Report - ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//desert-wirehaired-currency.glitch.me?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t

Report Overview

Submitted URL
ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//desert-wirehaired-currency.glitch.me?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t
IP
216.58.207.230
ASN
#15169 GOOGLE
Submitted
2024-04-18 14:41:00
Access
public
Website Title
pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com
Final URL
pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	1.7 kB	4.2 kB	142.250.74.164
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-18	477 B	42 kB	104.18.11.207
logo.clearbit.com	27344	2003-07-04	2015-06-30	2024-04-18	1.4 kB	31 kB	54.230.111.35
ad.doubleclick.net	186	1996-01-16	2012-05-24	2024-04-18	595 B	957 B	216.58.207.230
desert-wirehaired-currency.glitch.me	unknown	2008-07-18	2024-04-17	2024-04-18	537 B	1.3 kB	52.21.72.108
images.sftcdn.net	77483	2008-09-15	2017-07-20	2024-04-17	580 B	2.4 kB	104.110.18.102
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.7 kB	111 kB	216.58.207.227
pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev	unknown	2022-08-23	2024-04-18	2024-04-18	2.6 kB	130 kB	104.18.2.35
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-18	459 B	28 kB	104.17.24.14
fonts.google.com	31986	1997-09-15	2016-06-16	2024-04-18	1.7 kB	54 kB	142.250.74.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 14:40:35	medium	Client IP	52.21.72.108	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2024-04-18 14:40:35	low	Client IP	52.21.72.108	ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com	1.3 kB	2023-03-08	2024-04-25
Pretty URL pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 16:44:50 Last Seen2024-04-25 17:48:28 Times Seen2239 Hash 160f11a1f1b5c685346e0f033b170f66 b8ea0e8e982a0195c3d1ed8f6bfbb31649052960 af555745524b5a2d7e9aa623f85964fad33cda13494e21646a2e597854a7b2d1 Loading...

	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com	3.4 kB	2023-03-08	2024-04-25
Pretty URL pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 16:44:50 Last Seen2024-04-25 17:48:28 Times Seen2239 Hash c47fcb454544146076bf38a0ad01ed5f b4fe3c348e85b6f631fc0df9f739e9316c560df6 3b9192cc0217fb9406b6e9d9d6b08f78ecef7b87739b999b6d817be0bf23c5fc Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js	84 kB	2023-03-07	2024-05-01
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-05-01 18:37:25 Times Seen10901 Hash 7f9fb969ce353c5d77707836391eb28d 62c4042e9ebc691a5372d653b424512a561d1670 2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515 Loading...

HTTP Transactions (24)

	URL	IP	Response	Size
	ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//desert-wirehaired-currency.glitch.me?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t	216.58.207.230		0 B
URL ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//desert-wirehaired-currency.glitch.me?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t IP 216.58.207.230:0 ASN #15169 GOOGLE File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /clk;265186560;90846275;t;pc=[TPAS_ID]?//desert-wirehaired-currency.glitch.me?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t HTTP/1.1 Host: ad.doubleclick.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin: * cross-origin-resource-policy: cross-origin location: //desert-wirehaired-currency.glitch.me?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t content-type: text/html; charset=UTF-8 x-content-type-options: nosniff date: Thu, 18 Apr 2024 14:40:34 GMT server: cafe content-length: 0 x-xss-protection: 0 set-cookie: IDE=AHWqTUlITd2OgFYOuKu3nFlBgk7ZfsV3kR95IHP--edqHeJT6Oc5mnFQ1ZmTW337ESM; expires=Sat, 18-Apr-2026 14:40:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none FLC=COeSAhDD6KgrGIDauX4omdVHMOLhhLEGcADauAQcMho6GAoWKDCYF739wTqCGAILDJobBgji4YSxBg; expires=Thu, 18-Apr-2024 14:40:44 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	desert-wirehaired-currency.glitch.me/?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t	52.21.72.108		826 B
URL desert-wirehaired-currency.glitch.me/?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t IP 52.21.72.108:0 ASN #14618 AMAZON-AES File type HTML document, ASCII text Size 826 B (826 bytes) Hash bfb37596cc649f7916682a55f67fb007 8bebffb9072ec249d3b89e6e4b097d99811008c9 73c19338846603b2ef97937689fe104a9a8e324098785d1b9860e99df40aa0ca HTTP Headers GET /?/YW5keS5hcnJlZG9uZG9Ad2VzdGVybnN1cnBsdXMuY29t HTTP/1.1 Host: desert-wirehaired-currency.glitch.me User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Thu, 18 Apr 2024 14:40:35 GMT content-type: text/html; charset=utf-8 content-length: 826 x-amz-id-2: pn+ltNpoUSXUD0DD8o0HSes3KhumxwlGal6gwjHwI6XEXJAqAuIaRdS/E+rWrHOIhUDTgp/uSk8= x-amz-request-id: 2NX2Y7WXN5C7BKDV last-modified: Thu, 18 Apr 2024 10:35:42 GMT etag: "bfb37596cc649f7916682a55f67fb007" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: B38VC8TnfBXoRKgm6Pas5ZPnfMvkBgvY accept-ranges: bytes server: AmazonS3 X-Firefox-Spdy: h2`

	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html	104.18.2.35		24 kB
URL pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html IP 104.18.2.35:0 ASN #13335 CLOUDFLARENET File type HTML document, ASCII text, with very long lines (1280) Size 24 kB (23575 bytes) Hash 939ad1dce84ddaf11cd5102f4fcf8994 d69329adb9b6ef8e92d167120295b20ed0f18a9c 69800ceedd03f21889cce82ff2b05380e6691b535535be803431b6273de130c1 HTTP Headers GET /Secured-Document.html HTTP/1.1 Host: pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://desert-wirehaired-currency.glitch.me/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 14:40:35 GMT Content-Type: text/html Content-Length: 23575 Connection: keep-alive Accept-Ranges: bytes ETag: "939ad1dce84ddaf11cd5102f4fcf8994" Last-Modified: Thu, 18 Apr 2024 04:18:39 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 8765692e9a4d1c12-OSL`

	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js	104.17.24.14	200 OK	27 kB
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 104.17.24.14:443 ASN #13335 CLOUDFLARENET Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (32180) Size 27 kB (26660 bytes) Hash 7f9fb969ce353c5d77707836391eb28d 62c4042e9ebc691a5372d653b424512a561d1670 2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515 HTTP Headers `GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 18 Apr 2024 14:40:35 GMT content-type: application/javascript; charset=utf-8 content-length: 26660 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03ec4-14983" last-modified: Mon, 04 May 2020 16:11:48 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 252535 expires: Tue, 08 Apr 2025 14:40:35 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSmsXWR4tVp0%2BxyAVToVJyerYdwQpCaV33lE8AC%2F079AhbpVK9w57D577JyA9bi0LXdRuJ%2BmXkvEB8nNK5XMQH%2B%2BZsf5yw8yTQg4gMs9aet%2BdWo1AbBLz7XQpmPaMxa2ERKIpl04"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 876569306b7856aa-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	images.sftcdn.net/images/t_app-logo-xl,f_auto,dpr_2/p/7a60e021-3fe5-4334-9e56-7cc6ebae632d/2825932570/roundcube-webmail-roundcube_logo_icon.svg	104.110.18.102	200 OK	1.6 kB
URL GET HTTP/2 images.sftcdn.net/images/t_app-logo-xl,f_auto,dpr_2/p/7a60e021-3fe5-4334-9e56-7cc6ebae632d/2825932570/roundcube-webmail-roundcube_logo_icon.svg IP 104.110.18.102:443 ASN #16625 AKAMAI-AS Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerLet's Encrypt Subjects4-san.cloudinary.com Fingerprint12:4D:54:45:72:66:B8:94:EB:53:70:54:6C:4E:F3:56:78:29:8D:27 ValidityWed, 14 Feb 2024 11:43:07 GMT - Tue, 14 May 2024 11:43:06 GMT File type RIFF (little-endian) data, Web/P image Size 1.6 kB (1620 bytes) Hash 99724406fe475a16c3ba875b3e4742e7 b0a47e644eb92d1d0dcd7dcd41f393f0da26fb1b 2175ef57d8cb9f2c1d8d1f75f2a4d0cce3963fdf0c8013cafbe5ecd1866a6c2c HTTP Headers GET /images/t_app-logo-xl,f_auto,dpr_2/p/7a60e021-3fe5-4334-9e56-7cc6ebae632d/2825932570/roundcube-webmail-roundcube_logo_icon.svg HTTP/1.1 Host: images.sftcdn.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK content-type: image/webp content-length: 1620 etag: "99724406fe475a16c3ba875b3e4742e7" last-modified: Fri, 26 Jun 2020 13:52:47 GMT date: Thu, 18 Apr 2024 14:40:35 GMT cache-control: private, no-transform, max-age=31536000 access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options access-control-allow-origin: * accept-ranges: bytes timing-allow-origin: * server: Cloudinary strict-transport-security: max-age=604800 vary: Accept,User-Agent content-disposition: inline; filename="roundcube-webmail-roundcube_logo_icon.svg" x-content-type-options: nosniff server-timing: cld-akam;dur=5;start=2024-04-18T14:40:35.957Z;desc=hit,rtt;dur=1 X-Firefox-Spdy: h2

	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/assets/css/style.css	104.18.2.35	404 Not Found	27 kB
URL GET HTTP/1.1 pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/assets/css/style.css IP 104.18.2.35:443 ASN #13335 CLOUDFLARENET Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerLet's Encrypt Subject.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT File type HTML document, ASCII text, with very long lines (611) Size 27 kB (27242 bytes) Hash df3d48946e8d3f5a83608308edbb4b86 47b9c40c97abf2658df96b1c06109324e15e1a00 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499 HTTP Headers `GET /assets/css/style.css HTTP/1.1 Host: pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Not Found Date: Thu, 18 Apr 2024 14:40:35 GMT Content-Type: text/html Content-Length: 27242 Connection: keep-alive Vary: Accept-Encoding Server: cloudflare CF-RAY: 876569302bcf1c12-OSL`

	www.google.com/fonts	142.250.74.164		0 B
URL www.google.com/fonts IP 142.250.74.164:0 ASN #15169 GOOGLE File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /fonts HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently content-type: application/binary cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:35 GMT location: https://fonts.google.com/ p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-opener-policy: same-origin-allow-popups content-security-policy: script-src 'nonce-PACqcYXTzmQ7kSkEMOitQA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport server: ESF content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=RH4K7zPkKx7h4f849eVtQk7w_pXcch7uHepOxJ4uIr4lZQPWdllkQ7EZbcrxkPCC8j-dC1H1cdd5b5qy7Xu6NZEeXyb_2lfiDqBGhvpTM9j0olYulwoTWEb3Bs8YYJ0T4xF5K1B6ku_JsdqxSNZbq3HZQr8rCJ9bU0CRnHXq25Y; expires=Fri, 18-Oct-2024 14:40:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.google.com/fonts	142.250.74.164		0 B
URL www.google.com/fonts IP 142.250.74.164:0 ASN #15169 GOOGLE File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /fonts HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently content-type: application/binary cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:35 GMT location: https://fonts.google.com/ p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-security-policy: script-src 'nonce-I-sR186koVUKw3JNBLQG5A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport cross-origin-opener-policy: same-origin-allow-popups server: ESF content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=e9Y1iT4u4wMAbmp6BdRiUlPkY3lcFYgN4rEuYB9IWDuZH_MhV7S-u0rXdqpULxd90mXiaCS1u2eUg7LFTBP0oOUG6aYxN5TspQcqFMF8oi745igH2jNelmT5nZqXypZS1NY-bHDEj3xYfc2qgdBrROeBH9qDLJj0PoFHhQfBkSE; expires=Fri, 18-Oct-2024 14:40:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/assets/js/script.js	104.18.3.35	404 Not Found	27 kB
URL GET HTTP/1.1 pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/assets/js/script.js IP 104.18.3.35:443 ASN #13335 CLOUDFLARENET Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerLet's Encrypt Subject.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT File type HTML document, ASCII text, with very long lines (611) Size 27 kB (27242 bytes) Hash df3d48946e8d3f5a83608308edbb4b86 47b9c40c97abf2658df96b1c06109324e15e1a00 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499 HTTP Headers `GET /assets/js/script.js HTTP/1.1 Host: pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Not Found Date: Thu, 18 Apr 2024 14:40:36 GMT Content-Type: text/html Content-Length: 27242 Connection: keep-alive Vary: Accept-Encoding Server: cloudflare CF-RAY: 876569306d50712d-OSL`

	fonts.google.com/	142.250.74.174		25 kB
URL fonts.google.com/ IP 142.250.74.174:0 ASN #15169 GOOGLE File type data Size 25 kB (24852 bytes) Hash 88615ced3883dc83623fdd87a12acb9d 6185a7a0fe5392278729a2ae87529e795c1464cd 1263bf1eb77d84eab351c9327434385514cf4ef08d19328e43164bf0e955fcfc HTTP Headers `GET / HTTP/1.1 Host: fonts.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:36 GMT p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-opener-policy: same-origin-allow-popups content-security-policy: script-src 'nonce-5xHrdc-Se2x9uAgOActtrQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=mgIDHy70CfgJ3CAEVM7GgzDU3SUlj9hh23dnKfiS3mZyY8UrzV-oYvpWLV1SPnKwsKyAQFs1AxJ6enduF5gl-6iAuI52krm15T0--5f7uQ48XgIXw7sEItNAB8UcivBARXZRdufHfYNTSFqn7MPul99qZoekx63kftaJv0ncH14; expires=Fri, 18-Oct-2024 14:40:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css	104.18.11.207	200 OK	41 kB
URL GET HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css IP 104.18.11.207:443 ASN #13335 CLOUDFLARENET Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT File type ASCII text, with very long lines (65371) Size 41 kB (40573 bytes) Hash eedf9ee80c2faa4e1b9ab9017cdfcb88 ed29315e0ffb3f14382431f2724235bf67f44eb3 f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5 HTTP Headers `GET /bootstrap/3.3.4/css/bootstrap.min.css HTTP/1.1 Host: maxcdn.bootstrapcdn.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 18 Apr 2024 14:40:36 GMT content-type: text/css; charset=utf-8 vary: Accept-Encoding cdn-pullzone: 252412 cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestcountrycode: DE access-control-allow-origin: * cache-control: public, max-age=31919000 etag: W/"eedf9ee80c2faa4e1b9ab9017cdfcb88" last-modified: Mon, 25 Jan 2021 22:03:58 GMT cdn-cachedat: 08/04/2023 12:50:24 cdn-proxyver: 1.04 cdn-requestpullcode: 200 cdn-requestpullsuccess: True cdn-edgestorageid: 722 timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff cdn-status: 200 cdn-requestid: 7e74c5fea2151758aaf7c8cf1f839c4a cdn-cache: HIT cf-cache-status: HIT age: 12553256 strict-transport-security: max-age=31536000; includeSubDomains; preload server: cloudflare cf-ray: 876569310b5c56c1-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/assets/js/script.js	104.18.2.35	404 Not Found	27 kB
URL GET HTTP/1.1 pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/assets/js/script.js IP 104.18.2.35:443 ASN #13335 CLOUDFLARENET Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerLet's Encrypt Subject.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT File type HTML document, ASCII text, with very long lines (611) Size 27 kB (27242 bytes) Hash df3d48946e8d3f5a83608308edbb4b86 47b9c40c97abf2658df96b1c06109324e15e1a00 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499 HTTP Headers `GET /assets/js/script.js HTTP/1.1 Host: pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Not Found Date: Thu, 18 Apr 2024 14:40:36 GMT Content-Type: text/html Content-Length: 27242 Connection: keep-alive Vary: Accept-Encoding Server: cloudflare CF-RAY: 8765693428301c12-OSL`

	fonts.google.com/	142.250.74.174		25 kB
URL fonts.google.com/ IP 142.250.74.174:0 ASN #15169 GOOGLE File type data Size 25 kB (24924 bytes) Hash cf59938c8f1faa7d75bec35f26d88c8b 0587fdf190b14456e620f0f180631c204d2bf2fe e7cb16e984083d35b5c0ce22254932c61dc4a95f3be2f624e7e437553a1d6bdd HTTP Headers `GET / HTTP/1.1 Host: fonts.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:36 GMT p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-opener-policy: same-origin-allow-popups content-security-policy: script-src 'nonce-HtOV9RHbyv30hnUuSy9Vuw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=EDYeMNmeF4jQHCqAkVhDIaO3asUXw4AhkVScdTg2r3q8-LoDGU76zTNfsmQpBQ6wbxhHSNaoaF0At07pT-ccMl6AqMvG_aqzClp1NVva9JqfB478Mtsf5_0GV-MONWwYf0HRvdz3-9rfkM55rb0X-d15YTC7iEnxCDuDna-mA4c; expires=Fri, 18-Oct-2024 14:40:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	logo.clearbit.com/westernsurplus.com	54.230.111.35	200 OK	11 kB
URL GET HTTP/2 logo.clearbit.com/westernsurplus.com IP 54.230.111.35:443 ASN #16509 AMAZON-02 Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerAmazon Subjectclearbit.com FingerprintCE:16:94:BB:21:1F:D1:5C:C5:B1:B0:D0:51:6C:C5:26:30:0D:59:72 ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 18 Feb 2025 23:59:59 GMT File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Size 11 kB (11275 bytes) Hash ddf74bd408e79fece6c95145f48d28da 6fcb1998f096828340aabe234fcd68df1e4302b2 bc7cafdeeba704d71852c68d00f0951351da235f0678eb60f4dab5afb265707f HTTP Headers `GET /westernsurplus.com HTTP/1.1 Host: logo.clearbit.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: image/png access-control-allow-origin: * cache-control: public, max-age=2592000 date: Thu, 18 Apr 2024 14:40:36 GMT x-envoy-response-flags: - server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff x-cache: Miss from cloudfront via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: BeIw9v-NoqG1I9YQ6i2y7lBhXl0d2JiPacgtgwyGZOj5hQNdg7sNug== X-Firefox-Spdy: h2

	logo.clearbit.com/westernsurplus.com	54.230.111.35	200 OK	9.0 kB
URL GET HTTP/2 logo.clearbit.com/westernsurplus.com IP 54.230.111.35:443 ASN #16509 AMAZON-02 Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerAmazon Subjectclearbit.com FingerprintCE:16:94:BB:21:1F:D1:5C:C5:B1:B0:D0:51:6C:C5:26:30:0D:59:72 ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 18 Feb 2025 23:59:59 GMT File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Size 9.0 kB (9044 bytes) Hash 03ef9b5cda1226ee0e445f4118399002 57a8cee6f2b25581e8bb29da5d00d805ba58c7c6 a8cfac96b7554c7029d4d9ad65c2fb5de33a7adbe583a935dc032d0a2a26b3f5 HTTP Headers `GET /westernsurplus.com HTTP/1.1 Host: logo.clearbit.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK content-type: image/png access-control-allow-origin: * cache-control: public, max-age=2592000 date: Thu, 18 Apr 2024 14:40:36 GMT x-envoy-response-flags: - server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff x-cache: Hit from cloudfront via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 1KnJeeJFA869Spz20fltqqY20KKSDUnAW29YPIWnI9Z6-w9lM32OoA== age: 1 X-Firefox-Spdy: h2

	logo.clearbit.com/westernsurplus.com	54.230.111.35	200 OK	8.8 kB
URL GET HTTP/2 logo.clearbit.com/westernsurplus.com IP 54.230.111.35:443 ASN #16509 AMAZON-02 Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerAmazon Subjectclearbit.com FingerprintCE:16:94:BB:21:1F:D1:5C:C5:B1:B0:D0:51:6C:C5:26:30:0D:59:72 ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 18 Feb 2025 23:59:59 GMT File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Size 8.8 kB (8838 bytes) Hash 48bf6700c5c7299ab7ece0a10006fe52 5da2ee5889c574c234bd8946450c873fed691dd0 3d86fd8e03362d87954912f37a9739ed409335b995a7ec02b6090e35aa0e3579 HTTP Headers `GET /westernsurplus.com HTTP/1.1 Host: logo.clearbit.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: image/png access-control-allow-origin: * cache-control: public, max-age=2592000 date: Thu, 18 Apr 2024 14:40:36 GMT x-envoy-response-flags: - server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff x-cache: Hit from cloudfront via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: KcWmMg574zz_-IXZEr5AGbQBOudtPYs0RctjS_D5j7Zn0MpIpwO7pA== X-Firefox-Spdy: h2

	fonts.google.com/	142.250.74.174	200 OK	0 B
URL GET HTTP/2 fonts.google.com/ IP 142.250.74.174:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subject.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET / HTTP/1.1 Host: fonts.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:36 GMT p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-opener-policy: same-origin-allow-popups content-security-policy: script-src 'nonce-5xHrdc-Se2x9uAgOActtrQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=mgIDHy70CfgJ3CAEVM7GgzDU3SUlj9hh23dnKfiS3mZyY8UrzV-oYvpWLV1SPnKwsKyAQFs1AxJ6enduF5gl-6iAuI52krm15T0--5f7uQ48XgIXw7sEItNAB8UcivBARXZRdufHfYNTSFqn7MPul99qZoekx63kftaJv0ncH14; expires=Fri, 18-Oct-2024 14:40:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html	104.18.2.35	200 OK	24 kB
URL User Request GET HTTP/1.1 pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html IP 104.18.2.35:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subject.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT File type HTML document, ASCII text, with very long lines (1280) Size 24 kB (23575 bytes) Hash 939ad1dce84ddaf11cd5102f4fcf8994 d69329adb9b6ef8e92d167120295b20ed0f18a9c 69800ceedd03f21889cce82ff2b05380e6691b535535be803431b6273de130c1 HTTP Headers GET /Secured-Document.html HTTP/1.1 Host: pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://desert-wirehaired-currency.glitch.me/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 14:40:35 GMT Content-Type: text/html Content-Length: 23575 Connection: keep-alive Accept-Ranges: bytes ETag: "939ad1dce84ddaf11cd5102f4fcf8994" Last-Modified: Thu, 18 Apr 2024 04:18:39 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 8765692e9a4d1c12-OSL`

	www.google.com/fonts	142.250.74.164	301 Moved Permanently	0 B
URL GET HTTP/2 www.google.com/fonts IP 142.250.74.164:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /fonts HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently content-type: application/binary cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:35 GMT location: https://fonts.google.com/ p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-security-policy: script-src 'nonce-I-sR186koVUKw3JNBLQG5A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport cross-origin-opener-policy: same-origin-allow-popups server: ESF content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=e9Y1iT4u4wMAbmp6BdRiUlPkY3lcFYgN4rEuYB9IWDuZH_MhV7S-u0rXdqpULxd90mXiaCS1u2eUg7LFTBP0oOUG6aYxN5TspQcqFMF8oi745igH2jNelmT5nZqXypZS1NY-bHDEj3xYfc2qgdBrROeBH9qDLJj0PoFHhQfBkSE; expires=Fri, 18-Oct-2024 14:40:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.google.com/	142.250.74.174	200 OK	0 B
URL GET HTTP/2 fonts.google.com/ IP 142.250.74.174:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subject.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET / HTTP/1.1 Host: fonts.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:36 GMT p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-opener-policy: same-origin-allow-popups content-security-policy: script-src 'nonce-HtOV9RHbyv30hnUuSy9Vuw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=EDYeMNmeF4jQHCqAkVhDIaO3asUXw4AhkVScdTg2r3q8-LoDGU76zTNfsmQpBQ6wbxhHSNaoaF0At07pT-ccMl6AqMvG_aqzClp1NVva9JqfB478Mtsf5_0GV-MONWwYf0HRvdz3-9rfkM55rb0X-d15YTC7iEnxCDuDna-mA4c; expires=Fri, 18-Oct-2024 14:40:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxP.ttf	216.58.207.227	200 OK	36 kB
URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxP.ttf IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT File type TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt Size 36 kB (36216 bytes) Hash a0d084a3e8176664e75f8eca3ebea96c 324ec20b91392a6871d7846e0ff2972447a1b2b8 a9ef021078603005c0b08fba881f1a7eb62ef213238021f3e8a4a00daa60b9d6 HTTP Headers GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxP.ttf HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 20776 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 18 Apr 2024 02:32:49 GMT expires: Fri, 18 Apr 2025 02:32:49 GMT cache-control: public, max-age=31536000 age: 43667 last-modified: Wed, 11 May 2022 19:24:42 GMT content-type: font/ttf vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.google.com/fonts	142.250.74.164	301 Moved Permanently	0 B
URL GET HTTP/2 www.google.com/fonts IP 142.250.74.164:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /fonts HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently content-type: application/binary cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Thu, 18 Apr 2024 14:40:35 GMT location: https://fonts.google.com/ p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-opener-policy: same-origin-allow-popups content-security-policy: script-src 'nonce-PACqcYXTzmQ7kSkEMOitQA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport server: ESF content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: NID=513=RH4K7zPkKx7h4f849eVtQk7w_pXcch7uHepOxJ4uIr4lZQPWdllkQ7EZbcrxkPCC8j-dC1H1cdd5b5qy7Xu6NZEeXyb_2lfiDqBGhvpTM9j0olYulwoTWEb3Bs8YYJ0T4xF5K1B6ku_JsdqxSNZbq3HZQr8rCJ9bU0CRnHXq25Y; expires=Fri, 18-Oct-2024 14:40:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc9.ttf	216.58.207.227	200 OK	36 kB
URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc9.ttf IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT File type TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo Size 36 kB (36052 bytes) Hash ecec6c79a27c8914400d4116e02668aa 3b2880007b93580c4b35e2b31afe2fc9b6fa5923 8a9a74f4455f392ec3e7499cfda6097b536bb4b7f1e529a079c3d953c08b54ca HTTP Headers GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc9.ttf HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 20828 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 18 Apr 2024 02:45:33 GMT expires: Fri, 18 Apr 2025 02:45:33 GMT cache-control: public, max-age=31536000 age: 42903 last-modified: Wed, 11 May 2022 19:24:45 GMT content-type: font/ttf vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc9.ttf	216.58.207.227	200 OK	36 kB
URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc9.ttf IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/Secured-Document.html#andy.arredondo@westernsurplus.com Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT File type TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto LightRegularVersion 2.137; 2017Roboto-Ligh Size 36 kB (36216 bytes) Hash 85df2cb76110ce9ce787b45a5266d23a 91187234316d05377268346f4631e2de3bb6affe 4501b0c41bd6ffd12d34114eed5113b9e136f5f1715d7b4348dd1ccb570470f9 HTTP Headers GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc9.ttf HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev DNT: 1 Connection: keep-alive Referer: https://pub-ca63fbf45a7f426a84884c820e1f1ffd.r2.dev/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 20847 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 11 Apr 2024 17:54:41 GMT expires: Fri, 11 Apr 2025 17:54:41 GMT cache-control: public, max-age=31536000 age: 593155 last-modified: Wed, 11 May 2022 19:24:41 GMT content-type: font/ttf vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP