBDyxNv85ToDg==
Age: 2257
track.sendlane.com/track/event?event_id=xWMCUM2gF97YD&uri=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&cb=catfnve13fa7wey3rsk2
204 No Content 0 B URL HTTP/1.1 track.sendlane.com/track/event?event_id=xWMCUM2gF97YD&uri=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&cb=catfnve13fa7wey3rsk2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track/event?event_id=xWMCUM2gF97YD&uri=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&cb=catfnve13fa7wey3rsk2 HTTP/1.1
Host: track.sendlane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 23:50:01 GMT
Server: Apache
Cache-Control: no-cache, private, max-age=2592000
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Set-Cookie: track_session=eyJpdiI6IlMxdUo1RFdlR2I4LzczU1ArM0U1SUE9PSIsInZhbHVlIjoiSm1kR1NRMHkyREZBRVR3L1hRbmIwNWRVUU55UlIyZWZYWU4ra29GVXlLem5reVZKeGtXaERwdFJDazh3ZjRSeHJ4cjNFVkIyZGU4OEFzT3kwRWsweWdGV3l2cTZwSFRkMDc2NWRpbVpObndiNGdyQWMyQUpHWk15b2pGaXlhWVgiLCJtYWMiOiIxMDZlM2I3YzJjZTIzMGM0MGFiM2Y4MDgxZGE2NmI2NmQ1MmU0NjNkYTkyY2RmODA2NDBkMTA5NGM4MjRjM2NhIiwidGFnIjoiIn0%3D; expires=Sat, 10-Dec-2022 01:50:01 GMT; Max-Age=7200; path=/; domain=sendlane.com; secure; httponly; samesite=lax
Expires: Sun, 08 Jan 2023 23:50:01 GMT
Connection: close
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 441bfb76847bd6a1daf09519dd87fd63
3235debe88f57e312dac372bb4454d4ed3092684
2daf744a82546459a750bfb2872c15aa8061be6b66a6d60df0dc0d59a473cbae
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=138021
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "6393387d-1d7"
Expires: Sun, 11 Dec 2022 14:10:23 GMT
Last-Modified: Fri, 09 Dec 2022 13:30:37 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LFtXUqLzj-M2XsljkAAV-DjijT0rziOxf0jXfmA7Q0I-QvAfPSasnw==
Age: 2385
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 441bfb76847bd6a1daf09519dd87fd63
3235debe88f57e312dac372bb4454d4ed3092684
2daf744a82546459a750bfb2872c15aa8061be6b66a6d60df0dc0d59a473cbae
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 23:50:01 GMT
Last-Modified: Fri, 09 Dec 2022 23:11:45 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ntxzp-nPdyQbfXKCGR4MIPL8eBwArcwEDDurNYdqXRWh9e-69oFsfw==
Age: 2296
tag.getdrip.com/9726461.js
200 OK 8 B URL HTTP/2 tag.getdrip.com/9726461.js
IP
File type ASCII text, with no line terminators
Hash de2e1607e500ee465eca3ec4505c0859
cfd432c8178796a4af548a7ed62f09bdf5fbb897
295bdad3ed86f4eeb0249f30e724344ec7be85582094013a85403ecbb77a0047
GET /9726461.js HTTP/1.1
Host: tag.getdrip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 8
last-modified: Fri, 20 May 2022 20:08:53 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 23:50:02 GMT
etag: "de2e1607e500ee465eca3ec4505c0859"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bIccRIWAj9lp3MImOR0BkZUqRP5nVfSRaMi2OzgyahNrQUnjVZMHEw==
X-Firefox-Spdy: h2
trackcmp.net/t_prism_sitemessages.php?trackid=224499963&prismid=ddac9282-26b9-410f-b5b3-5fa228ac5f79&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
200 OK 0 B URL HTTP/2 trackcmp.net/t_prism_sitemessages.php?trackid=224499963&prismid=ddac9282-26b9-410f-b5b3-5fa228ac5f79&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t_prism_sitemessages.php?trackid=224499963&prismid=ddac9282-26b9-410f-b5b3-5fa228ac5f79&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: trackcmp.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: text/javascript;charset=UTF-8
content-length: 0
x-powered-by: PHP/7.1.33
cache-control: no-cache, private
p3p: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7771a403dee9b4ff-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 48721c0841cbbc1d063ca47c33f91187
5386100753983fe93b91a4d6f108236d07b501fb
fbf95a309ba8c9173a319624a477fe1272defb5b29dd6b89ffa24e828c13b79a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3920
Cache-Control: max-age=125547
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "639301c4-116"
Expires: Sun, 11 Dec 2022 10:42:28 GMT
Last-Modified: Fri, 09 Dec 2022 09:37:08 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
omnisrc.com/inshop/launcher-v2.js
200 OK 15 kB URL HTTP/2 omnisrc.com/inshop/launcher-v2.js
IP
File type ASCII text, with very long lines (32010)
Hash 69ddfe1c4a040e3ae67f857aa38455a5
5a5b06c73675003b72ea2c05554fedfc9b5a6905
8e9b4ea26db94eac851b02f347d8ea921ce868fe1e0c55ced3bc2f234da2e133
GET /inshop/launcher-v2.js HTTP/1.1
Host: omnisrc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 07:45:26 GMT
etag: W/"63885b96-d5b0"
expires: Fri, 09 Dec 2022 23:28:04 GMT
cache-control: max-age=3600
x-envoy-upstream-service-time: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 3054
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 7771a401e894b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 48721c0841cbbc1d063ca47c33f91187
5386100753983fe93b91a4d6f108236d07b501fb
fbf95a309ba8c9173a319624a477fe1272defb5b29dd6b89ffa24e828c13b79a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3920
Cache-Control: max-age=125547
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:01 GMT
Etag: "639301c4-116"
Expires: Sun, 11 Dec 2022 10:42:28 GMT
Last-Modified: Fri, 09 Dec 2022 09:37:08 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
aorta.clickagy.com/pixel.gif?clkgypv=jstag
302 Found 0 B URL HTTP/2 aorta.clickagy.com/pixel.gif?clkgypv=jstag
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?clkgypv=jstag HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/json
content-length: 0
location: https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:3b49683b68be861543aeee01713fa50c&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
server: Aorta/20221205.a0953a8c4
x-aorta-host: f4ce3d8fd9cd
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
aorta.clickagy.com/liveramp_redir
302 Found 0 B URL HTTP/2 aorta.clickagy.com/liveramp_redir
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /liveramp_redir HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/json
content-length: 0
location: https://id.rlcdn.com/711861.gif
server: Aorta/20221205.a0953a8c4
x-aorta-host: 52e6e9ad5d20
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
www.checkbca.org/CompanyWidget.aspx?ID=100094667&WidgetType=1
301 Moved Permanently 196 B URL HTTP/2 www.checkbca.org/CompanyWidget.aspx?ID=100094667&WidgetType=1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash e4450c4791dadbc8f0fe8409a9b278ec
70f8e597f291a8a247c4f1bbbc4586e300f75723
e350fe60679b3272336147b700171d459374f3a66c6e228673a94ec0d9239b7e
GET /CompanyWidget.aspx?ID=100094667&WidgetType=1 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 196
X-Firefox-Spdy: h2
process.iconnode.com/keyword/
200 OK 37 B URL HTTP/2 process.iconnode.com/keyword/
IP
File type ASCII text, with no line terminators
Hash 04c77605ac74dbe6afefa1ea7610959d
489034618181dafa623bad96ec03fb647318c09d
69c669b88b615dbe84d5cf62aff4f85b275ba49590279ad4eaa699d3de43bff5
POST /keyword/ HTTP/1.1
Host: process.iconnode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1038
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: text/html; charset=UTF-8
content-length: 37
server: Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/7.4.30
x-powered-by: PHP/7.4.30
access-control-allow-origin: https://www.usbfund.com
access-control-allow-credentials: true
access-control-max-age: 86400
X-Firefox-Spdy: h2
hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
200 OK 28 B URL HTTP/2 hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 830cb026fae1a13104725d2b3100ec10
40188da405f4a93c90f0b5e060e0ccca8e483eba
4d32822dd4fd4e7b58950d7c693e301eaa19b29305077afaebc12852df7f4ee0
GET /external/hasHashes?clkgypv=jstag&cb=null HTTP/1.1
Host: hemsync.clickagy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: text/plain; charset=utf-8
content-length: 28
access-control-allow-origin: https://www.usbfund.com
vary: origin
access-control-allow-credentials: true
access-control-expose-headers: content-length, last-modified, expires, content-type
content-encoding: gzip
X-Firefox-Spdy: h2
www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
200 OK 6.8 kB URL HTTP/2 www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (604), with CRLF line terminators
Hash d265fe1ca2984950513b8f93754993fa
ea0c36efeb2acaa6b78a0e88db60cbc75d62a809
e0b47f489ca4612b3055453677c681e6ef0b14de2623acbe794dcb29434b635b
GET /companywidget.aspx?ID=100094667&WidgetType=1 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=doocidcymm1lgjxpvd0420mm; path=/; secure; HttpOnly; SameSite=Lax
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 6794
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 405868529e272bec0ff95e9591b5d8f5
ca24dadd405fcd4aa2867f625da9141db57d2b87
244695fb3522059026d1eba1b9b2cf3d186e8aa8f44976e5630ee5cf289aa8c0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1330
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Last-Modified: Fri, 09 Dec 2022 23:27:52 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
serve.albacross.com/track.js
200 OK 4.1 kB URL HTTP/1.1 serve.albacross.com/track.js
IP
File type ASCII text, with very long lines (10418)
Hash e062066a14a30b3ed3b72c5b31f21ffe
064e97457f03f59e40134ea46a21ba6e98a90c68
7bc78e48c07227b97701737a2799c978d37ff3f2350b02043ce69464de7399de
GET /track.js HTTP/1.1
Host: serve.albacross.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 13:13:21 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 23:49:56 GMT
Cache-Control: max-age=120
ETag: W/"b769e9b4f23be6c9bab7c715fdf2526a"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6IeUYexrZrOQ88z5ZXBLx9OTIxuw1KiVvMLgr4dSYHfeW6CD-0Mj-Q==
Age: 16
snap.licdn.com/li.lms-analytics/insight.min.js
200 OK 4.6 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12961)
Hash c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=20162
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 22:41:08 GMT
expires: Sat, 10 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 4134
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
munchkin.marketo.net/munchkin.js
200 OK 728 B URL HTTP/1.1 munchkin.marketo.net/munchkin.js
IP
File type ASCII text, with very long lines (521)
Hash 51a92d8c69733d719447dea0416ed039
69f4c1e0b7ebba812bc096708d57627927dff265
cb483c0ea4012ac512bcba6204b37622b388c1aefd4ae9028f60abb965f23d29
GET /munchkin.js HTTP/1.1
Host: munchkin.marketo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Length: 728
Connection: keep-alive
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
js.hs-banner.com/v2/5627136/banner.js
200 OK 226 kB URL HTTP/2 js.hs-banner.com/v2/5627136/banner.js
IP
File type ASCII text, with very long lines (65044)
Size 226 kB (225963 bytes)
Hash 1afda7d12a49d094f724e7e7977e709d
806a9114c3b4f6a86cd5d6719b6599daa7782567
a8ec14e84afda8f0a6325c5f6d725ae5865aaf8ee6d0dc310f9a0a5985aee5c9
GET /v2/5627136/banner.js HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: text/javascript; charset=UTF-8
x-amz-id-2: ZiYMCaN3uO3rpdX7UX7Pw2fg6nYf63nXWzjsG/kCY4FsdbuXi9JOHINpcXN/cK4fGhsmKwR1HlM=
x-amz-request-id: AXQJWSHKQKKWFKR6
last-modified: Thu, 08 Dec 2022 21:24:15 GMT
etag: W/"11ce068cbee778b0940075cd276a5ed7"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: 9vdprWEsB6H0SRYJ2TXu_MEHuK6OmY2J
access-control-allow-origin: https://www.usbfund.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
vary: origin, Accept-Encoding
expires: Fri, 09 Dec 2022 23:55:01 GMT
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7771a4010d58b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 727 B IP
Hash a19301227eb430d7ce5389ca4b4f4a60
a5abbbecbed2eb7e194b2341c84bb23e5203b17c
1d6972db158d2884f9d17ef3f38eb9ac9685b89e5fd99bf367f5763238bb477d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3390
Cache-Control: max-age=113838
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6392d61a-2d7"
Expires: Sun, 11 Dec 2022 07:27:20 GMT
Last-Modified: Fri, 09 Dec 2022 06:30:50 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 727
tag.simpli.fi/sifitag/7c49dfc0-b0ef-0139-b544-06a60fe5fe77
200 OK 3.1 kB URL HTTP/2 tag.simpli.fi/sifitag/7c49dfc0-b0ef-0139-b544-06a60fe5fe77
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (3100)
Hash 3f39bd6aa96de4bb5bd9275b06354981
14f61e1cbeb536266027c98d8f48cc3211f1a2b2
4f8cbfd5c952dcec41e51c8cdf551acc7acf44e7e4d51ab90be179a503fb4b00
GET /sifitag/7c49dfc0-b0ef-0139-b544-06a60fe5fe77 HTTP/1.1
Host: tag.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 3101
set-cookie: suid=908255EA8875441C8B5BA98647C7AA4C; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=908255EA8875441C8B5BA98647C7AA4C; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
x-request-id: Fy9E9CJAWUuWhhAAql1B
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache, no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 6fdb9b8e1963d5f13d91db22e9294f97
f808d36103005c224eb6f7e4543d30271d2957b0
7ca8f99e7a6c7664a782af94d7b833d3a6374601a8a3a5cd382726d5d7fa3030
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:42:55 GMT
Expires: Wed, 14 Dec 2022 13:42:54 GMT
Etag: "f808d36103005c224eb6f7e4543d30271d2957b0"
Cache-Control: max-age=394971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7771a40708f10b69-OSL
tag.simpli.fi/sifitag/86f38cc0-b0ef-0139-8e82-06b4c2516bae
200 OK 19 kB URL HTTP/2 tag.simpli.fi/sifitag/86f38cc0-b0ef-0139-8e82-06b4c2516bae
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash 52b7b827f457eeef60c76aad0ca6959a
6b618710b6f474adef2cc9766ccea5aa913d9cf7
578c1ae45e8f9ef62b52d40ac4ee27cdd93172eb44d134aaa5b43061e3b65cb2
GET /sifitag/86f38cc0-b0ef-0139-8e82-06b4c2516bae HTTP/1.1
Host: tag.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 3101
set-cookie: suid=C024400BCBA64692BF19B162F18FEA3B; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=C024400BCBA64692BF19B162F18FEA3B; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
x-request-id: Fy9E9CLN8WZmuBYAql3B
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache, no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 405267893b09098546bee5d8ede1116d
ce793acc9c2e0125666c70ddb0652efb36dce218
9bde178634d46182931131c81be0966c5f83c8be9cd05b20a1cdedc211053c03
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6392723f-1d7"
Last-Modified: Fri, 09 Dec 2022 22:58:09 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2p6VKI3rPgTPl0-OgJengL5sfQYrJMuVYrOyNJ36gAZh3ZM84eOuaQ==
Age: 3113
www.usbfund.com/wp-content/uploads/cropped-iconusbfund-192x192.png
200 OK 20 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/cropped-iconusbfund-192x192.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 273b22a347363c8bfaa20ddcca897d53
0bf5106cb96db26030ae4bee997db3aef8914130
3c673a54e1fea64b6b57dc31365058249f665f327b0e032746b310a2f6a2c0b2
GET /wp-content/uploads/cropped-iconusbfund-192x192.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; IR_gbd=usbfund.com; IR_7486=1670629799898%7C0%7C1670629799898%7C%7C; soundestID=20221209235000-ObiZEZaayKrCgcDTgRsIDwwdfRfpolzaFOssQGrrXKUevMqj8; omnisendAnonymousID=Hjb8lBpniSNUmG-20221209235000; omnisendSessionID=SBimiFgh17aCJi-20221209235000; __ss_tk=202212%7C6393c9a9a37a766d470b333a; prism_224499963=ddac9282-26b9-410f-b5b3-5fa228ac5f79; soundest-views=1; wc_swap=9494033490+..+9494611140+..+68836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:15:06 GMT
accept-ranges: bytes
content-length: 19606
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:02 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/uploads/cropped-iconusbfund-32x32.png
200 OK 1.4 kB URL HTTP/2 www.usbfund.com/wp-content/uploads/cropped-iconusbfund-32x32.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 331f8022f00882988b3dd50a45511040
295b137770dedf8de5101ba30c05f515e21b6fb0
f83bb7fbb6ab6b05a6129fdc513d6edeb3b9029b0cbe6cf3eae361ad56c58cf5
GET /wp-content/uploads/cropped-iconusbfund-32x32.png HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Cookie: _gcl_au=1.1.1231691854.1670629800; __ss=1670629799737; __ss_referrer=https%3A//www.usbfund.com/free-quote/%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan; _ga_YYEX7W0G95=GS1.1.1670629799.1.0.1670629799.0.0.0; _ga=GA1.1.272647737.1670629800; wc_visitor=100980-e8246573-fa71-977e-50ba-af499d34a951; wc_client=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; wc_client_current=bayengage+..+campaign-email+..+how-to-write-a-business-plan-to-get-approved-for-a-loan+..++..++..++..+https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan+..+100980-e8246573-fa71-977e-50ba-af499d34a951+..+; IR_gbd=usbfund.com; IR_7486=1670629799898%7C0%7C1670629799898%7C%7C; soundestID=20221209235000-ObiZEZaayKrCgcDTgRsIDwwdfRfpolzaFOssQGrrXKUevMqj8; omnisendAnonymousID=Hjb8lBpniSNUmG-20221209235000; omnisendSessionID=SBimiFgh17aCJi-20221209235000; __ss_tk=202212%7C6393c9a9a37a766d470b333a; prism_224499963=ddac9282-26b9-410f-b5b3-5fa228ac5f79; soundest-views=1; wc_swap=9494033490+..+9494611140+..+68836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:14:07 GMT
accept-ranges: bytes
content-length: 1438
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 09 Dec 2022 23:50:02 GMT
server: Apache
X-Firefox-Spdy: h2
id.rlcdn.com/711861.gif
451 Unavailable For Legal Reasons 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /711861.gif HTTP/1.1
Host: id.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prism.app-us1.com/?a=224499963&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
200 OK 7.1 kB URL HTTP/2 prism.app-us1.com/?a=224499963&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP
File type ASCII text, with very long lines (30837)
Hash 625835e9a2dc61543f3900917c08b709
768c0fd8c89682eae26dd437944f41b3f338a1a4
6caf4ddc9314984eeaa166b6bb68a007f09c13b0b487b478d79cf4a41adfa686
GET /?a=224499963&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: prism.app-us1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/javascript
cache-control: no-cache, private
set-cookie: prism_224499963=ddac9282-26b9-410f-b5b3-5fa228ac5f79; expires=Sun, 08-Jan-2023 23:50:01 GMT; Max-Age=2592000; path=/; secure; httponly; samesite=none
x-envoy-upstream-service-time: 49
x-powered-by: PHP/7.4.32
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7771a4028d7e1c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/jquery.selectBox.css
301 Moved Permanently 180 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectBox.css
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 65d99af646ca7622a01fc0d3eb7a6b6d
a6b71820c0572f17c183b5669255346947bc3492
425fea6b4acfc8c48eee414af2be035b5c77a87742cf0bb46b136d07e0c29f6a
GET /stylesheets/jquery.selectBox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/stylesheets/jquery.selectbox.css
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 180
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/style.css
200 OK 11 kB URL HTTP/2 www.checkbca.org/stylesheets/style.css
IP
File type assembler source, Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators
Hash a3ec3a585ca53c4eaa1082ae3427a329
7f08739e149ab8dc280a05b280c31b04bfb1bd6d
1e44bca5aecfd50bff07a4df9f9bb9c524f6addd9c24bb8c463eef67798283c9
GET /stylesheets/style.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: text/css
content-encoding: gzip
last-modified: Wed, 07 Dec 2022 22:31:00 GMT
accept-ranges: bytes
etag: "0aaf5948bad91:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 10899
X-Firefox-Spdy: h2
munchkin.marketo.net/162/munchkin.js
200 OK 4.7 kB URL HTTP/1.1 munchkin.marketo.net/162/munchkin.js
IP
File type ASCII text, with very long lines (606)
Hash 3e9baed982956735f6e0a0e756d97ed9
9223be6a494a10959101a7942419df7b05b84d73
930a508ed0ea6b4861d19c0738360182514010913c4ebfe9352064ae5006f8a1
GET /162/munchkin.js HTTP/1.1
Host: munchkin.marketo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=8640000
Expires: Sun, 19 Mar 2023 23:50:02 GMT
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Length: 4677
Connection: keep-alive
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
cdn.linkedin.oribi.io/partner/58092/domain/usbfund.com/token
200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/58092/domain/usbfund.com/token
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/58092/domain/usbfund.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.usbfund.com/
Origin: https://www.usbfund.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Fri, 09 Dec 2022 22:08:42 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ThaGP8QJm7YzdBDYiPf3Q4pcQ2IJu8gsAdriyX41xG-cWNEH7ybobw==
age: 6080
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 405267893b09098546bee5d8ede1116d
ce793acc9c2e0125666c70ddb0652efb36dce218
9bde178634d46182931131c81be0966c5f83c8be9cd05b20a1cdedc211053c03
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89252
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6392723f-1d7"
Expires: Sun, 11 Dec 2022 00:37:34 GMT
Last-Modified: Thu, 08 Dec 2022 23:24:47 GMT
Server: ECS (dcb/7FA6)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: otoQFFTw21YNL_S8zmlzhLNAXqxcbTZB3prNaN18JkSAyeLA8KssdA==
Age: 4368
px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1670629800998%26url%3Dhttps%253A%252F%252Fwww.usbfund.com%252Ffree-quote%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQKzbZvOyDd9TAAAAYT5S8E06qLLbV6Td7UD-Nctj-RvKBV2NneEduMgP_Li8bduAzoSc0CU9wvodw; Max-Age=2592000; Expires=Sun, 08 Jan 2023 23:50:02 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQK6XHX4HO2udwAAAYT5S8E07cQd02Sm0t-f1-4Lr4TJt0W9I7XmW9YVz7dTcF0X9jJraXuO5MHO637nTsGVow; Max-Age=2592000; Expires=Sun, 08 Jan 2023 23:50:02 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&cf72e41b-36bd-4583-8933-26a911d5580e"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Dec-2023 23:50:02 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2452:u=1:x=1:i=1670629802:t=1670716202:v=2:sig=AQFZAl_B6a3eyOQN9ozjmHRUStQPOJsO"; Expires=Sat, 10 Dec 2022 23:50:02 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXvbc/qmh4YUV23X36ttw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5E7CDBC7EED44CA88D1FBFF4F6098442 Ref B: OSL30EDGE0408 Ref C: 2022-12-09T23:50:02Z
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 0
X-Firefox-Spdy: h2
www.checkbca.org/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBAd-3g2iBrrqGpefWWgmRAZw8TONzGF-aV_9TjkbkyCvwDWnstKlAYe583il9NLzw2&t=637823077705833095
200 OK 23 kB URL HTTP/2 www.checkbca.org/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBAd-3g2iBrrqGpefWWgmRAZw8TONzGF-aV_9TjkbkyCvwDWnstKlAYe583il9NLzw2&t=637823077705833095
IP
File type ASCII text, with CRLF line terminators
Hash 20180537e2ac64e5c60143ac90c84998
82d03de61c4dededbc9fd79d8c3a8e18d3b43744
0999cb5dfb2dcd76a944ef880be49f8e2d66fc60d00817e2b251ba0a67090cbf
GET /WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBAd-3g2iBrrqGpefWWgmRAZw8TONzGF-aV_9TjkbkyCvwDWnstKlAYe583il9NLzw2&t=637823077705833095 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-type: application/x-javascript
content-encoding: gzip
expires: Sat, 09 Dec 2023 23:43:51 GMT
last-modified: Tue, 08 Mar 2022 11:42:50 GMT
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 23086
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
301 Moved Permanently 188 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6f83537ac9d2567aa0049ad8d28282d8
7e4975fe0edee16d97ab1f59dd7473a95902f30e
c614ae1fc44d88ab3555782295fd0de23f7b1062ef93e0777530a9ff2fdb2fe6
GET /Scripts/WebForms/MsAjax/MicrosoftAjax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 188
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
301 Moved Permanently 196 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 95d708e49ef3d81c5832e354dbdafb01
ddb6aa6d1990a59c42331129fef517bb9101fad1
429e36746d58356e8d7fd50c755f2ec8de5fcf67bc3980f782eef9c14e89db18
GET /Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 196
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery-3.3.1.min.js
200 OK 30 kB URL HTTP/2 www.checkbca.org/scripts/jquery-3.3.1.min.js
IP
File type ASCII text, with very long lines (65451)
Hash a263be51483c81a54aa8c85104a93e55
555a54a73531c553bd2aede6abc25c128b63312e
b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66
GET /scripts/jquery-3.3.1.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 30394
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectBox.js
301 Moved Permanently 175 B URL HTTP/2 www.checkbca.org/scripts/jquery.selectBox.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 46da262b5b1399dfbf30fac73e57a298
c176cf3cfa6da6a0748c497591ff3619467d6434
4089029c368f61bcc5e6be36c952e1c440e0e20475e247b8316c6ce57ea7cc99
GET /scripts/jquery.selectBox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/jquery.selectbox.js
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 175
X-Firefox-Spdy: h2
aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:3b49683b68be861543aeee01713fa50c&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
302 Found 471 B URL HTTP/2 aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:3b49683b68be861543aeee01713fa50c&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
IP
Hash 6fdb9b8e1963d5f13d91db22e9294f97
f808d36103005c224eb6f7e4543d30271d2957b0
7ca8f99e7a6c7664a782af94d7b833d3a6374601a8a3a5cd382726d5d7fa3030
GET /adscores/g.pixel?sid=9212289188&_puid=c:3b49683b68be861543aeee01713fa50c&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:02 GMT
location: https://d.agkn.com/pixel/10751/?che=1670629802059&ip=91.90.42.154&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219693204360004348711
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3AEU0Ybw1f%2BicmC7uR2y7UDKwQYeCH5yKT; Path=/; Domain=.agkn.com; Expires=Sat, 09-Dec-2023 23:50:02 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
um.simpli.fi/tapad
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /tapad HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=D00FE891080A48DB8861BFC74A20E387
set-cookie: suid=D00FE891080A48DB8861BFC74A20E387; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=D00FE891080A48DB8861BFC74A20E387; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/freewheel
200 OK 43 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /freewheel HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=781D8F03988D43F98827F79F65922F15; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=781D8F03988D43F98827F79F65922F15; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/dtnx
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /dtnx HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://fei.pro-market.net/engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;
set-cookie: suid=4773A184BA0F45A9BCC8ED8BC66C16CF; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=4773A184BA0F45A9BCC8ED8BC66C16CF; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/exelatem
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /exelatem HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=B0A3366DA85045789F3B963658F11F6E&j=0
set-cookie: suid=B0A3366DA85045789F3B963658F11F6E; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=B0A3366DA85045789F3B963658F11F6E; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
rec.smartlook.com/es6/init.9f9eccdc0bb055a30c0f.js
200 OK 15 kB URL HTTP/2 rec.smartlook.com/es6/init.9f9eccdc0bb055a30c0f.js
IP
ASN #60068 Datacamp Limited
Hash 200f9f3e067776b7479750e537fdf15c
25267ba01a5b7dd4c50fb28d6b9fff8fdb788a03
5533df5335e5fc7fd5643d42d6144bcccc67d0f9560c4fb6e005f29ad60a9eb8
GET /es6/init.9f9eccdc0bb055a30c0f.js HTTP/1.1
Host: rec.smartlook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: cross-origin
etag: W/"6390556d-d4c1"
last-modified: Wed, 07 Dec 2022 08:57:17 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-accel-expires: @1701952445
server: CDN77-Turbo
x-77-nzt: AblMCQ3O9x7/bUEDAA
x-77-nzt-ray: c0a4cc28902971e0aac99363ec38530f
x-cache: HIT
x-age: 213357
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
um.simpli.fi/beachfront
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /beachfront HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://sync.bfmio.com/sync?pid=141&uid=F7CE69D7E4DC45B39F85F4638C73F33C
set-cookie: suid=F7CE69D7E4DC45B39F85F4638C73F33C; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=F7CE69D7E4DC45B39F85F4638C73F33C; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/crwdcntrl
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /crwdcntrl HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0B12A4C437D54510A0A5709A43EF8BC2
set-cookie: suid=0B12A4C437D54510A0A5709A43EF8BC2; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=0B12A4C437D54510A0A5709A43EF8BC2; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/lj_match
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /lj_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://ce.lijit.com/merge?pid=2&3pid=2B02967A397C431DA8EC64C648CD5B34
set-cookie: suid=2B02967A397C431DA8EC64C648CD5B34; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=2B02967A397C431DA8EC64C648CD5B34; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
i.simpli.fi/p?cid=323546&cb=sifi_att_42656._hp
200 OK 892 B URL HTTP/2 i.simpli.fi/p?cid=323546&cb=sifi_att_42656._hp
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (756), with CRLF line terminators
Hash a6542c6bacecfaa0bb24f533bdc91403
33bf4abc733e612d1cdb4cd83636123d179b293c
211a083be931ce2ce9fe45f8dadf733514b787e59b2c8e32281f01f6ce9dddfc
GET /p?cid=323546&cb=sifi_att_42656._hp HTTP/1.1
Host: i.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: application/javascript; charset=UTF-8
set-cookie: suid=8ACA3911A7C64E42B620EF97FBEC2A78; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=8ACA3911A7C64E42B620EF97FBEC2A78; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
uid_syncd=true; path=/; expires=Fri, 16 Dec 2022 23:50:02 GMT; domain=.simpli.fi; secure
uid_syncd_secure=true; path=/; expires=Fri, 16 Dec 2022 23:50:02 GMT; domain=.simpli.fi; samesite=none; secure
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache, no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2
omnisnippet1.com/inShop/forms.js?v=2022-12-09T23
200 OK 50 kB URL HTTP/2 omnisnippet1.com/inShop/forms.js?v=2022-12-09T23
IP
File type ASCII text, with very long lines (32114)
Hash 18bba7c232605bc8c3da57fd5cd68319
2aad86eaf1c1ca670dcec2afdcb4f9b7ff8bd759
da2acd719c86413713a1242585994b71cc68bb280215d107e203a395842e95c3
GET /inShop/forms.js?v=2022-12-09T23 HTTP/1.1
Host: omnisnippet1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 07:45:26 GMT
etag: W/"63885b96-2029c"
expires: Fri, 09 Dec 2022 23:52:25 GMT
cache-control: max-age=3600
x-envoy-upstream-service-time: 2
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2884
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 7771a404ccdb0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
um.simpli.fi/an
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /an HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://ib.adnxs.com/setuid?entity=66&code=2AB7EA0675D5450893B8FDDAAD6C9A61
set-cookie: suid=2AB7EA0675D5450893B8FDDAAD6C9A61; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=2AB7EA0675D5450893B8FDDAAD6C9A61; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/rb_match
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /rb_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B81A8D4CE5EB4DC7B07ED60ED4A3C31F&expires=365
set-cookie: suid=B81A8D4CE5EB4DC7B07ED60ED4A3C31F; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=B81A8D4CE5EB4DC7B07ED60ED4A3C31F; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/ox_match
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /ox_match HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=524652299ECC44ED802DAC70FC80FBD4
set-cookie: suid=524652299ECC44ED802DAC70FC80FBD4; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=524652299ECC44ED802DAC70FC80FBD4; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/intentiq
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /intentiq HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=62289965D84B4DA0A5311B2FB456A522
set-cookie: suid=62289965D84B4DA0A5311B2FB456A522; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=62289965D84B4DA0A5311B2FB456A522; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/58092/domain/usbfund.com/token
200 OK 204 B URL HTTP/2 cdn.linkedin.oribi.io/partner/58092/domain/usbfund.com/token
IP
Hash 899ca9554410bea6c9b9cdbbc65fd2e4
5ec92132d260813bba1bc62607edb439488d27b0
218ed8a78ba0e5901d714e8018b67aafcce86d5bfab25b2465acf87d24987ee7
GET /partner/58092/domain/usbfund.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Fri, 09 Dec 2022 23:44:28 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kRNMIEFyHWzAVxkQwWL2JEOhkVWWxZ9_xEm-_-3uc9Iq2H3pgldMoA==
age: 334
X-Firefox-Spdy: h2
um.simpli.fi/ad_advisor
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /ad_advisor HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=B56AA4E805394EFEB73DB5BCEAA8AEFE
set-cookie: suid=B56AA4E805394EFEB73DB5BCEAA8AEFE; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=B56AA4E805394EFEB73DB5BCEAA8AEFE; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
302 Found 296 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 0103dd025950e32d5eb84f8e72ddb997
9ddb94b670f62f21ddee3157f2ad97d122bf8248
ad325fee7bf9ae842aa1ea62cadbd134bf6590eaa84413165b1b7c6f4e5afd0d
GET /pixel?google_nid=simplifi&google_cm&google_sc HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
date: Fri, 09 Dec 2022 23:50:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 296
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 10-Dec-2022 00:05:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3a7cafa2c0f4eafbe69e0b26dda0447d
0123b955c3ab7c64b9d19a09f868da180e4ca524
f0fe6e6dec3ffa992fbc0c9efdc85b5959dd76c92bd62722026512cc36068875
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
um.simpli.fi/pubmatic
200 OK 43 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /pubmatic HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=42599C1AB5844ED4BEE6E455F239CC21; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=42599C1AB5844ED4BEE6E455F239CC21; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
um.simpli.fi/telaria_p
302 Found 142 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /telaria_p HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
location: https://simplifi.partners.tremorhub.com/sync?UISF=DE17F3BBD9D24259A06F71393AD12A93
set-cookie: suid=DE17F3BBD9D24259A06F71393AD12A93; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=DE17F3BBD9D24259A06F71393AD12A93; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.bxslider.min.js
200 OK 5.1 kB URL HTTP/2 www.checkbca.org/scripts/jquery.bxslider.min.js
IP
File type ASCII text, with very long lines (18813)
Hash 9777aab0bd6025cd5c7ecaebd409284d
ab73cc0c1c09e58a1fa0d5bda44c313f697f14da
7b01c6335fa7c91f0b359d56158676c2553323f6e09dd01db242b0da0d104d1b
GET /scripts/jquery.bxslider.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 5135
X-Firefox-Spdy: h2
www.checkbca.org/scripts/scripts.js
200 OK 4.3 kB URL HTTP/2 www.checkbca.org/scripts/scripts.js
IP
File type ASCII text, with CRLF line terminators
Hash 3b38a1caac14cc0685da48549e84da3b
2ce4f852dced2ddee12614640dcfeb0f3a96ae48
4e45d270791d6d30c782e95c1763ef0a1ac7b934d5cb703b651f3c6434c8b22b
GET /scripts/scripts.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 07 Dec 2022 22:30:57 GMT
accept-ranges: bytes
etag: "80e62b938bad91:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 4272
X-Firefox-Spdy: h2
www.checkbca.org/images/widget_member_seal.png
200 OK 4.9 kB URL HTTP/2 www.checkbca.org/images/widget_member_seal.png
IP
File type PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash b16b18a3bc55b39e53d58026662582b1
f1ef3e2605c0eb6afd312dcc7b354b4d0dee54a2
fb715daa7fae403543290995b70576747818581d044e57b5ac072fd27c84e1bf
GET /images/widget_member_seal.png HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: image/png
last-modified: Sat, 09 May 2020 03:31:08 GMT
accept-ranges: bytes
etag: "8a855647b225d61:0"
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 4897
X-Firefox-Spdy: h2
d.agkn.com/pixel/10751/?che=1670629802059&ip=91.90.42.154&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219693204360004348711
302 Found 0 B URL HTTP/1.1 d.agkn.com/pixel/10751/?che=1670629802059&ip=91.90.42.154&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219693204360004348711
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/10751/?che=1670629802059&ip=91.90.42.154&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219693204360004348711 HTTP/1.1
Host: d.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate
Date: Fri, 09 Dec 2022 23:50:01 GMT
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219693204360004348711
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: ab=0001%3Ay33T0JenU7tOFb%2Bl3Kl10hsWPO0433vP;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
u=C|0AAArJoYqKyaGKgAAAAAA;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
Content-Length: 0
Connection: keep-alive
www.checkbca.org/stylesheets/jquery.selectbox.css
200 OK 844 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectbox.css
IP
File type ASCII text, with very long lines (2823), with no line terminators
Hash ef6ac3dc00cd170fb2e40e76489dc10d
02964dcc31527690062facef2f5ca2c0cf24ea23
06e4f8e3d1d4e68a23c9fd4927304906f912307b71f80025f6b74dfe3945d813
GET /stylesheets/jquery.selectbox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: text/css
content-encoding: gzip
last-modified: Fri, 02 Aug 2019 17:52:06 GMT
accept-ranges: bytes
etag: "0a783ff5a49d51:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 844
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash b87227d6a1f0bae089f3502e52e090ff
a59fb4ba1aefaf39cb350907c853f43fdba42e00
fab5177ef331a3b8c22a4a481f2c72f4ebd8e3c5d94fdd2f946445941e9ff665
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6202
Cache-Control: max-age=107991
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6392b447-1d7"
Expires: Sun, 11 Dec 2022 05:49:53 GMT
Last-Modified: Fri, 09 Dec 2022 04:06:31 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.googleadservices.com/pagead/conversion/1026675585/?random=1670629802216&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
302 Found 42 B URL HTTP/2 www.googleadservices.com/pagead/conversion/1026675585/?random=1670629802216&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/conversion/1026675585/?random=1670629802216&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:50:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&sscte=1&crd=
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
200 OK 24 kB URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
IP
File type ASCII text, with very long lines (65262), with CRLF line terminators
Hash 1aa546445a52ff5e781cb1e335f445c4
a8071c7d8f7c2798100ceed7ef5842a587cc41d2
6a3e80b4cc602560e187e061ff5070fdda5c608125956f878f417b01867f6b09
GET /scripts/webforms/msajax/microsoftajax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 07 Dec 2022 22:30:59 GMT
accept-ranges: bytes
etag: "80135d948bad91:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 24320
X-Firefox-Spdy: h2
pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=D00FE891080A48DB8861BFC74A20E387
302 Found 0 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=D00FE891080A48DB8861BFC74A20E387
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idsync/ex/receive?partner_id=2305&partner_device_id=D00FE891080A48DB8861BFC74A20E387 HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:02 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1670629802556;Expires=Tue, 07 Feb 2023 23:50:02 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=814adbbe-45bf-4f6f-947d-3882485edd5c;Expires=Tue, 07 Feb 2023 23:50:02 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=D00FE891080A48DB8861BFC74A20E387
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectbox.js
200 OK 4.2 kB URL HTTP/2 www.checkbca.org/scripts/jquery.selectbox.js
IP
File type Unicode text, UTF-8 text, with very long lines (15896), with no line terminators
Hash 786f2eb7bf72098ca18b9afd6d127237
5e75cb575c23f13e064a913cbe55570670e718ab
d8a1f1df33bbe0f528bfd53be5c1388890220e54c5aaa7281b889a1e5dde3189
GET /scripts/jquery.selectbox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 20:49:20 GMT
accept-ranges: bytes
etag: "0c813b69165d41:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 4192
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1670629800998%26url%3Dhttps%253A%252F%252Fwww.usbfund.com%252Ffree-quote%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue
302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1670629800998%26url%3Dhttps%253A%252F%252Fwww.usbfund.com%252Ffree-quote%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D58092%26time%3D1670629800998%26url%3Dhttps%253A%252F%252Fwww.usbfund.com%252Ffree-quote%252F%253Futm_source%253Dbayengage%2526utm_medium%253Dcampaign-email%2526utm_campaign%253Dhow-to-write-a-business-plan-to-get-approved-for-a-loan%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&7b1d0016-024d-463a-8d70-9f548b003ba6"; Domain=.linkedin.com; Expires=Sat, 09-Dec-2023 23:50:02 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20221209235002ca827d38-a6d0-4f88-844e-c4248141ca41AQE_rHCDFfGJwenOugBauytNInYLfJzg"; Domain=.www.linkedin.com; Expires=Sat, 09-Dec-2023 23:50:02 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzA2Mjk4MDI7MjswMjFZaoYd5gbwqtb4QXPJb2JUGsy06YBC7Yn65jahI0J+EQ==; Domain=.linkedin.com; Expires=Wed, 07 Jun 2023 23:50:02 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2433:u=1:x=1:i=1670629802:t=1670716202:v=2:sig=AQGLsVudAGs475thptKrIrA5T36WsDNj"; Expires=Sat, 10 Dec 2022 23:50:02 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXvbc/t23JeaJ4Ld0r74Q==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 54EFE3C6DC4B47A6A87B1B803CC04783 Ref B: OSL30EDGE0408 Ref C: 2022-12-09T23:50:02Z
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 0
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
302 Found 248 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 90f3317c598426fe1c249b0cc4845475
72856fffdc53e9e630c38bbd9b4fe04afb72015a
2d722b67473e8cf5282435d3608e9a9fe2092279aceaf9d88d4b89fecac69c8b
GET /pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://um.simpli.fi/g_match?id=&google_error=3
date: Fri, 09 Dec 2022 23:50:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 248
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 522863b034fe9c1438b875b444621c82
4f0f6ea833a78ff184a7eef32597cb2f8114d88e
d1577d03bab9f246ee36d7878ebe6e40286270a6db53e3534ef9e7d863e37a7d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 23:50:02 GMT
Last-Modified: Fri, 09 Dec 2022 23:02:52 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5VIM2tHN-Lnuq-5-H2j0qlNodyDF3uhBiEQt3u0tq8A3OrhAap8LLA==
Age: 2830
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=62289965D84B4DA0A5311B2FB456A522
403 Forbidden 986 B URL HTTP/2 sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=62289965D84B4DA0A5311B2FB456A522
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 502958bc43cb5e9fcab5c70c471a6af7
ed26252bba7a0fa166d77fe08de656191aa86a10
3fd91c8d342c28da701bcc8717aefb9f278b2ef884fce1f89e9ce5ea0bb7a340
GET /profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=62289965D84B4DA0A5311B2FB456A522 HTTP/1.1
Host: sync.intentiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: CloudFront
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 986
x-cache: Error from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nSEHmopct0UDraFeeYhB_u8jBHLAlcFCL10S9VIWcgBjzWmQfBKpew==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash b87227d6a1f0bae089f3502e52e090ff
a59fb4ba1aefaf39cb350907c853f43fdba42e00
fab5177ef331a3b8c22a4a481f2c72f4ebd8e3c5d94fdd2f946445941e9ff665
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6202
Cache-Control: max-age=107991
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6392b447-1d7"
Expires: Sun, 11 Dec 2022 05:49:53 GMT
Last-Modified: Fri, 09 Dec 2022 04:06:31 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5c47323f3c87a762f10eefa6428fd9a0
cb77a70e53cc19c8c8b1a2862bad8f4e59fca6a4
4445ce383fa1c8372d5251b5ff0233375270a379c3292c2f73589232e86f25b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219693204360004348711
302 Found 0 B URL HTTP/2 aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219693204360004348711
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?clkgypv=pxl&ch=128&cm=219693204360004348711 HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: application/json
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=clickagy&google_sc&google_cm&google_hm=YzozYjQ5NjgzYjY4YmU4NjE1NDNhZWVlMDE3MTNmYTUwYw
server: Aorta/20221205.a0953a8c4
x-aorta-host: 0a6673405db9
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 0970e1bd95efa3c70fc3e7dad34e1060
46c2b89926b987d7de96dff162d27831b70218d6
413b43acb64e204876ae367451cf321afbf328228eeb16c03caea9d21aa1e73c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2560
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Last-Modified: Fri, 09 Dec 2022 23:07:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
200 OK 471 B IP
Hash 4e95309ba23214919c6e155d02aae114
827821b1b720cc658b3d348385f56c22eb397f7c
d48f9d588ae43ba46a64974385a93de32848965b1bea142778ad8f68796aefd8
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2876
Cache-Control: max-age=143561
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "63934c37-1d7"
Expires: Sun, 11 Dec 2022 15:42:43 GMT
Last-Modified: Fri, 09 Dec 2022 14:54:47 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&sscte=1&crd=
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&sscte=1&crd=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:50:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&random=1467982279
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 10-Dec-2022 00:05:02 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/setuid?entity=66&code=2AB7EA0675D5450893B8FDDAAD6C9A61
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/setuid?entity=66&code=2AB7EA0675D5450893B8FDDAAD6C9A61
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /setuid?entity=66&code=2AB7EA0675D5450893B8FDDAAD6C9A61 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D2AB7EA0675D5450893B8FDDAAD6C9A61
AN-X-Request-Uuid: 6f33de09-0860-4634-aeb2-46b506807ce3
Set-Cookie: uuid2=8530190762274630481; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 09-Mar-2023 23:50:02 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.usertrust.com/
200 OK 472 B IP
Hash d0a12446ab05483457d47faa45fbab10
4ffcff120e42a38f1753a2a1878a3939e91de684
61f443eb0099c8cf7f3aa063a3c24ab09877efddd02d8b854311bf582c4215aa
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 10:10:16 GMT
Expires: Wed, 14 Dec 2022 10:10:15 GMT
Etag: "4ffcff120e42a38f1753a2a1878a3939e91de684"
Cache-Control: max-age=603801,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1540
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7771a40b1a660b06-OSL
pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B81A8D4CE5EB4DC7B07ED60ED4A3C31F&expires=365
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B81A8D4CE5EB4DC7B07ED60ED4A3C31F&expires=365
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=6286&nid=2132&put=B81A8D4CE5EB4DC7B07ED60ED4A3C31F&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
Content-Type: image/gif
um.simpli.fi/g_match?id=&google_error=3
204 No Content 0 B URL HTTP/2 um.simpli.fi/g_match?id=&google_error=3
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /g_match?id=&google_error=3 HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 23:50:02 GMT
set-cookie: suid=F0DB0E30E72243FAAD934C229256290C; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=F0DB0E30E72243FAAD934C229256290C; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
expires: Thu, 08 Dec 2022 23:50:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash e6d741bb3ef15889ae1521a4f25876ac
e3ccd2742b61670e0615e5a74849b48af77036f9
f1029870236bb1f034e0ee07858cd2600d17ebe18538ec65d214fe2c352aaf15
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2743
Cache-Control: max-age=90526
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "63927d91-1d7"
Expires: Sun, 11 Dec 2022 00:58:48 GMT
Last-Modified: Fri, 09 Dec 2022 00:13:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
us-u.openx.net/w/1.0/sd?id=537072966&val=524652299ECC44ED802DAC70FC80FBD4
200 OK 43 B URL HTTP/2 us-u.openx.net/w/1.0/sd?id=537072966&val=524652299ECC44ED802DAC70FC80FBD4
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /w/1.0/sd?id=537072966&val=524652299ECC44ED802DAC70FC80FBD4 HTTP/1.1
Host: us-u.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: image/gif
content-length: 43
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d.agkn.com/pixel/10751/?che=1670629802586&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D220113204360004348547
302 Found 0 B URL HTTP/1.1 d.agkn.com/pixel/10751/?che=1670629802586&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D220113204360004348547
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/10751/?che=1670629802586&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D220113204360004348547 HTTP/1.1
Host: d.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate
Date: Fri, 09 Dec 2022 23:50:02 GMT
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://um.simpli.fi/aa_px?sk=220113204360004348547
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: ab=0001%3AdEzm9b0xDHgSGhmLnGPaWR3qtnWuTxk5;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
u=C|0AAArJoYqKyaGKgAAAAAA;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
Content-Length: 0
Connection: keep-alive
fei.pro-market.net/engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;
302 Found 0 B URL HTTP/2 fei.pro-market.net/engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img; HTTP/1.1
Host: fei.pro-market.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver: gapp-eu-5.c.datonics-gcp-01.internal
set-cookie: anProfile="1+1+1f=1+1g=2+1j=57:1+rs=s+rt=5B5A2A9A+s2=(rmne7e)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin: *
location: https://fei.pro-market.net/engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;sr
content-type: image/gif
content-length: 0
date: Fri, 09 Dec 2022 23:50:02 GMT
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:48:03 GMT
expires: Fri, 08 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 93719
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=32f8333e-781c-11ed-a599-10a0cca80106; expires=Fri, 06-Jan-2023 23:50:02 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573&__user_check__=1&sync_id=32f833a8-781c-11ed-a599-10a0cca80106
X-fe: 139
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
status.geotrust.com/
200 OK 471 B IP
Hash 4e95309ba23214919c6e155d02aae114
827821b1b720cc658b3d348385f56c22eb397f7c
d48f9d588ae43ba46a64974385a93de32848965b1bea142778ad8f68796aefd8
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2876
Cache-Control: max-age=143561
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "63934c37-1d7"
Expires: Sun, 11 Dec 2022 15:42:43 GMT
Last-Modified: Fri, 09 Dec 2022 14:54:47 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 105ed58f0fc9af9a1ea51666d128800c
62c933d75b2783e4336c05de72767e23c3655eca
9e5111ccc95b44111108a8bbac540c7a7df060fb8085dcc6a16bca15b228ea46
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Dec 2022 22:09:31 GMT
Expires: Sat, 10 Dec 2022 22:09:31 GMT
ETag: "62c933d75b2783e4336c05de72767e23c3655eca"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash c8ce163a520ab937746bfadcbc09a904
7ad027f7c23fa59f9065ba26896c09f905c12709
704d9d1a90044c21144cb2e7130ddfa5c321863e17f59e9f254264ea4e75097d
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Dec 2022 20:14:01 GMT
Expires: Sat, 10 Dec 2022 20:14:01 GMT
ETag: "7ad027f7c23fa59f9065ba26896c09f905c12709"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.digicert.com/
200 OK 471 B IP
Hash c863b1070f9a9439017e98b7a4863cee
e71d3ffa108b251b3001312b1e84fb8820f83887
90fb2f86bb7b7b0faec7d80853b90cf0472ec52cffa3785e7ea8015ac2f32ace
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1172
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "63934c44-1d7"
Last-Modified: Fri, 09 Dec 2022 23:30:30 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9005b1748b16ceed0ab3c0dbf4068b0c
e925a703725acb4d3671e71bab02292640c60577
5830a3a080f5e5ed21ebb80a87bb067556221038c315d17ed397b60baf05fe98
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=136688
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6393318a-1d7"
Expires: Sun, 11 Dec 2022 13:48:10 GMT
Last-Modified: Fri, 09 Dec 2022 13:00:58 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iX0vOrrXfYlJ7Q4hzg7KzrNfM_mUudb4lXMI1jtLP0RkalvpXPywnw==
Age: 2832
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0B12A4C437D54510A0A5709A43EF8BC2
404 Not Found 49 B URL HTTP/2 bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0B12A4C437D54510A0A5709A43EF8BC2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 56398e76be6355ad5999b262208a17c9
a1fdee122b95748d81cee426d717c05b5174fe96
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
GET /map/c=7625/tp=SIMP/tpid=0B12A4C437D54510A0A5709A43EF8BC2 HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: image/gif
content-length: 49
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.16.8
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D2AB7EA0675D5450893B8FDDAAD6C9A61
200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D2AB7EA0675D5450893B8FDDAAD6C9A61
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsetuid%3Fentity%3D66%26code%3D2AB7EA0675D5450893B8FDDAAD6C9A61 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 3b7e20ce-dc37-4098-86d9-65022e9694e7
Set-Cookie: anj=dTM7k!M4.FE:2jUF']wIg2E>5ky@p@!]tbPl1N!7On*M$=BWbxfp^Jtcx*XeeVQnYcw#STfmq@EeV6+Tgm>Jqg^ZbyoV`LJ/X%W#.wL4W1Qw1LUpZM_; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 09-Mar-2023 23:50:02 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
um.simpli.fi/aa_px?sk=220113204360004348547
302 Found 142 B URL HTTP/2 um.simpli.fi/aa_px?sk=220113204360004348547
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /aa_px?sk=220113204360004348547 HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html
content-length: 142
set-cookie: suid=A89A9A08A15A43B585AE0EC73005D77F; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=A89A9A08A15A43B585AE0EC73005D77F; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
location: /empty.gif
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
forms.soundestlink.com/REST/inShop/v1/getSettings?callback=_omnisend.setSettings&responseType=jsonp&shopHostname=www.usbfund.com&shopType=api&brandID=60034c978a48f7337bc1a105
200 OK 8.1 kB URL HTTP/2 forms.soundestlink.com/REST/inShop/v1/getSettings?callback=_omnisend.setSettings&responseType=jsonp&shopHostname=www.usbfund.com&shopType=api&brandID=60034c978a48f7337bc1a105
IP
File type ASCII text, with no line terminators
Hash a14186d9cc3f381513f054d0ab635a9d
cb49c00051ab567bb8be967489d05cf81f86660d
79ffcf3293a57d96c5ccc46a2775acae3e63dffa951a63305e92d40698ba2af9
GET /REST/inShop/v1/getSettings?callback=_omnisend.setSettings&responseType=jsonp&shopHostname=www.usbfund.com&shopType=api&brandID=60034c978a48f7337bc1a105 HTTP/1.1
Host: forms.soundestlink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/json
cache-control: max-age=0, s-maxage=600, public
last-modified: Fri, 09 Dec 2022 23:50:01 GMT
x-envoy-upstream-service-time: 11
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: EXPIRED
vary: Accept-Encoding
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 7771a4026f6ffac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573&__user_check__=1&sync_id=32f833a8-781c-11ed-a599-10a0cca80106
200 OK 43 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573&__user_check__=1&sync_id=32f833a8-781c-11ed-a599-10a0cca80106
IP
ASN #35220 SpotXchange, INC
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /partner?adv_id=7797&uid=486A02EB659145098E4F7AF238DF7573&__user_check__=1&sync_id=32f833a8-781c-11ed-a599-10a0cca80106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 23:50:02 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: audience=3305360a-781c-11ed-b9e6-1891fad20406; expires=Fri, 06-Jan-2023 23:50:02 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 83
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ce.lijit.com/merge?pid=2&3pid=2B02967A397C431DA8EC64C648CD5B34
204 No Content 0 B URL HTTP/1.1 ce.lijit.com/merge?pid=2&3pid=2B02967A397C431DA8EC64C648CD5B34
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /merge?pid=2&3pid=2B02967A397C431DA8EC64C648CD5B34 HTTP/1.1
Host: ce.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 23:50:02 GMT
X-MERGE: GDPR Optout true
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod: ad_ap6ams1
fei.pro-market.net/engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;sr
200 OK 43 B URL HTTP/2 fei.pro-market.net/engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;sr
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 968c3ad2c1183fee0bf0dd479f7904b7
1d770800ecb05eb9133f9b51620c9e4349656859
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
GET /engine?du=24;csync=4773A184BA0F45A9BCC8ED8BC66C16CF;mimetype=img;sr HTTP/1.1
Host: fei.pro-market.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver: gapp-eu-5.c.datonics-gcp-01.internal
set-cookie: anProfile="0+1+1f=1+1g=2+1j=57:1+rs=s+rt=5B5A2A9A+s2=(rmne7e)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin: *
content-type: image/gif
content-length: 43
date: Fri, 09 Dec 2022 23:50:02 GMT
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
loadm.exelator.com/load/?p=204&g=2191&simid=B0A3366DA85045789F3B963658F11F6E&j=0
204 No Content 0 B URL HTTP/2 loadm.exelator.com/load/?p=204&g=2191&simid=B0A3366DA85045789F3B963658F11F6E&j=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /load/?p=204&g=2191&simid=B0A3366DA85045789F3B963658F11F6E&j=0 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 23:50:02 GMT
cache-control: no-cache
x-powered-by: Undertow/1
access-control-allow-credentials: true
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash afd9d9b97c2bfcfee7fa7a1ca101040e
0925598fce2cf4a0fe54a59cf5e407f39ab7a7ff
25008f577e6dde67dd58c629ec4dd2894465da9b9fa97819b5d9f7be568f804b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4725
Cache-Control: max-age=138216
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "6393301d-1d7"
Expires: Sun, 11 Dec 2022 14:13:38 GMT
Last-Modified: Fri, 09 Dec 2022 12:54:53 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
stags.bluekai.com/site/29931?id=A456AC838B2A43E78C14915088434F54
200 OK 62 B URL HTTP/2 stags.bluekai.com/site/29931?id=A456AC838B2A43E78C14915088434F54
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3f386f5061436a0338a64e0910db495d
599fe4a552c991a2b3ce5a1660732bf7b21fb901
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
GET /site/29931?id=A456AC838B2A43E78C14915088434F54 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 62
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 09 Dec 2022 23:50:02 GMT
set-cookie: bku=blx99vgJAtm4GLTr; Path=/; Domain=.bluekai.com; Expires=Fri, 09 Jun 2023 23:50:02 GMT; Secure; SameSite=None
bkpa=KJy9nyexd02pSUHknp/8mE1hwtkAwDW6BEjOxpQpmW/0xExpHEzTxpW6mEWN1eQTBe16HMD69y9Zdy++; Path=/; Domain=.bluekai.com; Expires=Fri, 09 Jun 2023 23:50:02 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true
200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=58092&time=1670629800998&url=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&756ec569-a062-43d9-89df-a902cf54766c"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Dec-2023 23:50:02 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2395:u=1:x=1:i=1670629802:t=1670716202:v=2:sig=AQGY_MCCAQnT6QGXe3NBWp5KF-ySlE3U"; Expires=Sat, 10 Dec 2022 23:50:02 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXvbc/y4oP80dmoj2C6HQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4D9D31272A9040A3AC55E46D2DE7891F Ref B: OSL30EDGE0408 Ref C: 2022-12-09T23:50:02Z
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2db30366ba3ff76d75aebaa0a40dbfd8
117dcf51828b61e492b4cf5e0a80ebce239576a8
874c39ff7a2e42620ee73cfb166e7286df645249d78af6b706c336a4749d0f1d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151525
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "63936df5-1d7"
Expires: Sun, 11 Dec 2022 17:55:27 GMT
Last-Modified: Fri, 09 Dec 2022 17:18:45 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BaRsh0BUNRPXqEi74AZJMZbo2HumTW9pOXG9WYnSBiGspKYp6pAo9Q==
Age: 2202
um.simpli.fi/empty.gif
200 OK 43 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /empty.gif HTTP/1.1
Host: um.simpli.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: suid=12F4B18280514BE2B56E03AFCFEB520A; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; SameSite=none; Secure;
suid_legacy=12F4B18280514BE2B56E03AFCFEB520A; Path=/; domain=simpli.fi; Expires=Sun, 10-Dec-23 23:50:02 GMT; Secure;
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6c33a1d5d0fc5fe73ec55ac938817ea4
bfc100af7973feb3a7c3501dda66589f08bc6bde
668f1beac80500f1748643c27de6e413b0676a2fa94b0fbb7ef94b1cbab16e50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aorta.clickagy.com/pixel.gif?ch=8&cm=&google_error=3
302 Found 0 B URL HTTP/2 aorta.clickagy.com/pixel.gif?ch=8&cm=&google_error=3
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?ch=8&cm=&google_error=3 HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: application/json
content-length: 0
location: https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
server: Aorta/20221205.a0953a8c4
x-aorta-host: f7d36fd1414c
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&random=1467982279&ipr=y&prhg=0
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&random=1467982279&ipr=y&prhg=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/1026675585/?random=78606336&cv=7&fst=1670629802216&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qsmTY_OxIKyOiM0P-KqgoAY&random=1467982279&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:50:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d30af19c651b7e0105bf752fbf82aa27
51b73313f76b50c0a3265084741f2bbe64986edc
2dd45a648587127b58f1000426d236dce25618847ac639384d207a7585f44f82
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151859
Date: Fri, 09 Dec 2022 23:50:02 GMT
Etag: "63936ca6-1d7"
Expires: Sun, 11 Dec 2022 18:01:01 GMT
Last-Modified: Fri, 09 Dec 2022 17:13:10 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: L3xfWSPFx_K2dRhLD64AhEkRgnzBFM0riOl89EB6-4JK_JGCpv4hEA==
Age: 2872
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6c33a1d5d0fc5fe73ec55ac938817ea4
bfc100af7973feb3a7c3501dda66589f08bc6bde
668f1beac80500f1748643c27de6e413b0676a2fa94b0fbb7ef94b1cbab16e50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sync.bfmio.com/sync?pid=141&uid=F7CE69D7E4DC45B39F85F4638C73F33C
204 0 B URL HTTP/1.1 sync.bfmio.com/sync?pid=141&uid=F7CE69D7E4DC45B39F85F4638C73F33C
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?pid=141&uid=F7CE69D7E4DC45B39F85F4638C73F33C HTTP/1.1
Host: sync.bfmio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
Date: Fri, 09 Dec 2022 23:50:02 GMT
Set-Cookie: __141_cid=F7CE69D7E4DC45B39F85F4638C73F33C; Domain=.bfmio.com; Expires=Sat, 09-Dec-2023 23:50:02 GMT; Path=/
__io_cid=e1837752f8fe6280a3fb58d150cdf4e442afbf11; Domain=.bfmio.com; Expires=Sat, 09-Dec-2023 23:50:02 GMT; Path=/
Connection: keep-alive
511-lvj-854.mktoresp.com/webevents/visitWebPage?_mchNc=1670629801162&_mchCn=&_mchId=511-LVJ-854&_mchTk=_mch-usbfund.com-1670629801161-66296&_mchHo=www.usbfund.com&_mchPo=&_mchRu=%2Ffree-quote%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Dbayengage__-__utm_medium%3Dcampaign-email__-__utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
200 OK 43 B URL HTTP/1.0 511-lvj-854.mktoresp.com/webevents/visitWebPage?_mchNc=1670629801162&_mchCn=&_mchId=511-LVJ-854&_mchTk=_mch-usbfund.com-1670629801161-66296&_mchHo=www.usbfund.com&_mchPo=&_mchRu=%2Ffree-quote%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Dbayengage__-__utm_medium%3Dcampaign-email__-__utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 7e1a751d6f8efada000e3df3aac35514
4c73d56e1221bcee6aca2e954b71b9d6216de36e
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
POST /webevents/visitWebPage?_mchNc=1670629801162&_mchCn=&_mchId=511-LVJ-854&_mchTk=_mch-usbfund.com-1670629801161-66296&_mchHo=www.usbfund.com&_mchPo=&_mchRu=%2Ffree-quote%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Dbayengage__-__utm_medium%3Dcampaign-email__-__utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan HTTP/1.1
Host: 511-lvj-854.mktoresp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.0 200 OK
Server: BigIP
Connection: Keep-Alive
Content-Length: 43
www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
200 OK 6.8 kB URL HTTP/2 www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (604), with CRLF line terminators
Hash 99ed087d9196e62d838f4c0285538837
7658797262c93937e41f848d7137659e5fbad7fa
b541b72d8c0d06e4276a4706f23d0d63cc2613f1ef037d97bd66aedef209f475
GET /companywidget.aspx?ID=100094667&WidgetType=1 HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=hx4rtslizylqpwrcf2z2gkap; path=/; secure; HttpOnly; SameSite=Lax
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 6794
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash b78229295e7238657412ee9df51c1c55
8315b59e10b66bdf00b4b2529bc791d3500bdb1a
e5a88a0454b6c3bb2a359bd4c26c4778ebd1729ad74600afd349bb28601cd1d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3693
Cache-Control: max-age=154854
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:03 GMT
Etag: "63937524-118"
Expires: Sun, 11 Dec 2022 18:50:57 GMT
Last-Modified: Fri, 09 Dec 2022 17:49:24 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 72c092359a429c3270af41f1ded9df62
39ba323594387383ff42f54cd273303301c5660d
e687d1807e6bd18d5b34522115aa5b412d4b2208c673a9bffcb420c8f7c7a938
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E687D1807E6BD18D5B34522115AA5B412D4B2208C673A9BFFCB420C8F7C7A938"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5550
Expires: Sat, 10 Dec 2022 01:22:33 GMT
Date: Fri, 09 Dec 2022 23:50:03 GMT
Connection: keep-alive
track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=5627136&ct=standard-page&rcu=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F&pu=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&t=Free+Quote+-+US+Business+Funding&cts=1670629802160&vi=b53918bdb52a5ff85d5d88c5da4f1a62&nc=true&u=152200550.b53918bdb52a5ff85d5d88c5da4f1a62.1670629802158.1670629802158.1670629802158.1&b=152200550.1.1670629802158&cc=15
200 OK 45 B URL HTTP/2 track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=5627136&ct=standard-page&rcu=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F&pu=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&t=Free+Quote+-+US+Business+Funding&cts=1670629802160&vi=b53918bdb52a5ff85d5d88c5da4f1a62&nc=true&u=152200550.b53918bdb52a5ff85d5d88c5da4f1a62.1670629802158.1670629802158.1670629802158.1&b=152200550.1.1670629802158&cc=15
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash c8817d472077ebfc04593c1fa019d32d
e1e86f41c86c7b9cd2e8b76c6a925a1a3e7e3247
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=5627136&ct=standard-page&rcu=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F&pu=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&t=Free+Quote+-+US+Business+Funding&cts=1670629802160&vi=b53918bdb52a5ff85d5d88c5da4f1a62&nc=true&u=152200550.b53918bdb52a5ff85d5d88c5da4f1a62.1670629802158.1670629802158.1670629802158.1&b=152200550.1.1670629802158&cc=15 HTTP/1.1
Host: track.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:03 GMT
content-type: image/gif
content-length: 45
cf-ray: 7771a40f6c9db509-OSL
cache-control: no-cache, no-store, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-hubspot-correlation-id: 3fad4664-cb86-42d6-ae5b-b863e2e89159
x-robots-tag: none
set-cookie: __cf_bm=7DMgJqBb7mGjK7ikh3ss19Kc1wzNd31xnP1JJ.Nexpw-1670629803-0-AWO0P+rvGsvlj+dBUZc5d8vMVmMBon61xxo4PNsVpaKcZjiGeXqRHV/v2ep5XCEdx6pJOO51dz5GFxVB3gvmkhU=; path=/; expires=Sat, 10-Dec-22 00:20:03 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAiCwJ2BhfQvys6VOKyhroOZWl1NUzKVpZR6ide4kWS17wqas2A7SY9g6wMVzsCDH1HiG1SF4z169n1jnwY1%2FzlKCnEz8q8bwu1ZzgmhwT7ivVuHgaqZufEcT2NN%2B3Kg5ml%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/font-awesome.min.css
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/stylesheets/font-awesome.min.css
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stylesheets/font-awesome.min.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 07 Dec 2022 22:31:00 GMT
If-None-Match: "0aaf5948bad91:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/jquery.selectBox.css
301 Moved Permanently 180 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectBox.css
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 65d99af646ca7622a01fc0d3eb7a6b6d
a6b71820c0572f17c183b5669255346947bc3492
425fea6b4acfc8c48eee414af2be035b5c77a87742cf0bb46b136d07e0c29f6a
GET /stylesheets/jquery.selectBox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/stylesheets/jquery.selectbox.css
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 180
X-Firefox-Spdy: h2
www.checkbca.org/stylesheets/style.css
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/stylesheets/style.css
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stylesheets/style.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 07 Dec 2022 22:31:00 GMT
If-None-Match: "0aaf5948bad91:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
301 Moved Permanently 188 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjax.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6f83537ac9d2567aa0049ad8d28282d8
7e4975fe0edee16d97ab1f59dd7473a95902f30e
c614ae1fc44d88ab3555782295fd0de23f7b1062ef93e0777530a9ff2fdb2fe6
GET /Scripts/WebForms/MsAjax/MicrosoftAjax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 188
X-Firefox-Spdy: h2
www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
301 Moved Permanently 196 B URL HTTP/2 www.checkbca.org/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 95d708e49ef3d81c5832e354dbdafb01
ddb6aa6d1990a59c42331129fef517bb9101fad1
429e36746d58356e8d7fd50c755f2ec8de5fcf67bc3980f782eef9c14e89db18
GET /Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 196
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery-3.3.1.min.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery-3.3.1.min.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery-3.3.1.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.simplemodal.1.4.4.min.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery.simplemodal.1.4.4.min.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery.simplemodal.1.4.4.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.bxslider.min.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery.bxslider.min.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery.bxslider.min.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectBox.js
301 Moved Permanently 175 B URL HTTP/2 www.checkbca.org/scripts/jquery.selectBox.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 46da262b5b1399dfbf30fac73e57a298
c176cf3cfa6da6a0748c497591ff3619467d6434
4089029c368f61bcc5e6be36c952e1c440e0e20475e247b8316c6ce57ea7cc99
GET /scripts/jquery.selectBox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: no-cache
content-type: text/html; charset=UTF-8
location: https://www.checkbca.org/scripts/jquery.selectbox.js
date: Fri, 09 Dec 2022 23:50:02 GMT
content-length: 175
X-Firefox-Spdy: h2
www.checkbca.org/scripts/scripts.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/scripts.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/scripts.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 07 Dec 2022 22:30:57 GMT
If-None-Match: "80e62b938bad91:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash f0ce34908aae2f54cabfcef71d0e6665
02ed7b537989141ac64b836bcab09a6e3eff313f
eff59096bd0af95b7cafd67753c11e264b576e1d92b97d054c478cb333d422b2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 23:50:03 GMT
Last-Modified: Fri, 09 Dec 2022 22:04:38 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DwrTLosUK_GARWzy_mlURqxAMj7TcPtXHFrHT9pjfWOhksMhu0VCIw==
Age: 6325
ocsp.digicert.com/
200 OK 280 B IP
Hash b78229295e7238657412ee9df51c1c55
8315b59e10b66bdf00b4b2529bc791d3500bdb1a
e5a88a0454b6c3bb2a359bd4c26c4778ebd1729ad74600afd349bb28601cd1d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3693
Cache-Control: max-age=154854
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:50:03 GMT
Etag: "63937524-118"
Expires: Sun, 11 Dec 2022 18:50:57 GMT
Last-Modified: Fri, 09 Dec 2022 17:49:24 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=B56AA4E805394EFEB73DB5BCEAA8AEFE
302 Found 216 B URL HTTP/2 aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=B56AA4E805394EFEB73DB5BCEAA8AEFE
IP
Hash dc1f7385aff6877fbe13a7a181f3dad1
d51a660d918402d70f808fe525b15415e38fccba
bfcb0ca49cd8bc36bc82d842da8752269f89d2247b25908c13b989771b9fbb77
GET /adscores/g.pixel?sid=9201915418&sifi_uid=B56AA4E805394EFEB73DB5BCEAA8AEFE HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 09 Dec 2022 23:50:02 GMT
location: https://d.agkn.com/pixel/10751/?che=1670629802586&ip=91.90.42.154&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D220113204360004348547
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3AIujqf0c2Tq0mC7uR2y7UDDd1ZxVlu7W%2F; Path=/; Domain=.agkn.com; Expires=Sat, 09-Dec-2023 23:50:02 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
speedyfox.io/anywhere/5f1d4e2f1d5e403592a56487267b609f40807d7ef69744e7aa045795455c9581?t=&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=
403 Forbidden 18 B URL HTTP/1.1 speedyfox.io/anywhere/5f1d4e2f1d5e403592a56487267b609f40807d7ef69744e7aa045795455c9581?t=&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=
IP
File type ASCII text, with no line terminators
Hash 25f009f228cd844020264ff74a36bb64
8e2ada0df86c2ea12930c55ebdc0575aa5e31d87
a4578829918d4df61d980bf0665df65a68d19ea4de6d0dfdb75fb099b47474bf
GET /anywhere/5f1d4e2f1d5e403592a56487267b609f40807d7ef69744e7aa045795455c9581?t=&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r= HTTP/1.1
Host: speedyfox.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 18
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
X-Timing: lt=0
Date: Fri, 09 Dec 2022 23:50:03 GMT
Connection: close
www.checkbca.org/stylesheets/jquery.selectbox.css
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/stylesheets/jquery.selectbox.css
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stylesheets/jquery.selectbox.css HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Fri, 02 Aug 2019 17:52:06 GMT
If-None-Match: "0a783ff5a49d51:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajax.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/webforms/msajax/microsoftajax.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 07 Dec 2022 22:30:59 GMT
If-None-Match: "80135d948bad91:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/webforms/msajax/microsoftajaxwebforms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 07 Dec 2022 22:31:00 GMT
If-None-Match: "0aaf5948bad91:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/scripts/jquery.selectbox.js
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/scripts/jquery.selectbox.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/jquery.selectbox.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 16 Oct 2018 20:49:20 GMT
If-None-Match: "0c813b69165d41:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:02 GMT
X-Firefox-Spdy: h2
www.checkbca.org/images/widget_member_seal.png
304 Not Modified 0 B URL HTTP/2 www.checkbca.org/images/widget_member_seal.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/widget_member_seal.png HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Sat, 09 May 2020 03:31:08 GMT
If-None-Match: "8a855647b225d61:0"
TE: trailers
HTTP/2 304 Not Modified
cache-control: no-cache
date: Fri, 09 Dec 2022 23:50:03 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash ad17d91b6fdb941934c6958ff4132446
9727d59147d2eb9e52039bcd121186ffe9c61d97
68fc04f057fe1dda621ccc21f356e93c820e58bf4cc55989e7c636081aae6e94
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 23:50:04 GMT
Etag: "63930a26-1d7"
Last-Modified: Fri, 09 Dec 2022 22:27:33 GMT
Server: ECS (dcb/7EEA)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AqPnwwqMzkLzA_En7-bbmWUjbRV1uO2GoVMxNr_cVOyUb7NTOYm3XA==
Age: 4951
web-writer.eu.smartlook.cloud/rec/v3/write?rid=Jzt9FHbYnx26SINIIAVhs&sid=d-7xgf4lXtYhqB2_478aY&vid=ccxBBbUnFGTIv0chKyAYP
204 No Content 0 B URL HTTP/1.1 web-writer.eu.smartlook.cloud/rec/v3/write?rid=Jzt9FHbYnx26SINIIAVhs&sid=d-7xgf4lXtYhqB2_478aY&vid=ccxBBbUnFGTIv0chKyAYP
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rec/v3/write?rid=Jzt9FHbYnx26SINIIAVhs&sid=d-7xgf4lXtYhqB2_478aY&vid=ccxBBbUnFGTIv0chKyAYP HTTP/1.1
Host: web-writer.eu.smartlook.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Content-Type: multipart/form-data; boundary=---------------------------139015309123256196121503653789
Origin: https://www.usbfund.com
Content-Length: 129878
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Request, X-Requested-With, Content-Type, Cookie
Access-Control-Allow-Methods: OPTIONS, POST
Access-Control-Allow-Origin: https://www.usbfund.com
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 23:50:04 GMT
sl-trace-id: h7Ld24YtHpNWP5n7LUHrT
Strict-Transport-Security: max-age=63072000; includeSubDomains
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 23aeb09a1bfae665675961504741dec4
272cc4719953c4dfe8277d11ea3801580d62b9d6
44c4424314ae8009286440111cfd963931f8f382d104420c00cb27b640bab8ff
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=103776
Date: Fri, 09 Dec 2022 23:50:05 GMT
Etag: "6392aec0-1d7"
Expires: Sun, 11 Dec 2022 04:39:41 GMT
Last-Modified: Fri, 09 Dec 2022 03:42:56 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z-5A1z3aDZi5geGHl37TQts-Ea0iYKEYxK8JE0yB7WB73p_kbh1M_Q==
Age: 3405
new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=1443d638-03ea-a956-3991-2514d53dace7&v0=2aede775-0602-27d6-cae2-813cd8fdd7a2&p0=fad13911-e66e-a94e-61bf-f459cc943938&u0=fad13911-e66e-a94e-61bf-f459cc943938&c0=89342177&t0=1670629800982&ur0=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&ti0=Free%20Quote%20-%20US%20Business%20Funding&re0=1280&re0=1024&o0=landscape-primary&us0=bayengage&um0=campaign-email&uca0=how-to-write-a-business-plan-to-get-approved-for-a-loan&e1=pageview_ping&ci1=1443d638-03ea-a956-3991-2514d53dace7&v1=2aede775-0602-27d6-cae2-813cd8fdd7a2&p1=fad13911-e66e-a94e-61bf-f459cc943938&u1=ee7bab4e-2be1-ced7-9124-a3be0ce7f662&c1=89342177&t1=1670629800983&li1=1670629800981&e2=pageview_ping&ci2=1443d638-03ea-a956-3991-2514d53dace7&v2=2aede775-0602-27d6-cae2-813cd8fdd7a2&p2=fad13911-e66e-a94e-61bf-f459cc943938&u2=be51675f-4e39-0013-3409-673db86e7f42&c2=89342177&t2=1670629800983&li2=1670629800981
200 OK 37 B URL HTTP/2 new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=1443d638-03ea-a956-3991-2514d53dace7&v0=2aede775-0602-27d6-cae2-813cd8fdd7a2&p0=fad13911-e66e-a94e-61bf-f459cc943938&u0=fad13911-e66e-a94e-61bf-f459cc943938&c0=89342177&t0=1670629800982&ur0=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&ti0=Free%20Quote%20-%20US%20Business%20Funding&re0=1280&re0=1024&o0=landscape-primary&us0=bayengage&um0=campaign-email&uca0=how-to-write-a-business-plan-to-get-approved-for-a-loan&e1=pageview_ping&ci1=1443d638-03ea-a956-3991-2514d53dace7&v1=2aede775-0602-27d6-cae2-813cd8fdd7a2&p1=fad13911-e66e-a94e-61bf-f459cc943938&u1=ee7bab4e-2be1-ced7-9124-a3be0ce7f662&c1=89342177&t1=1670629800983&li1=1670629800981&e2=pageview_ping&ci2=1443d638-03ea-a956-3991-2514d53dace7&v2=2aede775-0602-27d6-cae2-813cd8fdd7a2&p2=fad13911-e66e-a94e-61bf-f459cc943938&u2=be51675f-4e39-0013-3409-673db86e7f42&c2=89342177&t2=1670629800983&li2=1670629800981
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 637eb2cda011678b8ccd6b5b3c6e3570
300ffa6cb3b70adc05038ef2a4e9936978459ff2
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
GET /e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=1443d638-03ea-a956-3991-2514d53dace7&v0=2aede775-0602-27d6-cae2-813cd8fdd7a2&p0=fad13911-e66e-a94e-61bf-f459cc943938&u0=fad13911-e66e-a94e-61bf-f459cc943938&c0=89342177&t0=1670629800982&ur0=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&ti0=Free%20Quote%20-%20US%20Business%20Funding&re0=1280&re0=1024&o0=landscape-primary&us0=bayengage&um0=campaign-email&uca0=how-to-write-a-business-plan-to-get-approved-for-a-loan&e1=pageview_ping&ci1=1443d638-03ea-a956-3991-2514d53dace7&v1=2aede775-0602-27d6-cae2-813cd8fdd7a2&p1=fad13911-e66e-a94e-61bf-f459cc943938&u1=ee7bab4e-2be1-ced7-9124-a3be0ce7f662&c1=89342177&t1=1670629800983&li1=1670629800981&e2=pageview_ping&ci2=1443d638-03ea-a956-3991-2514d53dace7&v2=2aede775-0602-27d6-cae2-813cd8fdd7a2&p2=fad13911-e66e-a94e-61bf-f459cc943938&u2=be51675f-4e39-0013-3409-673db86e7f42&c2=89342177&t2=1670629800983&li2=1670629800981 HTTP/1.1
Host: new-collect.albacross.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:05 GMT
content-type: image/gif
content-length: 37
X-Firefox-Spdy: h2
new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=1443d638-03ea-a956-3991-2514d53dace7&v0=2aede775-0602-27d6-cae2-813cd8fdd7a2&p0=fad13911-e66e-a94e-61bf-f459cc943938&u0=7b4352f6-92b9-59fc-71af-3c8ce2e48c8e&c0=89342177&t0=1670629805484&li0=1670629800981&e1=pageview_ping&ci1=1443d638-03ea-a956-3991-2514d53dace7&v1=2aede775-0602-27d6-cae2-813cd8fdd7a2&p1=fad13911-e66e-a94e-61bf-f459cc943938&u1=f5d58e0f-0177-f36e-444d-b1712a3878a3&c1=89342177&t1=1670629806902&li1=1670629800981
200 OK 37 B URL HTTP/2 new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=1443d638-03ea-a956-3991-2514d53dace7&v0=2aede775-0602-27d6-cae2-813cd8fdd7a2&p0=fad13911-e66e-a94e-61bf-f459cc943938&u0=7b4352f6-92b9-59fc-71af-3c8ce2e48c8e&c0=89342177&t0=1670629805484&li0=1670629800981&e1=pageview_ping&ci1=1443d638-03ea-a956-3991-2514d53dace7&v1=2aede775-0602-27d6-cae2-813cd8fdd7a2&p1=fad13911-e66e-a94e-61bf-f459cc943938&u1=f5d58e0f-0177-f36e-444d-b1712a3878a3&c1=89342177&t1=1670629806902&li1=1670629800981
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 637eb2cda011678b8ccd6b5b3c6e3570
300ffa6cb3b70adc05038ef2a4e9936978459ff2
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
GET /e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=1443d638-03ea-a956-3991-2514d53dace7&v0=2aede775-0602-27d6-cae2-813cd8fdd7a2&p0=fad13911-e66e-a94e-61bf-f459cc943938&u0=7b4352f6-92b9-59fc-71af-3c8ce2e48c8e&c0=89342177&t0=1670629805484&li0=1670629800981&e1=pageview_ping&ci1=1443d638-03ea-a956-3991-2514d53dace7&v1=2aede775-0602-27d6-cae2-813cd8fdd7a2&p1=fad13911-e66e-a94e-61bf-f459cc943938&u1=f5d58e0f-0177-f36e-444d-b1712a3878a3&c1=89342177&t1=1670629806902&li1=1670629800981 HTTP/1.1
Host: new-collect.albacross.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:08 GMT
content-type: image/gif
content-length: 37
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/js/plugins.js
200 OK 0 B URL HTTP/2 www.usbfund.com/wp-content/themes/usb/js/plugins.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/usb/js/plugins.js HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 00:35:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
www.usbfund.com/wp-content/themes/usb/style.css
200 OK 0 B URL HTTP/2 www.usbfund.com/wp-content/themes/usb/style.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/themes/usb/style.css HTTP/1.1
Host: www.usbfund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/free-quote/?utm_source=bayengage&utm_medium=campaign-email&utm_campaign=how-to-write-a-business-plan-to-get-approved-for-a-loan
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Apr 2022 22:11:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Fri, 09 Dec 2022 23:50:00 GMT
server: Apache
X-Firefox-Spdy: h2
rec.smartlook.com/es6/bundle.4611c7e160dd922b35da.js
200 OK 0 B URL HTTP/2 rec.smartlook.com/es6/bundle.4611c7e160dd922b35da.js
IP
ASN #60068 Datacamp Limited
GET /es6/bundle.4611c7e160dd922b35da.js HTTP/1.1
Host: rec.smartlook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:03 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: cross-origin
etag: W/"6390556d-22b25"
last-modified: Wed, 07 Dec 2022 08:57:17 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-accel-expires: @1701952458
server: CDN77-Turbo
x-77-nzt: AblMCQ0T6AH/YUEDAA
x-77-nzt-ray: c0a4cc28902971e0abc9936337176c28
x-cache: HIT
x-age: 213345
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
simplifi.partners.tremorhub.com/sync?UISF=DE17F3BBD9D24259A06F71393AD12A93
200 OK 0 B URL HTTP/2 simplifi.partners.tremorhub.com/sync?UISF=DE17F3BBD9D24259A06F71393AD12A93
IP
GET /sync?UISF=DE17F3BBD9D24259A06F71393AD12A93 HTTP/1.1
Host: simplifi.partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.usbfund.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:03 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
200 OK 0 B URL HTTP/2 www.checkbca.org/scripts/webforms/msajax/microsoftajaxwebforms.js
IP
GET /scripts/webforms/msajax/microsoftajaxwebforms.js HTTP/1.1
Host: www.checkbca.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.checkbca.org/companywidget.aspx?ID=100094667&WidgetType=1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 07 Dec 2022 22:31:00 GMT
accept-ranges: bytes
etag: "0aaf5948bad91:0"
vary: Accept-Encoding
date: Fri, 09 Dec 2022 23:50:01 GMT
content-length: 9603
X-Firefox-Spdy: h2
diffuser-cdn.app-us1.com/diffuser/diffuser.js
200 OK 0 B URL HTTP/2 diffuser-cdn.app-us1.com/diffuser/diffuser.js
IP
GET /diffuser/diffuser.js HTTP/1.1
Host: diffuser-cdn.app-us1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/javascript
last-modified: Thu, 21 Oct 2021 17:42:06 GMT
etag: W/"4d482a43613d3966f353ec9d97452e0c"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=300
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 059f85e5e664bc876c915622803d9e28.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: LYgb7O-05A19YisedsHdW7Gqa3Bw46pjlPKvIkZSVBpaULKohYEzzQ==
cf-cache-status: HIT
age: 83
server: cloudflare
cf-ray: 7771a401dcd61c16-OSL
X-Firefox-Spdy: h2
tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
200 OK 0 B URL HTTP/2 tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
IP
GET /data.js?rnd=62fe5c0e6ad95 HTTP/1.1
Host: tags.clickagy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:01 GMT
content-type: application/javascript
last-modified: Fri, 07 Oct 2022 12:51:20 GMT
etag: W/"39cbfce65efed785f567d3a64646eed5"
x-amz-version-id: eiH8z613.BRzukjofzW7pfMQ5QqyyUJw
x-cache: Hit from cloudfront
via: 1.1 05c02ade53b3395a9e9f2e8f66c7e4d0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: XHPVpUNERvJMLUgmeaEeAcbVRST9jN6kgtCSY4PtPXUDFt0lf7BiBw==
age: 62506
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
cf-ray: 7771a401faa1b4ed-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
beacon.cdnma.com/apps/capture.php?p=18595&l=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=&uq=02811b94-add3-42b1-a65a-18595f6df255&c=0&o=&ac=05b46f6f-7b39-491c-b3c4-18595f898fb8&t=1670629801107
200 OK 0 B URL HTTP/2 beacon.cdnma.com/apps/capture.php?p=18595&l=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=&uq=02811b94-add3-42b1-a65a-18595f6df255&c=0&o=&ac=05b46f6f-7b39-491c-b3c4-18595f898fb8&t=1670629801107
IP
GET /apps/capture.php?p=18595&l=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&u=https%3A%2F%2Fwww.usbfund.com%2Ffree-quote%2F%3Futm_source%3Dbayengage%26utm_medium%3Dcampaign-email%26utm_campaign%3Dhow-to-write-a-business-plan-to-get-approved-for-a-loan&r=&uq=02811b94-add3-42b1-a65a-18595f6df255&c=0&o=&ac=05b46f6f-7b39-491c-b3c4-18595f898fb8&t=1670629801107 HTTP/1.1
Host: beacon.cdnma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usbfund.com
Connection: keep-alive
Referer: https://www.usbfund.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 23:50:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
pragma: public
cache-control: max-age=1209600
expires: Fri, 23 Dec 2022 23:50:02 GMT
access-control-allow-origin: *
strict-transport-security: max-age=0; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
34.86.85.56
104.17.211.204
35.204.158.49
95.101.11.57
34.254.143.3
37.252.171.52
93.184.220.29
88.221.99.189