Report - batfordapt.buzz/verify.html

Report Overview

Submitted URL
batfordapt.buzz/verify.html
IP
172.67.169.42
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-22 18:35:41
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.36.77.32
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.70.121
assets.adobedtm.com	512	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	863 B	15 kB	23.38.200.237
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	11 kB	192.124.249.36
dcu.demdex.net	167443	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	482 B	3.4 kB	34.248.30.105
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	426 B	475 B	54.77.60.152
batfordapt.buzz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	814 B	49 kB	172.67.169.42
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
mpsnare.iesnare.com	5723	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	20 kB	54.228.71.178
digitalfederalcreditunion.sc.omtrdc.net	158858	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	989 B	13.36.218.177
www.dcu.org	130658	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	905 B	23 kB	104.17.115.72
virtualhost.gq	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.8 kB	4.8 MB	74.208.236.14
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.0 kB	3.248.130.194
us.cobrowse.pega.com	49768	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	27 kB	54.173.103.247
usassets.cobrowse.pega.com	93477	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	532 kB	54.173.103.247
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	54.230.245.100
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.35
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	54 kB	216.58.207.195
digitalfederalcredit.tt.omtrdc.net	202275	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	520 B	108.129.53.90
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	430 B	746 B	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-22	medium	batfordapt.buzz/verify.html	Phishing
2022-11-22	medium	batfordapt.buzz/verify.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	virtualhost.gq/css/css/2.js	54 kB	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/2.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 96644f9c70a9a6622562762a7bae15f5 d740975b5a20ecb45e7ce38196d435e319e2af37 22ed145c8320f63ca03e9c60b6aa68e9506999ebe775207987624dc238dd4fa6 Loading...

	virtualhost.gq/css/css/launch-1574d0b03693.js	221 kB	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/launch-1574d0b03693.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 08057af9cc58f0b0f0332c23a1a0e2f3 e1357a21f024ea2ae6347e72970ca4c21e57b09f 27f4fdf39bb87d0c3255f4785bd1eda6667a5a43b5078c0e8f368fd0abf9ed18 Loading...

	virtualhost.gq/css/css/AppMeasurement.js	34 kB	2023-03-07	2024-04-02
Pretty URL virtualhost.gq/css/css/AppMeasurement.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:40 Last Seen2024-04-02 21:29:15 Times Seen256 Hash 4635bffccc756e9a52eae8011adb9137 8c6d308daac07e23764c6dcf2f0d305931dfddb7 92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84 Loading...

	batfordapt.buzz/verify.html	688 B	2023-03-07	2023-03-17
Pretty URL batfordapt.buzz/verify.html IP 172.67.169.42 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:27 Last Seen2023-03-17 10:29:55 Times Seen1 Hash d62b1ac67093f3675c4105f5361cd1c8 22a59e1dba2dc8633e25a60d2247e7ba7f9c5c90 19090b8df95a112fba0e9aece4ac43b518f7024e72b3dff764d687e35e3b8b07 Loading...

	batfordapt.buzz/verify.html	365 B	2023-03-10	2023-03-11
Pretty URL batfordapt.buzz/verify.html IP 172.67.169.42 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 12:41:46 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 909944f48a468bef3427e5f2db69c7f2 a8d708452842d14103c471e836a3b0aa994db6e6 d7685476a3ff83358750f29c723c4661a5c68a0299dcb05636917c69adb48275 Loading...

	virtualhost.gq/css/css/link-initialize.js	89 kB	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/link-initialize.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash df0bdf8f51774481aeef73c5c15c9100 afc7e976a3b9076b5d9de3ad31dfb6380f72f7d6 65209ef69475b6856a29f6914aa35bc0b2ee975580397006113fc969185acd1f Loading...

	virtualhost.gq/css/css/loadScripts	508 B	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/loadScripts IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 8aa3bf05b890cde1ee2ddb4ba16f88ae a3de797c3bdd842640643827ed8b5bda1a4452f2 f09ef29cfdc24b9bdd781f21f867c89890e2e136bea6bece71ecd195a2bcb120 Loading...

	us.cobrowse.pega.com/cobrowse/loadScripts	508 B	2023-03-07	2023-11-30
Pretty URL us.cobrowse.pega.com/cobrowse/loadScripts IP 54.173.103.247 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:27 Last Seen2023-11-30 01:33:20 Times Seen12 Hash 9cdb6851bb88c14e6033ca658ac8aa88 ee1d43de555319019f8b0713a683a463803a9b41 fa05f2814bdcd558f6b652532c66d74a995b0a05f464bda6e9375fcb3c02cf82 Loading...

	usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.6.1	1.2 MB	2023-03-07	2023-10-13
Pretty URL usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.6.1 IP 54.173.103.247 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:27 Last Seen2023-10-13 04:53:55 Times Seen4 Hash 02f1c3ee76b41a35f41358245aa6154c 92f6f5fab0d66676cf2c7b22a3eb17adba21fe14 882a1478e03664b3e5f2bb5b286689f553197877c4c5dae59c9c2991f5e1bd0a Loading...

	virtualhost.gq/css/css/64.js	18 kB	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/64.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash f364696a6cf4eceacfa6486c5800fcb9 b49858690b5e2881957648ab6fa57a504f01cf8b 7e53398cb69297b2f9ec5fe0156163714dff5841dcfc0efba121554eeb7d1168 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 12:17:41 Times Seen36959031 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	virtualhost.gq/css/css/logo.js	477 B	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/logo.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 976b019a3c5c1d5508c581ba2102fce3 5bed49d312e28a89531531a6e5f683e898bb2462 f715fa02011e87023f090ac0cb5a62947ccb6d0079979b2de395354f4fc501b9 Loading...

	virtualhost.gq/css/css/customer.js	1.2 MB	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/customer.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash a01a6989e59cef1ba0bbc89ce05459f7 c4b893a7d53d9963d09f8819c886ca373f6059ed d55699b5f1b349972378895193b0faad5a8052712a5bd17827e98121ceefc429 Loading...

	mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false	42 kB	2023-03-11	2023-03-11
Pretty URL mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false IP 54.228.71.178 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 1ecafdb81de95bb3218a89bf76958ffe f8d23fac8726de4ab939c30dd0d083d09b6a8fca 140cbc70ec9d5294b0ce6add2516b7ca1ead02c14b6b1bffa37e6d24442a980b Loading...

	mpsnare.iesnare.com/5.4.0/logo.js	477 B	2023-03-11	2023-03-11
Pretty URL mpsnare.iesnare.com/5.4.0/logo.js IP 54.228.71.178 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 187d3ed93ae89ce598f7f7bf73955de9 e63a764f60729ff4035039779a157240ba66698f 8e80be2d20be1d6ef8b927bdd8a5ee5e06c65d36c6901d8f9486e27b05d3e241 Loading...

	virtualhost.gq/css/css/chunk-common.js	190 kB	2023-03-11	2023-03-11
Pretty URL virtualhost.gq/css/css/chunk-common.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:50:56 Last Seen2023-03-11 15:50:56 Times Seen1 Hash 1c0d42aa04a92246054e04cd291be0aa 015bcce104985929d6db366d2391109e3a8d8219 1d5e0cd97de0a83f08deb10a2f5ee0dde3036f8c37ab379b9674b0a40ed82268 Loading...

	virtualhost.gq/css/css/AppMeasurement_Module_ActivityMap.js	3.3 kB	2023-03-07	2024-02-05
Pretty URL virtualhost.gq/css/css/AppMeasurement_Module_ActivityMap.js IP 74.208.236.14 ASN #8560 IONOS SE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:40 Last Seen2024-02-05 19:12:59 Times Seen63 Hash 8b210658d66894c896047ae490138f1c 0cf1d3e81a40978cea4f33d195ec27fc998623c1 0821bd2158b7c2d4165a43a999f30fdc1dc977c6f216ae950298b0237189c0e2 Loading...

	dcu.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fbatfordapt.buzz	6.7 kB	2023-03-07	2024-03-23
Pretty URL dcu.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fbatfordapt.buzz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

HTTP Transactions (91)

URL IP Response Size

batfordapt.buzz/verify.html

172.67.169.42

301 Moved Permanently

0 B

URL HTTP/1.1
batfordapt.buzz/verify.html
IP
172.67.169.42:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify.html HTTP/1.1
Host: batfordapt.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Nov 2022 18:35:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 22 Nov 2022 19:35:29 GMT
Location: https://batfordapt.buzz/verify.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNo4C693egfbsWPlDAe5oP7uRJPSNq62j4wijCE%2BlU5vpnmEjS8mseWcr%2BP6%2FdiGyeA8HUIQix20AZP3iSfM0%2FtwWuUdXV7qYPEmRu9MyanpS4b1WP%2FtXrx0LezZn3kz3kk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e3c3e27e040af6-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12491
Expires: Tue, 22 Nov 2022 22:03:40 GMT
Date: Tue, 22 Nov 2022 18:35:29 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6435
Cache-Control: max-age=150181
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:29 GMT
Etag: "637ca4f3-1d7"
Expires: Thu, 24 Nov 2022 12:18:30 GMT
Last-Modified: Tue, 22 Nov 2022 10:31:15 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12264
Expires: Tue, 22 Nov 2022 21:59:53 GMT
Date: Tue, 22 Nov 2022 18:35:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 18:09:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1570
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 5O0a0z/oZ1T5x5qh2iiWmfOgWHl6RotOf7kQ+kcua3xBbCxDB+hQDKgL2IeLBvOV3yxZYAfiWLI=
x-amz-request-id: Z7SA0CK9780X25GV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 17:42:39 GMT
age: 3170
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 18:35:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f438a4a95fb99a4b15ad5774879b8f39
64d8c5fe8079c41f704f72e36627b0dc80f8c4ec
82cd4e2237d05350d3e711e56655f3094b81e0831322e172f7f12d7601f7d8e4

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "82CD4E2237D05350D3E711E56655F3094B81E0831322E172F7F12D7601F7D8E4"
Last-Modified: Mon, 21 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21524
Expires: Wed, 23 Nov 2022 00:34:13 GMT
Date: Tue, 22 Nov 2022 18:35:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 18:08:53 GMT
cache-control: public,max-age=3600
age: 1596
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f438a4a95fb99a4b15ad5774879b8f39
64d8c5fe8079c41f704f72e36627b0dc80f8c4ec
82cd4e2237d05350d3e711e56655f3094b81e0831322e172f7f12d7601f7d8e4

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "82CD4E2237D05350D3E711E56655F3094B81E0831322E172F7F12D7601F7D8E4"
Last-Modified: Mon, 21 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21524
Expires: Wed, 23 Nov 2022 00:34:13 GMT
Date: Tue, 22 Nov 2022 18:35:29 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3055
Cache-Control: max-age=141740
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:30 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 09:57:50 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.148.70.121

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.70.121:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CtacWHZ+sscaIicPlO1j0g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6dsXJiHdyGyCqV002EnyOJBr0rM=

virtualhost.gq/css/css/link-initialize.js

74.208.236.14

200 OK

89 kB

URL HTTP/2
virtualhost.gq/css/css/link-initialize.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
Unicode text, UTF-8 text, with very long lines (43488), with NEL line terminators
Size
89 kB (88626 bytes)
Hash
df0bdf8f51774481aeef73c5c15c9100
afc7e976a3b9076b5d9de3ad31dfb6380f72f7d6
65209ef69475b6856a29f6914aa35bc0b2ee975580397006113fc969185acd1f

HTTP Headers

GET /css/css/link-initialize.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 88626
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "15a32-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/64.css

74.208.236.14

200 OK

1.6 kB

URL HTTP/2
virtualhost.gq/css/css/64.css
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (1509)
Size
1.6 kB (1594 bytes)
Hash
5a9f00b1432cb63a95aa32791fab2223
6ff6c7b4abdff771fa83848524453599876a3d4a
b073725f2776f6f73ff3f03ec5e685f0847a6dbbd630c66144f67d01eeb8e4be

HTTP Headers

GET /css/css/64.css HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 1594
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "63a-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/app.css

74.208.236.14

200 OK

477 B

URL HTTP/2
virtualhost.gq/css/css/app.css
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (392)
Size
477 B (477 bytes)
Hash
226670b47451a148f7ab75cc6fd42139
869a6fbc3e97ace418a3bc6fe66423eaf1f209ff
157ec10a0054c789fc67299eed557baacf137ac80438eec2156edce77587077a

HTTP Headers

GET /css/css/app.css HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 477
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "1dd-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/chunk-common.css

74.208.236.14

200 OK

9.2 kB

URL HTTP/2
virtualhost.gq/css/css/chunk-common.css
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (9112)
Size
9.2 kB (9197 bytes)
Hash
ac102b006b2d35d2096fa1c62d7c3248
4a13b5cfde0339575005366b45b3fe3e60ff526f
318f90cb49fa7a96684fb88cc9836311576b17774c663c5caa8580fc090f41f3

HTTP Headers

GET /css/css/chunk-common.css HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 9197
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "23ed-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/64.js

74.208.236.14

200 OK

18 kB

URL HTTP/2
virtualhost.gq/css/css/64.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (17443)
Size
18 kB (17523 bytes)
Hash
f364696a6cf4eceacfa6486c5800fcb9
b49858690b5e2881957648ab6fa57a504f01cf8b
7e53398cb69297b2f9ec5fe0156163714dff5841dcfc0efba121554eeb7d1168

HTTP Headers

GET /css/css/64.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 17523
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "4473-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/2.css

74.208.236.14

200 OK

833 B

URL HTTP/2
virtualhost.gq/css/css/2.css
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (748)
Size
833 B (833 bytes)
Hash
f9c1013d261d2ef075acfce6a151005e
39700b7ca239cf5c69b18ddcca4d510ad89b1e1e
067a5d58e362740c6eefe23905b83b214f98b4dda6a11ef9e27dbf435b75fbb9

HTTP Headers

GET /css/css/2.css HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 833
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "341-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

virtualhost.gq/css/css/chunk-common.js

74.208.236.14

200 OK

190 kB

URL HTTP/2
virtualhost.gq/css/css/chunk-common.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (65456)
Size
190 kB (190184 bytes)
Hash
1c0d42aa04a92246054e04cd291be0aa
015bcce104985929d6db366d2391109e3a8d8219
1d5e0cd97de0a83f08deb10a2f5ee0dde3036f8c37ab379b9674b0a40ed82268

HTTP Headers

GET /css/css/chunk-common.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 190184
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "2e6e8-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/launch-1574d0b03693.js

74.208.236.14

200 OK

221 kB

URL HTTP/2
virtualhost.gq/css/css/launch-1574d0b03693.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (32755)
Size
221 kB (220661 bytes)
Hash
08057af9cc58f0b0f0332c23a1a0e2f3
e1357a21f024ea2ae6347e72970ca4c21e57b09f
27f4fdf39bb87d0c3255f4785bd1eda6667a5a43b5078c0e8f368fd0abf9ed18

HTTP Headers

GET /css/css/launch-1574d0b03693.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 220661
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "35df5-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/loadScripts

74.208.236.14

200 OK

508 B

URL HTTP/2
virtualhost.gq/css/css/loadScripts
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text
Size
508 B (508 bytes)
Hash
8aa3bf05b890cde1ee2ddb4ba16f88ae
a3de797c3bdd842640643827ed8b5bda1a4452f2
f09ef29cfdc24b9bdd781f21f867c89890e2e136bea6bece71ecd195a2bcb120

HTTP Headers

GET /css/css/loadScripts HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 508
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "1fc-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/AppMeasurement_Module_ActivityMap.js

74.208.236.14

200 OK

3.3 kB

URL HTTP/2
virtualhost.gq/css/css/AppMeasurement_Module_ActivityMap.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (3157)
Size
3.3 kB (3303 bytes)
Hash
8b210658d66894c896047ae490138f1c
0cf1d3e81a40978cea4f33d195ec27fc998623c1
0821bd2158b7c2d4165a43a999f30fdc1dc977c6f216ae950298b0237189c0e2

HTTP Headers

GET /css/css/AppMeasurement_Module_ActivityMap.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3303
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "ce7-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/AppMeasurement.js

74.208.236.14

200 OK

34 kB

URL HTTP/2
virtualhost.gq/css/css/AppMeasurement.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (32759)
Size
34 kB (33481 bytes)
Hash
4635bffccc756e9a52eae8011adb9137
8c6d308daac07e23764c6dcf2f0d305931dfddb7
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84

HTTP Headers

GET /css/css/AppMeasurement.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 33481
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "82c9-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/logo.js

74.208.236.14

200 OK

477 B

URL HTTP/2
virtualhost.gq/css/css/logo.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (377)
Size
477 B (477 bytes)
Hash
976b019a3c5c1d5508c581ba2102fce3
5bed49d312e28a89531531a6e5f683e898bb2462
f715fa02011e87023f090ac0cb5a62947ccb6d0079979b2de395354f4fc501b9

HTTP Headers

GET /css/css/logo.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 477
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "1dd-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/default.css

74.208.236.14

200 OK

15 kB

URL HTTP/2
virtualhost.gq/css/css/default.css
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
Unicode text, UTF-8 text, with very long lines (14626)
Size
15 kB (14656 bytes)
Hash
d2af66527a7e75ae005e697bea87c4c9
043b571f5a151e56e3c1fdf61d2c718201e989a7
10e46ebcf9fe46baec7cb20be370427d03f5055b8e74fff302b9cdced0a9193e

HTTP Headers

GET /css/css/default.css HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 14656
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "3940-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/customer.js

74.208.236.14

200 OK

1.2 MB

URL HTTP/2
virtualhost.gq/css/css/customer.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
1.2 MB (1217897 bytes)
Hash
a01a6989e59cef1ba0bbc89ce05459f7
c4b893a7d53d9963d09f8819c886ca373f6059ed
d55699b5f1b349972378895193b0faad5a8052712a5bd17827e98121ceefc429

HTTP Headers

GET /css/css/customer.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 1217897
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "129569-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/vendor.js

74.208.236.14

200 OK

3.0 MB

URL HTTP/2
virtualhost.gq/css/css/vendor.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
Unicode text, UTF-8 text, with very long lines (35609)
Size
3.0 MB (2953924 bytes)
Hash
751191f122d79cdd570db6be443d644a
3ab25cb5a9e53a8e3b87278c308f9bac6555c2f1
fb839c1c2ae65576b27adfa94954a154912d84f9948018d980c870f6a20eace0

HTTP Headers

GET /css/css/vendor.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 2953924
date: Tue, 22 Nov 2022 18:35:30 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "2d12c4-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/app.js

74.208.236.14

300 Multiple Choices

545 B

URL HTTP/2
virtualhost.gq/css/css/app.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
545 B (545 bytes)
Hash
adf1e99961a65bb5599686fd457cbc83
014ed618e399a40389dabaa91086af78ff4358d1
bcf63f2e17a7216308068d85e656617d711c3df87cd61beaa2462799ce90be62

HTTP Headers

GET /css/css/app.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 300 Multiple Choices
content-type: text/html; charset=iso-8859-1
content-length: 545
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
X-Firefox-Spdy: h2

virtualhost.gq/css/css/config.js

74.208.236.14

200 OK

232 B

URL HTTP/2
virtualhost.gq/css/css/config.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text
Size
232 B (232 bytes)
Hash
29590ec73f4bfce61e29a5468c458814
94a57b258cd809da256a945034927d3f1293e6ad
87a894989a7ae45b371f755d7d48825403e168acaf99d9a5c28744674ca73632

HTTP Headers

GET /css/css/config.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 232
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "e8-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/dcuLogoDark.png

74.208.236.14

200 OK

7.7 kB

URL HTTP/2
virtualhost.gq/css/css/dcuLogoDark.png
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
PNG image data, 217 x 78, 8-bit/color RGBA, non-interlaced\012- data
Size
7.7 kB (7743 bytes)
Hash
ae64e87365d6e6696145c8c53ce3632e
09337bd0289c432bffab6f653297fe2534ad0c68
d1093fceb5f8b35c09e5d3329c8dc55509d7f46096efeea840f6e433212ba45e

HTTP Headers

GET /css/css/dcuLogoDark.png HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 7743
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "1e3f-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/loader_only.js

74.208.236.14

200 OK

3.7 kB

URL HTTP/2
virtualhost.gq/css/css/loader_only.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
ASCII text, with very long lines (3581)
Size
3.7 kB (3661 bytes)
Hash
e8e0c8a702a1ff12788960e004b5d5ed
5b4394cbf655f4cac02de6c4fada70851a58067d
dc8cfe959eee90ba1799f5636ec796672c7cda79a510334bca6e3965be2f2c96

HTTP Headers

GET /css/css/loader_only.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 3661
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "e4d-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

virtualhost.gq/css/css/static_wdp.htm

74.208.236.14

300 Multiple Choices

565 B

URL HTTP/2
virtualhost.gq/css/css/static_wdp.htm
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
565 B (565 bytes)
Hash
cbd60c590e65c2e9b52c8542d377b899
4b07e85e007df5191dd4b1895eb6a02eec62bf62
aa8576434e3217ce1c7a78c77ed0cd3459fb9678df10afdc60e24f44be336072

HTTP Headers

GET /css/css/static_wdp.htm HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 300 Multiple Choices
content-type: text/html; charset=iso-8859-1
content-length: 565
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
X-Firefox-Spdy: h2

batfordapt.buzz/verify.html

104.21.95.18

200 OK

48 kB

URL HTTP/2
batfordapt.buzz/verify.html
IP
104.21.95.18:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3570), with CRLF line terminators
Size
48 kB (48118 bytes)
Hash
2944ca818470a00303eef4facced3f40
2941a62c6bfe20e8292c1bdfebe1bdca64a41a4c
5d6501cd44399c06a1355ddbbeb915a13628c566676e6149fe87b816d7e55fc1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify.html HTTP/1.1
Host: batfordapt.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:29 GMT
content-type: text/html
last-modified: Tue, 22 Nov 2022 15:06:24 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6M8R1tjGxiDb0Uuhv0qlG%2BsyPPMxx1WntR37jo%2F0GIuaZVA%2Fb4ImkDO3Org2HIUXVEQnFqQT8i5eJXWYdgK1ZVTo2FycI2F9NU6OmtNsPjb8KYNc0KS0n%2BuwqipwSH5UIW0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e3c3e5bb93b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11428
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 18:35:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11428
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 18:35:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11428
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 18:35:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11428
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 18:35:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11428
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 18:35:31 GMT
Connection: keep-alive

virtualhost.gq/css/css/2.js

74.208.236.14

200 OK

54 kB

URL HTTP/2
virtualhost.gq/css/css/2.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
Unicode text, UTF-8 text, with very long lines (54134)
Size
54 kB (54217 bytes)
Hash
96644f9c70a9a6622562762a7bae15f5
d740975b5a20ecb45e7ce38196d435e319e2af37
22ed145c8320f63ca03e9c60b6aa68e9506999ebe775207987624dc238dd4fa6

HTTP Headers

GET /css/css/2.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 54217
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:30 GMT
etag: "d3c9-5dc929c597e80"
accept-ranges: bytes
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4639 bytes)
Hash
dafd9e17dc0023e71ae513c6025e4b80
12e2654db1f384bb04f5c5042848b25dda86b710
e9c885a102dc811648cec4ac292db63564e81a48d7a3611cb31fba73b37286dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4639
x-amzn-requestid: 8a93fa29-158b-4402-aac4-85ad29a74ae1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oELooAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-5a85509b26d9aeef7ae59b4c;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z_LKFsiB_s81UenxBOVg9_qX_7vBHUZix7XF8YguDCytRn5opLkLRA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:01:10 GMT
age: 74061
etag: "12e2654db1f384bb04f5c5042848b25dda86b710"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7589 bytes)
Hash
06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZtjzvMh_vqVaOqm8xPfZ2EWGGl0X7Iv8GK40Z32EbKM4wk6tGPnlYA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:26:05 GMT
age: 72566
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5342 bytes)
Hash
a9e0f5c07511d0f6ad0f2441db92797d
2dcc6187d7173ce741975ad4ec24435c9dcb0880
3c57bf58bab9d54dd152eb0260a203b1cb201a9e2d960f25a0cea685b539ea04

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5342
x-amzn-requestid: e396cea4-ddae-4b88-a73a-ceafb1e11620
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0b91EMLoAMFYYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63780d25-7f1187713f288a0c158508ea;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 22:54:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: j7GPHu9Gq8cF2_j3-uXucAzJPSBWsFelX1EWZa_2sEW-Vo7b4WlaFg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:55:58 GMT
age: 74373
etag: "2dcc6187d7173ce741975ad4ec24435c9dcb0880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6031 bytes)
Hash
4f3fad7453f45dfa617243c8beac64e1
56414a905340e1b1478a0a40a52b25365a724524
7befcfbedac5652eb04bc675b67f7b642631d4e918f7aaee17b0b594e26854d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6031
x-amzn-requestid: f59b04c5-4955-4847-9a7f-d9d53b47ca52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3cV0GC-oAMF5hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637940f1-0425b3cf6a4650b60936feba;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 20:47:45 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: StZ9dxgY8W0WwUUqsxyeISFnbm_WGGcm_AMuo9dzfhF9Yp7wM0TMMg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 08:17:57 GMT
age: 37054
etag: "56414a905340e1b1478a0a40a52b25365a724524"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8685 bytes)
Hash
2ed6b76d15fc8d6295acdb6fb47461d3
b8c928f93a8d82b48491448d811a95ad99dc6aef
de326836a9de677438b9ae724198e94348b0900c62817ff10de3677ce93fdae0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8685
x-amzn-requestid: 66455cc7-83d7-4570-99f9-5fa838da947f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrAHwKoAMFUHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee46-354d65e9609bc05647556a5a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -9tZPsMl7i5hr0N1rwJdQBLiOImuEO12RDL0pcPNjf6t-LkRbPaN2A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:02:46 GMT
etag: "b8c928f93a8d82b48491448d811a95ad99dc6aef"
content-type: image/jpeg
age: 73965
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10556 bytes)
Hash
0ab62c5a7c3296600de924eb0b283bc1
bc4a2dc43898e3fb78ba7301d8b09b280991d221
f2a4c0829a4fb9a585113ed358832d16470ec391035a302a8f3c4666172f02bd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10556
x-amzn-requestid: d2426c6d-5e78-496c-8649-0496a872b380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-Iq0GPVoAMF9bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee45-1ee6dc09394731cc4dbfc38a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eHLf2DFK-3yN5dEG22XItPxRzmODRdThIYJI2oZqDJpgTGQGSQnGzQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:46:07 GMT
age: 74964
etag: "bc4a2dc43898e3fb78ba7301d8b09b280991d221"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

virtualhost.gq/css/css/static_wdp.htm

74.208.236.14

300 Multiple Choices

565 B

URL HTTP/2
virtualhost.gq/css/css/static_wdp.htm
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
565 B (565 bytes)
Hash
cbd60c590e65c2e9b52c8542d377b899
4b07e85e007df5191dd4b1895eb6a02eec62bf62
aa8576434e3217ce1c7a78c77ed0cd3459fb9678df10afdc60e24f44be336072

HTTP Headers

GET /css/css/static_wdp.htm HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 300 Multiple Choices
content-type: text/html; charset=iso-8859-1
content-length: 565
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
250c38ab40f8f7dfc87403e5af7cc294
928a6a87b523fa9b1fecd43ebdfcb8c5e0e704f5
8b5d5b32f274563352e5109f4434c99e77ca3ff2e7ca30830976024b67ca09b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6251
Cache-Control: max-age=162192
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:31 GMT
Etag: "637cd498-1d7"
Expires: Thu, 24 Nov 2022 15:38:43 GMT
Last-Modified: Tue, 22 Nov 2022 13:54:32 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mpsnare.iesnare.com/star

54.228.71.178

101 Switching Protocols

0 B

URL HTTP/1.1
mpsnare.iesnare.com/star
IP
54.228.71.178:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /star HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://batfordapt.buzz
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IWZIihOFI8ulxrnrz8ncBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 22 Nov 2022 18:35:31 GMT
Connection: upgrade
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Accept: owD+7EtqV+WGi6IsYWGcltSfjgA=
Upgrade: WebSocket

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2

216.58.207.195

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17116, version 1.0\012- data
Size
17 kB (17116 bytes)
Hash
bcf3a3fb620dfbee774f84e2c8e71530
40a79d240acdd7e5a95e165515ac7c0958a37971
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5

HTTP Headers

GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17116
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 21:55:35 GMT
expires: Tue, 21 Nov 2023 21:55:35 GMT
cache-control: public, max-age=31536000
age: 74396
last-modified: Mon, 09 May 2022 18:31:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2

216.58.207.195

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Size
17 kB (16980 bytes)
Hash
8a97f720d330e75ccdbda9ae0e9f5e90
8e4fee916581ab48d385187705667cebc7500afe
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787

HTTP Headers

GET /s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 08:32:12 GMT
expires: Thu, 16 Nov 2023 08:32:12 GMT
cache-control: public, max-age=31536000
age: 554599
last-modified: Mon, 09 May 2022 18:33:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2

216.58.207.195

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Size
17 kB (17156 bytes)
Hash
7e344afc10a492d516789f072fa6edfd
f38bd0b4e9d0577528f533b8ecd80801a0c6340f
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3

HTTP Headers

GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 21:48:51 GMT
expires: Thu, 16 Nov 2023 21:48:51 GMT
cache-control: public, max-age=31536000
age: 506800
last-modified: Mon, 09 May 2022 18:33:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement_Module_ActivityMap.min.js

23.38.200.237

200 OK

1.6 kB

URL HTTP/2
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement_Module_ActivityMap.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3157)
Size
1.6 kB (1593 bytes)
Hash
9b757c8ddda8add3d5d64f334666ea2d
97bf9df06f87f16500c80f45f536dc0269a883f5
f8f4b02295fdbc463dad91d02f03af1b8bd9f5e6c15732845ecb210cab062485

HTTP Headers

GET /extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "8b210658d66894c896047ae490138f1c:1629320642.068491"
last-modified: Wed, 18 Aug 2021 21:04:02 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1593
expires: Tue, 22 Nov 2022 19:35:31 GMT
date: Tue, 22 Nov 2022 18:35:31 GMT
cache-control: no-cache
access-control-allow-origin: https://batfordapt.buzz
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL HTTP/2
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32759)
Size
12 kB (12188 bytes)
Hash
dbf589df4bd831d6548e8954e7556730
2bc550a57481a772c1a419541f1f79741e6cbf37
6abe28734929b843eb071472b578fc8d485465502bb3e4d94f11c589d747eb95

HTTP Headers

GET /extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "4635bffccc756e9a52eae8011adb9137:1629320641.842128"
last-modified: Wed, 18 Aug 2021 21:04:01 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12188
expires: Tue, 22 Nov 2022 19:35:31 GMT
date: Tue, 22 Nov 2022 18:35:31 GMT
cache-control: no-cache
access-control-allow-origin: https://batfordapt.buzz
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
36c40931f200b053661f419c9548c26b
f87e73222e34a158745517f3c60e70754007b710
c73d5254d4cc5b686a91cacf534f7487d8c34025eea21084947a3a11b4efd130

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6000
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:31 GMT
Last-Modified: Tue, 22 Nov 2022 16:55:31 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

virtualhost.gq/css/css/time.mp3

74.208.236.14

206 Partial Content

504 B

URL HTTP/2
virtualhost.gq/css/css/time.mp3
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
MPEG ADTS, layer III, v2.5, 32 kbps, 8 kHz, JntStereo\012- data
Size
504 B (504 bytes)
Hash
e22a3bd8ecec0201b7c87edc17b1355a
5fe017120f66a7b141acb93f23012ad656d92350
cf377a1e870462c4feba4e902b741f44e9bfa9e1f5b3a6acc3f51b95db71ce71

HTTP Headers

GET /css/css/time.mp3 HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
content-type: audio/mpeg
content-length: 504
date: Tue, 22 Nov 2022 18:35:31 GMT
server: Apache
last-modified: Thu, 14 Apr 2022 00:45:28 GMT
etag: "1f8-5dc929c3afa00"
accept-ranges: bytes
content-range: bytes 0-503/504
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1669142131579

3.248.130.194

200 OK

837 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1669142131579
IP
3.248.130.194:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (2304), with no line terminators
Size
837 B (837 bytes)
Hash
6dda3ed094d1e020cdd7d747522fa64d
df87782c5dd947d5ac348382198a1d72e7908549
e118df021f3fb4371cd3d56753ae78fa51a7aee22d8b25ac93c9dcf0825b623d

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1669142131579 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://batfordapt.buzz
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-04fb65ba6.edge-irl1.demdex.com 9 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=30947846826831555293653395601749674921; Max-Age=15552000; Expires=Sun, 21 May 2023 18:35:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: b9NllW8qT/g=
Content-Length: 837
Connection: keep-alive

ocsp.godaddy.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
f385a7b9a73c554640c3420d44f37662
91304ff5b88b1be8ab4c2008d02fe6647b9299bf
892d97f50ba360eea3c7d50bad7aaf0775b51730958a6040357b0d4e216ced40

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 22 Nov 2022 18:35:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 22 Nov 2022 18:21:27 GMT
Expires: Wed, 23 Nov 2022 18:21:27 GMT
ETag: "91304ff5b88b1be8ab4c2008d02fe6647b9299bf"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

virtualhost.gq/css/css/app.js

74.208.236.14

300 Multiple Choices

545 B

URL HTTP/2
virtualhost.gq/css/css/app.js
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
545 B (545 bytes)
Hash
adf1e99961a65bb5599686fd457cbc83
014ed618e399a40389dabaa91086af78ff4358d1
bcf63f2e17a7216308068d85e656617d711c3df87cd61beaa2462799ce90be62

HTTP Headers

GET /css/css/app.js HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 300 Multiple Choices
content-type: text/html; charset=iso-8859-1
content-length: 545
date: Tue, 22 Nov 2022 18:35:32 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
cfc9a864888db85a02ae9b0dd2adecb6
5219fd5ba6d17e51edd96cc4193ee1480b704d0f
981514aa2d26180a69b6411fcc09b95ab4efc77f357d0b356abf0c1bafe6a1e7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4416
Cache-Control: max-age=107816
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:32 GMT
Etag: "637c075c-13a"
Expires: Thu, 24 Nov 2022 00:32:28 GMT
Last-Modified: Mon, 21 Nov 2022 23:18:52 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
59560478b41f0e353bae42ab6eefa229
aaf4dc0d9f4b03cf5fa6a17990fd394f95ea7202
8a0e9cec0a61368e9c7d4715cfa24480c7a0b826eb6f4f8a617411c1ad652eb4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3442
Cache-Control: max-age=86334
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 18:35:32 GMT
Etag: "637bb740-1d7"
Expires: Wed, 23 Nov 2022 18:34:26 GMT
Last-Modified: Mon, 21 Nov 2022 17:37:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

digitalfederalcreditunion.sc.omtrdc.net/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&mid=30308188544231329533624891943837218041&ts=1669142131869

13.36.218.177

200 OK

2 B

URL HTTP/2
digitalfederalcreditunion.sc.omtrdc.net/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&mid=30308188544231329533624891943837218041&ts=1669142131869
IP
13.36.218.177:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&mid=30308188544231329533624891943837218041&ts=1669142131869 HTTP/1.1
Host: digitalfederalcreditunion.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://batfordapt.buzz
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 18:35:32 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dcu.demdex.net/dest5.html?d_nsid=0

34.248.30.105

200 OK

2.8 kB

URL HTTP/1.1
dcu.demdex.net/dest5.html?d_nsid=0
IP
34.248.30.105:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: dcu.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 22 Nov 2022 18:35:32 GMT
DCS: dcs-prod-irl1-2-v045-083f91df3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 9t7mONd9SV8=
Content-Length: 2791
Connection: keep-alive

digitalfederalcredit.tt.omtrdc.net/m2/digitalfederalcredit/mbox/json?mbox=target-global-mbox&mboxSession=072276ec28c94bbf8f03b0ba94fd30b1&mboxPC=&mboxPage=48710361c8f04693b1000ecc1c4cc1af&mboxRid=60c28774b22d4d169f57ce6d214ff4e3&mboxVersion=1.8.2&mboxCount=1&mboxTime=1669142131599&mboxHost=batfordapt.buzz&mboxURL=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&mboxReferrer=&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageurl=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&mboxMCSDID=005A4A532A712400-70435E58EC65F3BA&vst.trk=digitalfederalcreditunion.sc.omtrdc.net&vst.trks=digitalfederalcreditunion.sc.omtrdc.net&mboxMCGVID=30308188544231329533624891943837218041&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6

108.129.53.90

200 OK

96 B

URL HTTP/2
digitalfederalcredit.tt.omtrdc.net/m2/digitalfederalcredit/mbox/json?mbox=target-global-mbox&mboxSession=072276ec28c94bbf8f03b0ba94fd30b1&mboxPC=&mboxPage=48710361c8f04693b1000ecc1c4cc1af&mboxRid=60c28774b22d4d169f57ce6d214ff4e3&mboxVersion=1.8.2&mboxCount=1&mboxTime=1669142131599&mboxHost=batfordapt.buzz&mboxURL=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&mboxReferrer=&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageurl=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&mboxMCSDID=005A4A532A712400-70435E58EC65F3BA&vst.trk=digitalfederalcreditunion.sc.omtrdc.net&vst.trks=digitalfederalcreditunion.sc.omtrdc.net&mboxMCGVID=30308188544231329533624891943837218041&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
IP
108.129.53.90:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
96 B (96 bytes)
Hash
9bae6365035060773045a3a9b6d06c7f
21e23f6557b2899f38c914f6d33f6eddbc465b2b
e942d5c6655309900e5136882d0e9534c3fe731c6ca3d2d745b4e2fed1110bdf

HTTP Headers

GET /m2/digitalfederalcredit/mbox/json?mbox=target-global-mbox&mboxSession=072276ec28c94bbf8f03b0ba94fd30b1&mboxPC=&mboxPage=48710361c8f04693b1000ecc1c4cc1af&mboxRid=60c28774b22d4d169f57ce6d214ff4e3&mboxVersion=1.8.2&mboxCount=1&mboxTime=1669142131599&mboxHost=batfordapt.buzz&mboxURL=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&mboxReferrer=&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageurl=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&mboxMCSDID=005A4A532A712400-70435E58EC65F3BA&vst.trk=digitalfederalcreditunion.sc.omtrdc.net&vst.trks=digitalfederalcreditunion.sc.omtrdc.net&mboxMCGVID=30308188544231329533624891943837218041&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1
Host: digitalfederalcredit.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:32 GMT
content-type: application/json;charset=UTF-8
content-length: 96
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://batfordapt.buzz
access-control-allow-credentials: true
x-request-id: 60c28774b22d4d169f57ce6d214ff4e3
pragma: no-cache
cache-control: no-cache
timing-allow-origin: *
X-Firefox-Spdy: h2

us.cobrowse.pega.com/cobrowse/loadScripts

54.173.103.247

200 OK

508 B

URL HTTP/2
us.cobrowse.pega.com/cobrowse/loadScripts
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type
ASCII text
Size
508 B (508 bytes)
Hash
9cdb6851bb88c14e6033ca658ac8aa88
ee1d43de555319019f8b0713a683a463803a9b41
fa05f2814bdcd558f6b652532c66d74a995b0a05f464bda6e9375fcb3c02cf82

HTTP Headers

GET /cobrowse/loadScripts HTTP/1.1
Host: us.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 508
set-cookie: AWSALB=DsGPWoRrhiBbtL/yEM0XYApjzgnTotFJPhsd56MOqBIMJ6lK9GagJzRsAzAYd19gSvRoPYjAFae12LNuhScliC/saILi2tX+UyuU87lfPRS6OYRLPkrZhaUhV5xR; Expires=Tue, 29 Nov 2022 18:35:32 GMT; Path=/
AWSALBCORS=DsGPWoRrhiBbtL/yEM0XYApjzgnTotFJPhsd56MOqBIMJ6lK9GagJzRsAzAYd19gSvRoPYjAFae12LNuhScliC/saILi2tX+UyuU87lfPRS6OYRLPkrZhaUhV5xR; Expires=Tue, 29 Nov 2022 18:35:32 GMT; Path=/; SameSite=None; Secure
connect.sid=s%3A0XOAgx-Vs2KpDu8rdRnD08gldti0dpGK.GaLtAlCfiZqrYBe7UeNGWWfJNfHVAtnwKcBJHr1GN8E; Path=/; Expires=Thu, 24 Nov 2022 18:35:32 GMT; Secure; SameSite=None
server: nginx
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-CSRF-Token, X-Requested-With, accept, x-j-token, content-type
etag: W/"1fc-7h1D3lVTGQGfiwcTpoOkY4A6m0E"
X-Firefox-Spdy: h2

usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.6.1

54.173.103.247

200 OK

261 kB

URL HTTP/2
usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.6.1
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (65536), with no line terminators
Size
261 kB (261370 bytes)
Hash
eb9524e46cc30efd2673a51baa3a655e
f9860cf1e6dc646899418909a7bf2156df4556a4
c1898417dc51a18a977daaea237101556511c77a676d51982c6c035cbf15f1c1

HTTP Headers

GET /assets/scripts/final/customer.js?v=8.6.1 HTTP/1.1
Host: usassets.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:32 GMT
content-type: application/javascript
content-length: 261370
set-cookie: AWSALB=nzdgpTFH8dXNXDsDKxYaoAZCklL3kU8UXwpqFUYZir2fIpFe/+XykUm+YBQIkPbDgWwNBZ5Ni5ENFOVIbkdJxe75kIfUaO+qZrNcEHKCWvo62/RZ8Q/UT5cEwob8; Expires=Tue, 29 Nov 2022 18:35:32 GMT; Path=/
AWSALBCORS=nzdgpTFH8dXNXDsDKxYaoAZCklL3kU8UXwpqFUYZir2fIpFe/+XykUm+YBQIkPbDgWwNBZ5Ni5ENFOVIbkdJxe75kIfUaO+qZrNcEHKCWvo62/RZ8Q/UT5cEwob8; Expires=Tue, 29 Nov 2022 18:35:32 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Mon, 18 Jul 2022 06:30:25 GMT
etag: "62d4fe01-3fcfa"
access-control-allow-origin: *
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2

usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.7.1

54.173.103.247

200 OK

261 kB

URL HTTP/2
usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.7.1
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (65536), with no line terminators
Size
261 kB (261370 bytes)
Hash
eb9524e46cc30efd2673a51baa3a655e
f9860cf1e6dc646899418909a7bf2156df4556a4
c1898417dc51a18a977daaea237101556511c77a676d51982c6c035cbf15f1c1

HTTP Headers

GET /assets/scripts/final/customer.js?v=8.7.1 HTTP/1.1
Host: usassets.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Cookie: AWSALBCORS=nzdgpTFH8dXNXDsDKxYaoAZCklL3kU8UXwpqFUYZir2fIpFe/+XykUm+YBQIkPbDgWwNBZ5Ni5ENFOVIbkdJxe75kIfUaO+qZrNcEHKCWvo62/RZ8Q/UT5cEwob8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:32 GMT
content-type: application/javascript
content-length: 261370
set-cookie: AWSALB=s5TH3duid8FWMTnMdfVbJlUP0Ql+l81mSu4BiCr3PifiuUiLNtmKRcMVUVPPqMN1IIY9eInzeLly7klSTN0+QCzWYxc02qht/UFKFID2YirZRddz6l0LjwyLu/KW; Expires=Tue, 29 Nov 2022 18:35:32 GMT; Path=/
AWSALBCORS=s5TH3duid8FWMTnMdfVbJlUP0Ql+l81mSu4BiCr3PifiuUiLNtmKRcMVUVPPqMN1IIY9eInzeLly7klSTN0+QCzWYxc02qht/UFKFID2YirZRddz6l0LjwyLu/KW; Expires=Tue, 29 Nov 2022 18:35:32 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Mon, 18 Jul 2022 06:30:25 GMT
etag: "62d4fe01-3fcfa"
access-control-allow-origin: *
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2

digitalfederalcreditunion.sc.omtrdc.net/b/ss/dfcudigbankingprod,dfcumainglobal/1/JS-2.22.1-LBWB/s02839836551656?AQB=1&ndh=1&pf=1&t=22%2F10%2F2022%2018%3A35%3A32%202%200&sdid=005A4A532A712400-70435E58EC65F3BA&vid=30308188544231329533624891943837218041&mid=30308188544231329533624891943837218041&aamlh=6&ce=UTF-8&pageName=projectfinance%3Aen%3Averify.html&g=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&cc=USD&ch=verify.html&server=batfordapt.buzz&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=verify.html&c9=D%3Dv9&v9=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&v10=D%3Dc10&v11=projectfinance%3Aen%3Averify.html&v12=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D22%20%7C%20day%3DTuesday%20%7C%20time%3D6%3A35%20PM&v13=New&c14=30&v14=D%3Dc14&c15=New%20Visitor&c16=1&c17=first%20hit%20of%20visit&v20=Project%20Finance&v41=30308188544231329533624891943837218041&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&AQE=1

13.36.218.177

200 OK

43 B

URL HTTP/2
digitalfederalcreditunion.sc.omtrdc.net/b/ss/dfcudigbankingprod,dfcumainglobal/1/JS-2.22.1-LBWB/s02839836551656?AQB=1&ndh=1&pf=1&t=22%2F10%2F2022%2018%3A35%3A32%202%200&sdid=005A4A532A712400-70435E58EC65F3BA&vid=30308188544231329533624891943837218041&mid=30308188544231329533624891943837218041&aamlh=6&ce=UTF-8&pageName=projectfinance%3Aen%3Averify.html&g=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&cc=USD&ch=verify.html&server=batfordapt.buzz&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=verify.html&c9=D%3Dv9&v9=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&v10=D%3Dc10&v11=projectfinance%3Aen%3Averify.html&v12=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D22%20%7C%20day%3DTuesday%20%7C%20time%3D6%3A35%20PM&v13=New&c14=30&v14=D%3Dc14&c15=New%20Visitor&c16=1&c17=first%20hit%20of%20visit&v20=Project%20Finance&v41=30308188544231329533624891943837218041&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&AQE=1
IP
13.36.218.177:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 2 x 2\012- data
Size
43 B (43 bytes)
Hash
ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

HTTP Headers

GET /b/ss/dfcudigbankingprod,dfcumainglobal/1/JS-2.22.1-LBWB/s02839836551656?AQB=1&ndh=1&pf=1&t=22%2F10%2F2022%2018%3A35%3A32%202%200&sdid=005A4A532A712400-70435E58EC65F3BA&vid=30308188544231329533624891943837218041&mid=30308188544231329533624891943837218041&aamlh=6&ce=UTF-8&pageName=projectfinance%3Aen%3Averify.html&g=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&cc=USD&ch=verify.html&server=batfordapt.buzz&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=verify.html&c9=D%3Dv9&v9=https%3A%2F%2Fbatfordapt.buzz%2Fverify.html&v10=D%3Dc10&v11=projectfinance%3Aen%3Averify.html&v12=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D22%20%7C%20day%3DTuesday%20%7C%20time%3D6%3A35%20PM&v13=New&c14=30&v14=D%3Dc14&c15=New%20Visitor&c16=1&c17=first%20hit%20of%20visit&v20=Project%20Finance&v41=30308188544231329533624891943837218041&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&AQE=1 HTTP/1.1
Host: digitalfederalcreditunion.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
date: Tue, 22 Nov 2022 18:35:32 GMT
expires: Mon, 21 Nov 2022 18:35:32 GMT
last-modified: Wed, 23 Nov 2022 18:35:32 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3584455435858444288-4619704705476526870
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false

54.228.71.178

200 OK

19 kB

URL HTTP/1.1
mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
IP
54.228.71.178:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1056)
Size
19 kB (18555 bytes)
Hash
d73b65f0ae50212b6b8c03d4489932cd
01671d26955a502a52dfb947204b46a2bc3afc35
211e3bd517fb8d7b2d155d0d64f6a1a4795eccb3fcb7f96bc98e952b8905afed

HTTP Headers

GET /general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Nov 2022 18:35:32 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=XVjY5sUZCXzq4lbWF4GCnXPati0e+uOZVQsq7tZqsgo=;Path=/;Expires=Wed, 22-Nov-2023 18:35:32 GMT;Max-Age=31536000;Secure;HttpOnly;SameSite=None
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip

ocsp.godaddy.com/

192.124.249.36

200 OK

1.7 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.7 kB (1731 bytes)
Hash
f4ccbcbe2dfc8a33f7ccb801ed66843e
238268933ba6633d6518b35f02f7259b80f4d8c2
dc2f599eda5c16b4862b5694f6fc87851f633d72e3d65d1ce53edb419f6badcb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 68
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 22 Nov 2022 18:35:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1731
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 22 Nov 2022 17:41:12 GMT
Expires: Wed, 23 Nov 2022 17:41:12 GMT
ETag: "238268933ba6633d6518b35f02f7259b80f4d8c2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

mpsnare.iesnare.com/5.4.0/logo.js

54.228.71.178

200 OK

405 B

URL HTTP/1.1
mpsnare.iesnare.com/5.4.0/logo.js
IP
54.228.71.178:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (377)
Size
405 B (405 bytes)
Hash
15d63a0fe65792b16d6aaa5e19a3b3f4
f725586bff794868d56c3f3cd8275eccd154b6ea
ca17ecf0dc26431619ff5ead142087debb4d14ceb830eb6294ce1ff15aa04a4f

HTTP Headers

GET /5.4.0/logo.js HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Nov 2022 18:35:32 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Wed, 22 Nov 2023 18:35:32 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip

virtualhost.gq/css/css/dest5.htm

74.208.236.14

404 Not Found

897 B

URL HTTP/2
virtualhost.gq/css/css/dest5.htm
IP
74.208.236.14:0
ASN
#8560 IONOS SE

File type
data
Size
897 B (897 bytes)
Hash
dced2349a1ce33c2d3471ecd9b7de6b3
2ed20f75b30eab936502a3a4a7d32948eabea22b
00acd8c2f0ae358db6b54aa6670207c798d1870b5d1d8bfb1c6a5a517cba9d11

HTTP Headers

GET /css/css/dest5.htm HTTP/1.1
Host: virtualhost.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
date: Tue, 22 Nov 2022 18:35:32 GMT
server: Apache
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.36

200 OK

1.7 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.7 kB (1731 bytes)
Hash
f4ccbcbe2dfc8a33f7ccb801ed66843e
238268933ba6633d6518b35f02f7259b80f4d8c2
dc2f599eda5c16b4862b5694f6fc87851f633d72e3d65d1ce53edb419f6badcb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 68
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 22 Nov 2022 18:35:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1731
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 22 Nov 2022 17:41:12 GMT
Expires: Wed, 23 Nov 2022 17:41:12 GMT
ETag: "238268933ba6633d6518b35f02f7259b80f4d8c2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
4382eefba736dd30d231d1fde46bf345
e7ef92d3b52cce36bed872b889f604bdbf289adc
ce3ec1fcb1252c8ef32783b4aab740cb555e44964de5e18001b0a43e5d18f456

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 22 Nov 2022 18:35:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 21 Nov 2022 22:15:19 GMT
Expires: Tue, 22 Nov 2022 22:15:19 GMT
ETag: "e7ef92d3b52cce36bed872b889f604bdbf289adc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
40c88d70b5c149a5035df4029d0c771a
aa7f844e7e0663ab5f4d1c2f48e6f55ac8d358c0
d8437bad8650159abf4fbe194b2002cb3fdf2b07d6c0a9d5f3709b6271b27d65

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=157299
Date: Tue, 22 Nov 2022 18:35:32 GMT
Etag: "637cd61d-1d7"
Expires: Thu, 24 Nov 2022 14:17:11 GMT
Last-Modified: Tue, 22 Nov 2022 14:01:01 GMT
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Xt8p9vtGhAnbkPZz4-RTPduU-u_rvhwUwvBYVRjkEwVAROINVRKwqg==
Age: 970

ocsp.godaddy.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
4382eefba736dd30d231d1fde46bf345
e7ef92d3b52cce36bed872b889f604bdbf289adc
ce3ec1fcb1252c8ef32783b4aab740cb555e44964de5e18001b0a43e5d18f456

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 22 Nov 2022 18:35:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 21 Nov 2022 22:15:19 GMT
Expires: Tue, 22 Nov 2022 22:15:19 GMT
ETag: "e7ef92d3b52cce36bed872b889f604bdbf289adc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.dcu.org/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/favicon-16x16.png

104.17.115.72

200 OK

1.1 kB

URL HTTP/2
www.dcu.org/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/favicon-16x16.png
IP
104.17.115.72:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1133 bytes)
Hash
414d99abbdc026b925083131bead7772
29a161f355738459f3564a587d4e3b8a2c9c0da2
6d2f4d1923705abbcf68264b60d21b32037923c2b5ceaf934150cd92f50d497f

HTTP Headers

GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/favicon-16x16.png HTTP/1.1
Host: www.dcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:32 GMT
content-type: image/png
content-length: 1133
x-dispatcher: dispatcher2useast1
x-vhost: publish
cache-control: public, max-age=31536000
x-content-type-options: nosniff
last-modified: Wed, 07 Aug 2019 15:45:59 GMT
etag: "46d-58f88d667bbc0"
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src *.quantummetric.com 'unsafe-inline' 'unsafe-eval' 'self' blob:; worker-src blob:; child-src blob:; object-src 'self'; media-src 'self' blob: usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com https://www.dcu.org https://manifest.prod.boltdns.net/ https://dcu-dev-65.adobecqms.net/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://bcbolt446c5271-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://usuat.cobrowse.pega.com/ https://usuatassets.cobrowse.pega.com https://player.vimeo.com/ https://memchat.dcu-online.org/ https://geolocation.onetrust.com https://www.google.com https://cdn.cookielaw.org https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.quantummetric.com http://dfcumanagedservicesstageenvironment.112.2o7.net https://analytics.twitter.com/ *.ads-twitter.com https://us.cobrowse.pega.com https://usassets.cobrowse.pega.com *.steelhousemedia.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://www.calcxml.com/ *.cloudflare.com https://googleads.g.doubleclick.net https://chat.usefirefly.com https://usefirefly.com  https://connect.facebook.net www.google-analytics.com assets.adobedtm.com *.timevaluecalculators.com *.bazaarvoice.com *.iesnare.com https://ajax.googleapis.com/ *.googleapis.com *.dcuinsurance.com tagmanager.google.com www.googletagmanager.com https://www.google-analytics.com https://firefly-chat-production.s3.amazonaws.com  http://www.googleadservices.com https://connect.facebook.net http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage-65.adobecqms.net/ https://stage.dcu.org/ *.dcu.org https://dculocator.wave2.io/ https://snap.licdn.com https://bat.bing.com https://up.pixel.ad https://ssl.google-analytics.com/ https://www.dcu.org/ https://static.ads-twitter.com/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://bcbolt446c5271-a.akamaihd.net/ https://widget.use1.chat.pega.digital/; connect-src 'self' *.ads-twitter.com *.quantummetric.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com wss://usefirefly.com https://usefirefly.com * *.cloudflare.com https://www.calcxml.com/ *.dcu.org *.omtrdc.net *.demdex.net *.bazaarvoice.com wss://chat.usefirefly.com https://www.google-analytics.com  https://www.dcuinsurance.com http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net https://www.dcu.org/ https://static.ads-twitter.com/; img-src 'self' *.com *.yahoo.com http://t.co/ dsum.casalemedia.com su.addthis.com s.thebrighttag.com image2.pubmatic.com ads.scorecardresearch.com t.mookie1.com x.bidswitch.net usermatch.krxd.net match.sharethrough.com cm.g.doubleclick.net ads.yahoo.com pixel.advertising.com insight.adsrvr.org www.facebook.com usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com *.bazaarvoice.com https://www.dcu.org https://www.google.co.in https://www.google.com *.timevaluecalculators.com *.everesttech.net *.demdex.net *.omtrdc.net *.googleapis.com *.gstatic.com *.112.2o7.net https://stats.g.doubleclick.net https://www.calcxml.com/ www.google-analytics.com *.doubleclick.net/ https://bcbolt446c5271-a.akamaihd.net/ https://players.brightcove.net/ https://www.dcu.org/ data:; style-src 'self' 'unsafe-inline' *.cloudflare.com https://usuatassets.cobrowse.pega.com https://usassets.cobrowse.pega.com https://usefirefly.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://www.calcxml.com/ https://tagmanager.google.com usassets.chat.pega.com *.timevaluecalculators.com https://fonts.googleapis.com/ *.googleapis.com *.bazaarvoice.com https://match.adsrvr.org https://match.prod.bidr.io https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage-65.adobecqms.net/ https://stage.dcu.org/ *.dcu.org https://dculocator.wave2.io/ https://www.dcu.org/; font-src 'self' https://fonts.gstatic.com/ fonts.gstatic.com https://www.dcu.org/ data:; frame-src 'self' https://player.vimeo.com/ *.quantummetric.com https://dcu.secure.nonprofitsoapbox.com https://americasaves.org/ https://app.loanspq.com/ https://dcu.mortgagewebcenter.com/ https://apps.rps.ascensus.com/ https://forms.fivision.com/ *.doubleclick.net *.culookup.com *.dcu.org *.demdex.net https://dcu.demdex.net *.locatorsearch.com *.bazaarvoice.com  https://www.fmsi-lts.com/DIG_WS https://fmsi-lts.com/ *.adobecqms.net http://cookies.onetrust.mgr.consensu.org/ stage.dcu.org https://stage.dcu.org/ https://dcu-stage-65.adobecqms.net/ http://dcu-stage-65.adobecqms.net/ https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage.adobecqms.net/ *.dcu.org https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.youtube.com https://dculocator.wave2.io/ https://www.dcu.org/ https://pixel.sitescout.com/ https://memchat.dcu-online.org/
content-disposition: inline
x-cache: Miss from cloudfront
via: 1.1 d661c8f821b4dd0011bb1bb50baf07c2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: J0nZ-UclYBj1fFPPpTo8YLxsVa4D4VTCMIuooTM_1ZLQTlHJt2Mf9g==
cf-cache-status: HIT
age: 76952
expires: Wed, 22 Nov 2023 18:35:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e3c3fabc1efab8-OSL
X-Firefox-Spdy: h2

www.dcu.org/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/android-icon-192x192.png

104.17.115.72

200 OK

9.4 kB

URL HTTP/2
www.dcu.org/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/android-icon-192x192.png
IP
104.17.115.72:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.4 kB (9441 bytes)
Hash
7216a21919985c76db508e4a4970b336
cebc61315ef6c571077cc8320a022fad579da63a
d10834ba712b4029f758befeb40c55920c3873a0de72e287b712184f3a8c8afb

HTTP Headers

GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/android-icon-192x192.png HTTP/1.1
Host: www.dcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:32 GMT
content-type: image/png
content-length: 9441
x-dispatcher: dispatcher2useast1
x-vhost: publish
cache-control: public, max-age=31536000
x-content-type-options: nosniff
last-modified: Wed, 07 Aug 2019 15:45:59 GMT
etag: "24e1-58f88d667bbc0"
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src *.quantummetric.com 'unsafe-inline' 'unsafe-eval' 'self' blob:; worker-src blob:; child-src blob:; object-src 'self'; media-src 'self' blob: usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com https://www.dcu.org https://manifest.prod.boltdns.net/ https://dcu-dev-65.adobecqms.net/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://bcbolt446c5271-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://usuat.cobrowse.pega.com/ https://usuatassets.cobrowse.pega.com https://player.vimeo.com/ https://memchat.dcu-online.org/ https://geolocation.onetrust.com https://www.google.com https://cdn.cookielaw.org https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.quantummetric.com http://dfcumanagedservicesstageenvironment.112.2o7.net https://analytics.twitter.com/ *.ads-twitter.com https://us.cobrowse.pega.com https://usassets.cobrowse.pega.com *.steelhousemedia.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://www.calcxml.com/ *.cloudflare.com https://googleads.g.doubleclick.net https://chat.usefirefly.com https://usefirefly.com  https://connect.facebook.net www.google-analytics.com assets.adobedtm.com *.timevaluecalculators.com *.bazaarvoice.com *.iesnare.com https://ajax.googleapis.com/ *.googleapis.com *.dcuinsurance.com tagmanager.google.com www.googletagmanager.com https://www.google-analytics.com https://firefly-chat-production.s3.amazonaws.com  http://www.googleadservices.com https://connect.facebook.net http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage-65.adobecqms.net/ https://stage.dcu.org/ *.dcu.org https://dculocator.wave2.io/ https://snap.licdn.com https://bat.bing.com https://up.pixel.ad https://ssl.google-analytics.com/ https://www.dcu.org/ https://static.ads-twitter.com/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://bcbolt446c5271-a.akamaihd.net/ https://widget.use1.chat.pega.digital/; connect-src 'self' *.ads-twitter.com *.quantummetric.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com wss://usefirefly.com https://usefirefly.com * *.cloudflare.com https://www.calcxml.com/ *.dcu.org *.omtrdc.net *.demdex.net *.bazaarvoice.com wss://chat.usefirefly.com https://www.google-analytics.com  https://www.dcuinsurance.com http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net https://www.dcu.org/ https://static.ads-twitter.com/; img-src 'self' *.com *.yahoo.com http://t.co/ dsum.casalemedia.com su.addthis.com s.thebrighttag.com image2.pubmatic.com ads.scorecardresearch.com t.mookie1.com x.bidswitch.net usermatch.krxd.net match.sharethrough.com cm.g.doubleclick.net ads.yahoo.com pixel.advertising.com insight.adsrvr.org www.facebook.com usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com *.bazaarvoice.com https://www.dcu.org https://www.google.co.in https://www.google.com *.timevaluecalculators.com *.everesttech.net *.demdex.net *.omtrdc.net *.googleapis.com *.gstatic.com *.112.2o7.net https://stats.g.doubleclick.net https://www.calcxml.com/ www.google-analytics.com *.doubleclick.net/ https://bcbolt446c5271-a.akamaihd.net/ https://players.brightcove.net/ https://www.dcu.org/ data:; style-src 'self' 'unsafe-inline' *.cloudflare.com https://usuatassets.cobrowse.pega.com https://usassets.cobrowse.pega.com https://usefirefly.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://www.calcxml.com/ https://tagmanager.google.com usassets.chat.pega.com *.timevaluecalculators.com https://fonts.googleapis.com/ *.googleapis.com *.bazaarvoice.com https://match.adsrvr.org https://match.prod.bidr.io https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage-65.adobecqms.net/ https://stage.dcu.org/ *.dcu.org https://dculocator.wave2.io/ https://www.dcu.org/; font-src 'self' https://fonts.gstatic.com/ fonts.gstatic.com https://www.dcu.org/ data:; frame-src 'self' https://player.vimeo.com/ *.quantummetric.com https://dcu.secure.nonprofitsoapbox.com https://americasaves.org/ https://app.loanspq.com/ https://dcu.mortgagewebcenter.com/ https://apps.rps.ascensus.com/ https://forms.fivision.com/ *.doubleclick.net *.culookup.com *.dcu.org *.demdex.net https://dcu.demdex.net *.locatorsearch.com *.bazaarvoice.com  https://www.fmsi-lts.com/DIG_WS https://fmsi-lts.com/ *.adobecqms.net http://cookies.onetrust.mgr.consensu.org/ stage.dcu.org https://stage.dcu.org/ https://dcu-stage-65.adobecqms.net/ http://dcu-stage-65.adobecqms.net/ https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage.adobecqms.net/ *.dcu.org https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.youtube.com https://dculocator.wave2.io/ https://www.dcu.org/ https://pixel.sitescout.com/ https://memchat.dcu-online.org/
content-disposition: inline
x-cache: Miss from cloudfront
via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 5SoaAZ_4gHcXZPc6ByJPpCw2NOp67QHaPucKQvAcTGVfdfbLcyAi2g==
cf-cache-status: HIT
age: 76952
expires: Wed, 22 Nov 2023 18:35:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e3c3facc35fab8-OSL
X-Firefox-Spdy: h2

cm.everesttech.net/cm/dd?d_uuid=30947846826831555293653395601749674921

54.77.60.152

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=30947846826831555293653395601749674921
IP
54.77.60.152:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=30947846826831555293653395601749674921 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Tue, 22 Nov 2022 18:35:32 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y30WdAAAAGUTEgN-; Domain=.everesttech.net; Expires=Wed, 22-Nov-2023 18:35:32 GMT; Path=/
everest_session_v2=Y30WdAAAAGUTEwN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y30WdAAAAGUTEgN-
Server: AMO-cookiemap/1.1

dpm.demdex.net/ibs:dpid=411&dpuuid=Y30WdAAAAGUTEgN-

3.248.130.194

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y30WdAAAAGUTEgN-
IP
3.248.130.194:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y30WdAAAAGUTEgN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://batfordapt.buzz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-085e2ce89.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y30WdAAAAGUTEgN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=00004399956200850191578001948568929219; Max-Age=15552000; Expires=Sun, 21 May 2023 18:35:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: NlNJGDLsTcM=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y30WdAAAAGUTEgN-

3.248.130.194

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y30WdAAAAGUTEgN-
IP
3.248.130.194:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y30WdAAAAGUTEgN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://batfordapt.buzz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0480615af.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: qWtOsDMnTCw=
Content-Length: 59
Connection: keep-alive

usassets.cobrowse.pega.com/assets/stylesheets/customer/final/default.css?v=8.6.1

54.173.103.247

200 OK

3.5 kB

URL HTTP/2
usassets.cobrowse.pega.com/assets/stylesheets/customer/final/default.css?v=8.6.1
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 text, with very long lines (14626)
Size
3.5 kB (3489 bytes)
Hash
c9e0ee1acc72fd18e3953cf614f7e879
bacc2349aab9dfac47cd153702e98e1fa48466f4
e13c4a8b7d5d884e11579582e7e99198c7fdfbd2587a37f52add1783e49e5d8e

HTTP Headers

GET /assets/stylesheets/customer/final/default.css?v=8.6.1 HTTP/1.1
Host: usassets.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Cookie: AWSALBCORS=s5TH3duid8FWMTnMdfVbJlUP0Ql+l81mSu4BiCr3PifiuUiLNtmKRcMVUVPPqMN1IIY9eInzeLly7klSTN0+QCzWYxc02qht/UFKFID2YirZRddz6l0LjwyLu/KW
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:34 GMT
content-type: text/css
content-length: 3489
set-cookie: AWSALB=IqchIib2QpknQoG9xuMjxRUOtPG55DmSHR1EDnZLzeaNXcrX2HX2VBztRnd7oolzEWzm2GeKev7kD2EhRK1TEqK4fuUR78hyD9itcIdqzpdRi7wLVunJ2ZwwaTVK; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/
AWSALBCORS=IqchIib2QpknQoG9xuMjxRUOtPG55DmSHR1EDnZLzeaNXcrX2HX2VBztRnd7oolzEWzm2GeKev7kD2EhRK1TEqK4fuUR78hyD9itcIdqzpdRi7wLVunJ2ZwwaTVK; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Wed, 13 Jul 2022 12:04:58 GMT
etag: "62ceb4ea-da1"
access-control-allow-origin: *
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2

usassets.cobrowse.pega.com/assets/stylesheets/customer/final/default.css?v=8.7.1

54.173.103.247

200 OK

3.5 kB

URL HTTP/2
usassets.cobrowse.pega.com/assets/stylesheets/customer/final/default.css?v=8.7.1
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 text, with very long lines (14626)
Size
3.5 kB (3489 bytes)
Hash
c9e0ee1acc72fd18e3953cf614f7e879
bacc2349aab9dfac47cd153702e98e1fa48466f4
e13c4a8b7d5d884e11579582e7e99198c7fdfbd2587a37f52add1783e49e5d8e

HTTP Headers

GET /assets/stylesheets/customer/final/default.css?v=8.7.1 HTTP/1.1
Host: usassets.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://batfordapt.buzz/
Cookie: AWSALBCORS=IqchIib2QpknQoG9xuMjxRUOtPG55DmSHR1EDnZLzeaNXcrX2HX2VBztRnd7oolzEWzm2GeKev7kD2EhRK1TEqK4fuUR78hyD9itcIdqzpdRi7wLVunJ2ZwwaTVK
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:34 GMT
content-type: text/css
content-length: 3489
set-cookie: AWSALB=xyDj6EnqtCFglXZ7sSq7dihFK72/yqYGZldxNETmaaAqRkrVmSf6Qnf1SQd34JOif3+gsajug0JSkI6GonydS31yngQQh5qQLx1AkprTbMSlDmu/EPrQ4lLwUASw; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/
AWSALBCORS=xyDj6EnqtCFglXZ7sSq7dihFK72/yqYGZldxNETmaaAqRkrVmSf6Qnf1SQd34JOif3+gsajug0JSkI6GonydS31yngQQh5qQLx1AkprTbMSlDmu/EPrQ4lLwUASw; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Wed, 13 Jul 2022 12:04:58 GMT
etag: "62ceb4ea-da1"
access-control-allow-origin: *
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2

us.cobrowse.pega.com/api/config?messagesType=customer&language=en-US&company=7e93b5d5-334d-4b59-b925-4db0d6b5d066

54.173.103.247

200 OK

24 kB

URL HTTP/2
us.cobrowse.pega.com/api/config?messagesType=customer&language=en-US&company=7e93b5d5-334d-4b59-b925-4db0d6b5d066
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type
data
Size
24 kB (23712 bytes)
Hash
03361138f1f5f837e31eeb35dde9c323
d180d75bc4f451d858ddc83437262a5f2ffa74b7
fdf721343683542c428e35fed6d6e7b2fe29dfd819844ac55282ad4a3c198ff7

HTTP Headers

GET /api/config?messagesType=customer&language=en-US&company=7e93b5d5-334d-4b59-b925-4db0d6b5d066 HTTP/1.1
Host: us.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://batfordapt.buzz/
Cookie: AWSALBCORS=DsGPWoRrhiBbtL/yEM0XYApjzgnTotFJPhsd56MOqBIMJ6lK9GagJzRsAzAYd19gSvRoPYjAFae12LNuhScliC/saILi2tX+UyuU87lfPRS6OYRLPkrZhaUhV5xR; connect.sid=s%3A0XOAgx-Vs2KpDu8rdRnD08gldti0dpGK.GaLtAlCfiZqrYBe7UeNGWWfJNfHVAtnwKcBJHr1GN8E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:34 GMT
content-type: application/json; charset=utf-8
content-length: 23494
set-cookie: AWSALB=2w7l+6KWTvQnXuN2q+k6B7FqvxBax3RZK4CXwwjZt8ywtM4mHGAdz6/CEWkxOAIcdH6GdwcW65Y1svqktI6zDpGwOOvi4N1OIXBsmjMc8dugGUM6tVJDVL+zgzGW; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/
AWSALBCORS=2w7l+6KWTvQnXuN2q+k6B7FqvxBax3RZK4CXwwjZt8ywtM4mHGAdz6/CEWkxOAIcdH6GdwcW65Y1svqktI6zDpGwOOvi4N1OIXBsmjMc8dugGUM6tVJDVL+zgzGW; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/; SameSite=None; Secure
server: nginx
x-powered-by: Express
access-control-allow-origin: https://batfordapt.buzz
access-control-allow-credentials: true
access-control-allow-headers: X-CSRF-Token, X-Requested-With, accept, x-j-token, content-type
etag: W/"5bc6-48DoYcJKijLaUFwVIIxji9ZHYnM"
X-Firefox-Spdy: h2

us.cobrowse.pega.com/logserver

54.173.103.247

200 OK

0 B

URL HTTP/2
us.cobrowse.pega.com/logserver
IP
54.173.103.247:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /logserver HTTP/1.1
Host: us.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 250
Origin: https://batfordapt.buzz
Connection: keep-alive
Referer: https://batfordapt.buzz/
Cookie: AWSALBCORS=2w7l+6KWTvQnXuN2q+k6B7FqvxBax3RZK4CXwwjZt8ywtM4mHGAdz6/CEWkxOAIcdH6GdwcW65Y1svqktI6zDpGwOOvi4N1OIXBsmjMc8dugGUM6tVJDVL+zgzGW; connect.sid=s%3A0XOAgx-Vs2KpDu8rdRnD08gldti0dpGK.GaLtAlCfiZqrYBe7UeNGWWfJNfHVAtnwKcBJHr1GN8E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 22 Nov 2022 18:35:34 GMT
content-type: text/plain
set-cookie: AWSALB=3z1uUF+/cV28BByp8C3BCqddE4NmrrArHFlZtMgeLgEOS1s1axR/6wKSuEh4TlgrE1Cr/gn9AwxA5r8swxDX0/synRenuTuylz7dxDwpS79aX7G6xuO1Z2m2vXHO6fmn4UI1P7y4L0aof3eVzmSVa1DlyvH9mdxDfVNbRQxW8pdooAtiVHue8Oz9QTwBng==; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/
AWSALBCORS=3z1uUF+/cV28BByp8C3BCqddE4NmrrArHFlZtMgeLgEOS1s1axR/6wKSuEh4TlgrE1Cr/gn9AwxA5r8swxDX0/synRenuTuylz7dxDwpS79aX7G6xuO1Z2m2vXHO6fmn4UI1P7y4L0aof3eVzmSVa1DlyvH9mdxDfVNbRQxW8pdooAtiVHue8Oz9QTwBng==; Expires=Tue, 29 Nov 2022 18:35:34 GMT; Path=/; SameSite=None; Secure
server: nginx
access-control-allow-origin: https://batfordapt.buzz
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-headers: accept, x-csrf-token, content-type
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Nunito+Sans:wght@300;400;600;700;800&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Nunito+Sans:wght@300;400;600;700;800&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Nunito+Sans:wght@300;400;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://virtualhost.gq/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 22 Nov 2022 18:35:30 GMT
date: Tue, 22 Nov 2022 18:35:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations