URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Submission: On June 09 via api from US — Scanned from DE

Summary

This website contacted 11 IPs in 4 countries across 9 domains to perform 41 HTTP transactions. The main IP is 45.60.33.183, located in United States and belongs to INCAPSULA, US. The main domain is secure.ngpvan.com. The Cisco Umbrella rank of the primary domain is 59054.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on December 30th 2021. Valid for: a year.
This is the only time secure.ngpvan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 45.60.33.183 19551 (INCAPSULA)
8 2600:9000:21f... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:2800:133... 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
9 2a00:1450:400... 15169 (GOOGLE)
5 20.60.58.97 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
2 13.69.106.216 8075 (MICROSOFT...)
41 11
Apex Domain
Subdomains
Transfer
10 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 328
www.google-analytics.com — Cisco Umbrella Rank: 43
37 KB
10 ngpvan.com
secure.ngpvan.com — Cisco Umbrella Rank: 59054
profile.ngpvan.com — Cisco Umbrella Rank: 53349
fastaction.ngpvan.com — Cisco Umbrella Rank: 109062
34 KB
9 everyaction.com
static.everyaction.com — Cisco Umbrella Rank: 98714
secure.everyaction.com — Cisco Umbrella Rank: 53728
451 KB
5 windows.net
nvlupin.blob.core.windows.net — Cisco Umbrella Rank: 46987
81 KB
2 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 673
282 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 75
90 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 98
440 B
1 verygoodvault.com
js2.verygoodvault.com — Cisco Umbrella Rank: 57642
24 KB
1 msecnd.net
az416426.vo.msecnd.net — Cisco Umbrella Rank: 1557
42 KB
41 9
Domain Requested by
9 www.google-analytics.com www.googletagmanager.com
az416426.vo.msecnd.net
secure.ngpvan.com
8 static.everyaction.com secure.ngpvan.com
static.everyaction.com
7 secure.ngpvan.com secure.ngpvan.com
az416426.vo.msecnd.net
5 nvlupin.blob.core.windows.net secure.ngpvan.com
2 dc.services.visualstudio.com az416426.vo.msecnd.net
2 profile.ngpvan.com static.everyaction.com
az416426.vo.msecnd.net
2 www.googletagmanager.com secure.ngpvan.com
static.everyaction.com
1 secure.everyaction.com az416426.vo.msecnd.net
1 stats.g.doubleclick.net az416426.vo.msecnd.net
1 fastaction.ngpvan.com static.everyaction.com
1 js2.verygoodvault.com static.everyaction.com
1 ssl.google-analytics.com secure.ngpvan.com
1 az416426.vo.msecnd.net secure.ngpvan.com
41 13

This site contains links to these domains. Also see Links.

Domain
www.mfpe.org
fastaction.ngpvan.com
www.ngpvan.com
Subject Issuer Validity Valid
*.ngpvan.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-30 -
2023-01-14
a year crt.sh
static.everyaction.com
Amazon
2022-06-08 -
2023-07-07
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-05-09 -
2022-08-01
3 months crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA
2021-08-06 -
2022-08-06
a year crt.sh
*.verygoodvault.com
Amazon
2022-02-17 -
2023-03-18
a year crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01
2022-04-26 -
2023-04-26
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-05-25 -
2022-08-17
3 months crt.sh
in.applicationinsights.azure.com
Microsoft RSA TLS CA 01
2022-05-07 -
2023-05-07
a year crt.sh
*.everyaction.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2022-04-11 -
2023-04-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Frame ID: 9D5C31BCE8C46A4FB879F83B93CD501A
Requests: 42 HTTP requests in this frame

Screenshot

Page Title

MFPE State Employee Pre-Budget Priorities Survey #2

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

41
Requests

100 %
HTTPS

70 %
IPv6

9
Domains

13
Subdomains

11
IPs

4
Countries

760 kB
Transfer

2159 kB
Size

22
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request jb_mvvcEhEKzngnDwxNvDA2
secure.ngpvan.com/
9 KB
4 KB
Document
General
Full URL
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ac769b4e8787efcdb7191bdb71f72252af9abdd56d0db66a44a468f7a9ea13ad
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-expose-headers
Request-Context
cache-control
public, max-age=10
content-encoding
gzip
content-security-policy
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
content-type
text/html; charset=utf-8
date
Thu, 09 Jun 2022 13:03:25 GMT
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-cdn
Imperva
x-content-type-options
nosniff
x-iinfo
13-94184184-94184191 NNNN CT(94 183 0) RT(1654779804258 58) q(0 0 2 1) r(4 4) U18
x-xss-protection
1; mode=block
published.css
secure.ngpvan.com/Content/css/forms/
361 B
374 B
Stylesheet
General
Full URL
https://secure.ngpvan.com/Content/css/forms/published.css
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
92d20b6e55111266f61347ec04f0fd23e9f1abe3138150196ce6674d8ba529ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:24 GMT
content-encoding
gzip
last-modified
Mon, 06 Jun 2022 18:56:18 GMT
x-cdn
Imperva
etag
"075ae1ad779d81:0"
content-type
text/css
x-iinfo
13-94184184-93782149 2CNN RT(1654779804258 469) q(0 0 0 -1) r(0 0)
access-control-expose-headers
Request-Context
content-length
219
at.js
static.everyaction.com/ea-actiontag/
844 KB
241 KB
Script
General
Full URL
https://static.everyaction.com/ea-actiontag/at.js
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd7717cd4f93abc9de5a76ca86561929f03033a0e254ef53f7d0b92e557f14a3

Request headers

Referer
https://secure.ngpvan.com/
Origin
https://secure.ngpvan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 17:36:58 GMT
content-encoding
gzip
age
69988
x-cache
Hit from cloudfront
content-length
245719
access-control-allow-origin
*
last-modified
Wed, 08 Jun 2022 17:36:36 GMT
server
AmazonS3
etag
"c9856a0e84e5eccb2756e98aa4a81985"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
via
1.1 ff2bcb2d3b4a3d9e0615ddd1033c38c4.cloudfront.net (CloudFront)
cache-control
max-age=900, s-maxage=86400, public
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
8RgekkBplZq2sXMPXGLPLAK-yrdMDUuVjD5ZbpMYPdn5RbI_0Z3dDA==
at.min.css
static.everyaction.com/ea-actiontag/
59 KB
12 KB
Stylesheet
General
Full URL
https://static.everyaction.com/ea-actiontag/at.min.css
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4a52bd15d49c421b4257b9f64e360220a40f68d0f5daf2fee1994cb6302e759a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 17:36:47 GMT
content-encoding
gzip
age
69999
x-cache
Hit from cloudfront
content-length
11449
access-control-allow-origin
*
last-modified
Wed, 08 Jun 2022 17:36:36 GMT
server
AmazonS3
etag
"8172079bb4b9d3d490d88fbfcc495778"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css; charset=utf-8
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
cache-control
max-age=900, s-maxage=86400, public
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
JQ0vguPs6FcEOjlZWrNMKUbeu0Ro7PguzEnGMP3JgfmoIiteL3BtiA==
_Incapsula_Resource
secure.ngpvan.com/
140 KB
20 KB
Script
General
Full URL
https://secure.ngpvan.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=87279636
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3b40e489a5f00a3459710925682f2035cb1e3c03ef8f433ca43bc742a1b64646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding
gzip
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
20187
content-type
application/javascript
gtm.js
www.googletagmanager.com/
129 KB
47 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM473M
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
623e8b4ba0e94301901af5fade6b1dedf64e57e21bb739552490963b1408f91b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:25 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47138
x-xss-protection
0
last-modified
Thu, 09 Jun 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 09 Jun 2022 13:03:25 GMT
ai.2.min.js
az416426.vo.msecnd.net/scripts/b/
119 KB
42 KB
Script
General
Full URL
https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F5B) /
Resource Hash
450c11968152d6120b39f80fe8de61e4284ee3f8555aa6d4f95905da97d565cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 09 Jun 2022 13:03:25 GMT
content-encoding
gzip
x-ms-meta-lastmodified
2020-10-07 00:07:47
content-md5
w01n43WhWbndRd7LhVxiBA==
age
1774
x-cache
HIT
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.4.min.js
content-length
42351
x-ms-lease-status
unlocked
last-modified
Wed, 08 Jun 2022 16:01:35 GMT
server
ECAcc (frc/8F5B)
x-ms-meta-aijssdkver
2.8.4
etag
0x8DA496829B6F874
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
bd56d033-f01e-001c-6afd-7bba15000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
expires
Thu, 09 Jun 2022 13:33:25 GMT
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
752
date
Thu, 09 Jun 2022 12:50:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Thu, 09 Jun 2022 14:50:54 GMT
_Incapsula_Resource
secure.ngpvan.com/
1 B
35 B
Image
General
Full URL
https://secure.ngpvan.com/_Incapsula_Resource?SWKMTFSR=1&e=0.8984179996181174
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-type
text/plain
gtm.js
www.googletagmanager.com/
121 KB
44 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2eee1a6db3cae26be8e355556d8092f0f7bde53e602f60051db2125e7a5dd8da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:25 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44528
x-xss-protection
0
last-modified
Thu, 09 Jun 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 09 Jun 2022 13:03:25 GMT
extra.min.css
static.everyaction.com/ea-actiontag/
98 KB
17 KB
Stylesheet
General
Full URL
https://static.everyaction.com/ea-actiontag/extra.min.css
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a07a14b1a9190f5fc794d9e7aa2c26e89d0f946e1b03e17f5e01ff1a4ce2ae47

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 17:37:04 GMT
content-encoding
gzip
age
69982
x-cache
Hit from cloudfront
content-length
16785
access-control-allow-origin
*
last-modified
Wed, 08 Jun 2022 17:36:36 GMT
server
AmazonS3
etag
"3ac49f8dd9674b28be51a003db0283d9"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css; charset=utf-8
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
cache-control
max-age=900, s-maxage=86400, public
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
i4DcFW7mHduzlEjqvJ-1QeMKlKM8jAcYhVtHRLOcE1nr00SPysswdA==
identity
profile.ngpvan.com/
72 B
800 B
Script
General
Full URL
https://profile.ngpvan.com/identity?callback=_jqjsp
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash
9412e2dc8a64d642f1b8fe4d2402afd9d9a2c48ec903e08c290748091d67ce5b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Microsoft-IIS/10.0
x-powered-by
Express, ASP.NET
vary
Accept-Encoding
p3p
CP="NOI ADM DEV PSAi OUR OTRo STP IND COM NAV DEM"
x-iinfo
13-94184184-94184354 NNNN CT(156 321 0) RT(1654779804258 844) q(0 0 4 8) r(7 7) U5
x-cdn
Imperva
content-type
text/javascript; charset=utf-8
content-length
191
etag
W/"48-/tYucuLzq5Bgc9EMsCyAQG5495c"
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
AC2nt8erbFu3svSWxmyTZr1b.js
js2.verygoodvault.com/vgs-collect/1/
76 KB
24 KB
Script
General
Full URL
https://js2.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:1400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
s108w9ESk9MsUpkYVuIVY.XmC2guOF28
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Fri, 24 Apr 2020 20:22:27 GMT
Server
AmazonS3
Age
57
ETag
W/"9b953aa54ddcf3f41bc5a40e25cf8452"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
Connection
keep-alive
Date
Thu, 09 Jun 2022 13:02:33 GMT
X-Amz-Cf-Pop
FRA50-C1
X-Amz-Cf-Id
c8XPyfMScACkRsQb8jtYsNuf0jd1BcgRLjwsIgeMW92ncGOi-jKyZQ==
jb_mvvcEhEKzngnDwxNvDA2
secure.ngpvan.com/v1/Forms/
21 KB
7 KB
XHR
General
Full URL
https://secure.ngpvan.com/v1/Forms/jb_mvvcEhEKzngnDwxNvDA2
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1da880075013fc0d3813d127fca4c4eba4954497c6a046a847dfbd495bf6e684
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Request-Id
|85831a86890341b2a23f26eae48d8b6e.d8b3362cd99f40e8
X-Requested-With
XMLHttpRequest
traceparent
00-85831a86890341b2a23f26eae48d8b6e-d8b3362cd99f40e8-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Referer
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2

Response headers

date
Thu, 09 Jun 2022 13:03:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
x-iinfo
13-94184184-94184191 PNNN RT(1654779804258 881) q(0 0 0 -1) r(1 1) U18
access-control-expose-headers
Request-Context
cache-control
public, max-age=10
content-security-policy
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security
max-age=31536000
vary
Origin,Accept-Encoding
content-length
6878
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
ngpvan-logo-16.png
static.everyaction.com/ea-actiontag/assets/images/
617 B
1 KB
Image
General
Full URL
https://static.everyaction.com/ea-actiontag/assets/images/ngpvan-logo-16.png
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/extra.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2decb492a5b143c935ba3f8b6a9a1dc970335e8981fb5f42b3ee7966735eeb16

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.everyaction.com/ea-actiontag/extra.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 11 May 2022 05:39:24 GMT
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
age
2532243
x-cache
Hit from cloudfront
content-length
617
last-modified
Tue, 07 Dec 2021 15:33:44 GMT
server
AmazonS3
etag
"3d6f9aab1e809b87c195e78264cb01f8"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
BzuX7BlmOxE2VUYwHsKugP00HR9E4jRfErQT21Z8B-clo3b7nQBSnQ==
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5320
date
Thu, 09 Jun 2022 11:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 09 Jun 2022 13:34:46 GMT
identity
fastaction.ngpvan.com/api/v1/
182 B
854 B
Script
General
Full URL
https://fastaction.ngpvan.com/api/v1/identity?callback=_jqjsp&_1654779806156=
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash
2035729b940cec350488aad775a395fc25635f1e25644e6b75fe990590cdf1e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Microsoft-IIS/10.0
x-powered-by
Express, ASP.NET
vary
Accept-Encoding,Accept-Encoding
p3p
CP="NOI ADM DEV COM NAV OUR STP"
x-iinfo
13-94184184-94184410 NNNN CT(98 176 0) RT(1654779804258 1064) q(0 0 2 1) r(3 3) U4
x-cdn
Imperva
strict-transport-security
max-age=31536000; includeSubdomains
content-type
text/javascript; charset=utf-8
content-length
295
etag
W/"b6-KuWcCjcval4sj4f7Zl3oRFKwmns"
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
truncated
/
73 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
glyphicons-regular.woff2
static.everyaction.com/ea-actiontag/assets/fonts/
94 KB
95 KB
Font
General
Full URL
https://static.everyaction.com/ea-actiontag/assets/fonts/glyphicons-regular.woff2
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/extra.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591

Request headers

Referer
https://static.everyaction.com/ea-actiontag/extra.min.css
Origin
https://secure.ngpvan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 04:59:04 GMT
via
1.1 ff2bcb2d3b4a3d9e0615ddd1033c38c4.cloudfront.net (CloudFront)
age
34369
x-cache
Hit from cloudfront
content-length
96388
last-modified
Tue, 07 Dec 2021 15:33:44 GMT
server
AmazonS3
etag
"aca35251952e72d9e32d41217f0f97ab"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
R39UzXAhm_Z3ocFcSAskJJov3qCKgCPr8mOics-25NqrgEo1xIXp-Q==
intl-tel.input.utils.js
static.everyaction.com/ea-actiontag/assets/js/
245 KB
55 KB
Script
General
Full URL
https://static.everyaction.com/ea-actiontag/assets/js/intl-tel.input.utils.js
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8496a94dcfd779693def6ae3e607a923fece02f38491ef1462e7cb51cab12e7d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 18:09:12 GMT
content-encoding
gzip
age
4992855
x-cache
Hit from cloudfront
content-length
56004
access-control-allow-origin
*
last-modified
Tue, 12 Apr 2022 14:33:00 GMT
server
AmazonS3
etag
"4b9bf850ee4aa76202eb0e6f5948bfa8"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
3RDZQDRoXKaXSrsXmTgcEuVwN2tCquBc_AlrEE_TSXfYMbMG-fhvbw==
truncated
/
784 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
flags.png
static.everyaction.com/ea-actiontag/assets/images/
20 KB
20 KB
Image
General
Full URL
https://static.everyaction.com/ea-actiontag/assets/images/flags.png
Requested by
Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/extra.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.everyaction.com/ea-actiontag/extra.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 13:45:12 GMT
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
age
8464695
x-cache
Hit from cloudfront
content-length
20389
last-modified
Tue, 07 Dec 2021 15:33:44 GMT
server
AmazonS3
etag
"4e54a2ee652e9cddbd4ef6f8c46e5390"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
4IneAyPSyRdVuu52jX8Rd4eKUE3xTLuOafHKkDJx3l-tSSfS9t3N3w==
2022%20PBN%20Raise%20Type.png
nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/
14 KB
14 KB
Image
General
Full URL
https://nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/2022%20PBN%20Raise%20Type.png
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
07b72cdaf7705e1ddffbb3cb0f419220fcbd53357f84bb7e1a69b2cacda0f310

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 09 Jun 2022 13:03:26 GMT
Last-Modified
Thu, 05 May 2022 18:07:09 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8DA2EC2129B46D5
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
73a02a3a-201e-007d-6201-7c3672000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
Content-Length
13833
2022%20PBN%20Locality%20Pay.png
nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/
11 KB
12 KB
Image
General
Full URL
https://nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/2022%20PBN%20Locality%20Pay.png
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
4d9fa995211a92f7466735bf5581e970c7199f3d90656abe32c2c2426e036df3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 09 Jun 2022 13:03:26 GMT
Last-Modified
Thu, 05 May 2022 18:07:08 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8DA2EC211EF8FBC
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
5a2f4fed-301e-0061-1001-7c6412000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
Content-Length
11696
2022%20PBN%20Telework.png
nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/
11 KB
11 KB
Image
General
Full URL
https://nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/2022%20PBN%20Telework.png
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b8f056aae9cc425e4299db3cb8c644d9827a7107594cb8e6ad2226ae7d99b7a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 09 Jun 2022 13:03:26 GMT
Last-Modified
Thu, 05 May 2022 18:07:10 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8DA2EC21353A649
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
cc11f967-301e-004e-5301-7c69d9000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
Content-Length
10941
2022%20PBN%20Caregiver%20Leave.png
nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/
18 KB
18 KB
Image
General
Full URL
https://nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/2022%20PBN%20Caregiver%20Leave.png
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e79adb1ae3d535afcba7e590308ed945ffed14b5198efd6d163d600a8e790bea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 09 Jun 2022 13:03:26 GMT
Last-Modified
Thu, 05 May 2022 18:07:06 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8DA2EC210A6C555
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
126833c4-d01e-0056-4a01-7cb6be000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
Content-Length
18254
2022%20PBN%20Employer%20Contribution.png
nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/
25 KB
25 KB
Image
General
Full URL
https://nvlupin.blob.core.windows.net/images/van/AV/AVNMW/1/25123/images/2022%20PBN%20Employer%20Contribution.png
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
2c5a5f92d9cf1bb0489e6034b9d292afe73863ab26fe5193039fe79b9c47dd1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 09 Jun 2022 13:03:26 GMT
Last-Modified
Thu, 05 May 2022 18:07:07 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8DA2EC211478192
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
303cf2a2-201e-006d-7f01-7cf31a000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
Content-Length
25284
jb_mvvcEhEKzngnDwxNvDA2
secure.ngpvan.com/v1/Track/
0
144 B
Image
General
Full URL
https://secure.ngpvan.com/v1/Track/jb_mvvcEhEKzngnDwxNvDA2?formSessionId=8e136526-3bcd-4796-a642-0be566a70e10&bName=chrome&dType=desktop&fUrl=aHR0cHM6Ly9zZWN1cmUubmdwdmFuLmNvbS9qYl9tdnZjRWhFS3puZ25Ed3hOdkRBMg%3D%3D&fRef=
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 13:03:25 GMT
x-content-type-options
nosniff
expires
-1
x-cdn
Imperva
x-frame-options
SAMEORIGIN
x-iinfo
13-94184184-94184191 PNNN RT(1654779804258 1162) q(0 0 0 -1) r(1 1) U2
access-control-expose-headers
Request-Context
cache-control
no-cache
content-security-policy
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security
max-age=31536000
content-length
0
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
fast-action.svg
static.everyaction.com/ea-actiontag/assets/images/
9 KB
9 KB
Image
General
Full URL
https://static.everyaction.com/ea-actiontag/assets/images/fast-action.svg
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:6000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 06:42:28 GMT
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
age
22859
x-cache
Hit from cloudfront
content-length
9203
last-modified
Tue, 07 Dec 2021 15:33:44 GMT
server
AmazonS3
etag
"babd47dc25531a9faeadc04f1afa1910"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
O0IqiUkdGarSHYeyzkQZ2IsQd4NdcCKJH3PHEvabCvw9MZNjISxNrA==
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1530488320&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Downloading&utt=149&_u=YEBAAEABAAAAAC~&jid=1772552644&gjid=1301637885&cid=191744000.1654779807&tid=UA-28243511-22&_gid=1356208865.1654779807&_r=1&gtm=2wg6605L2FSL&z=1299457737
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.ngpvan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 13:03:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://secure.ngpvan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
440 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-28243511-23&cid=191744000.1654779807&jid=1799591446&gjid=347967504&_gid=1356208865.1654779807&_u=YGDAgEABAAAAAG~&z=250601442
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.ngpvan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 09 Jun 2022 13:03:26 GMT
content-type
text/plain
access-control-allow-origin
https://secure.ngpvan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEABAAAAAC~&jid=1799591446&gjid=347967504&cid=191744000.1654779807&tid=UA-28243511-23&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FAV%2FAVNMW%2F1%2F25123&cd3=5043727&cd5=2022%20PBN%20Survey%20%232&cd6=jb_mvvcEhEKzngnDwxNvDA2&z=1464522334
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=PetitionForm&ea=Form%20Load&el=Minimal&ev=27&_u=YGDAgEABAAAAAG~&jid=&gjid=&cid=191744000.1654779807&tid=UA-28243511-23&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FAV%2FAVNMW%2F1%2F25123&cd3=5043727&cd5=2022%20PBN%20Survey%20%232&cd6=jb_mvvcEhEKzngnDwxNvDA2&z=526678577
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Processing&utt=12&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=191744000.1654779807&tid=UA-28243511-22&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&z=1941218338
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Render&utt=83&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=191744000.1654779807&tid=UA-28243511-22&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&z=247122770
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Fill&utt=14&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=191744000.1654779807&tid=UA-28243511-22&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&z=848727665
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Form&utt=265&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=191744000.1654779807&tid=UA-28243511-22&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&z=1515879235
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1530488320&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2Fjb_mvvcEhEKzngnDwxNvDA2&ul=en-us&de=UTF-8&dt=MFPE%20State%20Employee%20Pre-Budget%20Priorities%20Survey%20%232&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Total&utt=343&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=191744000.1654779807&tid=UA-28243511-22&_gid=1356208865.1654779807&gtm=2wg6605L2FSL&z=1530573280
Requested by
Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.ngpvan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jun 2022 01:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41113
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
nvtag
profile.ngpvan.com/v2/data/LaobsHia1c_MwSkkhXBVUaqT/
2 B
770 B
XHR
General
Full URL
https://profile.ngpvan.com/v2/data/LaobsHia1c_MwSkkhXBVUaqT/nvtag
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://secure.ngpvan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:27 GMT
content-encoding
gzip
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
server
Microsoft-IIS/10.0
x-powered-by
Express, ASP.NET
vary
Origin,Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://secure.ngpvan.com
x-iinfo
10-49743954-49743959 NNNN CT(160 321 0) RT(1654779805867 50) q(0 0 5 -1) r(7 7) U5
access-control-allow-credentials
true
content-length
123
x-cdn
Imperva
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.106.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://secure.ngpvan.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
content-length
0
date
Thu, 09 Jun 2022 13:03:27 GMT
x-content-type-options
nosniff
track
dc.services.visualstudio.com/v2/
96 B
282 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.106.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
31011b0ffcd6e342bd17900f2f36303e05a55db177ba6a9e6ead8df061554f77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.ngpvan.com/
accept-language
de-DE,de;q=0.9
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
CD31816A-2D9E-4C63-B6E6-C5FEFDB26FC8
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Thu, 09 Jun 2022 13:03:27 GMT
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length
96
LaobsHia1c_MwSkkhXBVUaqT
secure.everyaction.com/Databag/Profile/
0
1020 B
XHR
General
Full URL
https://secure.everyaction.com/Databag/Profile/LaobsHia1c_MwSkkhXBVUaqT
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://secure.ngpvan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 13:03:27 GMT
x-content-type-options
nosniff
x-cdn
Imperva
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://secure.ngpvan.com
x-iinfo
11-80949814-80949827 NNNN CT(87 180 0) RT(1654779806797 33) q(0 0 2 1) r(5 5) U11
access-control-expose-headers
Request-Context
cache-control
private
access-control-allow-credentials
true
content-security-policy
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
LaobsHia1c_MwSkkhXBVUaqT
secure.ngpvan.com/Databag/Profile/
0
228 B
XHR
General
Full URL
https://secure.ngpvan.com/Databag/Profile/LaobsHia1c_MwSkkhXBVUaqT
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://secure.ngpvan.com/jb_mvvcEhEKzngnDwxNvDA2
Request-Id
|85831a86890341b2a23f26eae48d8b6e.beadadd5a2124f7f
traceparent
00-85831a86890341b2a23f26eae48d8b6e-beadadd5a2124f7f-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Request-Context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

Response headers

date
Thu, 09 Jun 2022 13:03:27 GMT
x-content-type-options
nosniff
x-cdn
Imperva
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
x-iinfo
13-94184184-94184191 PNNN RT(1654779804258 2515) q(0 0 0 -1) r(1 1) U11
access-control-expose-headers
Request-Context
cache-control
private
content-security-policy
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation string| sdkInstance string| aiName object| aisdk string| appInsightsSDK object| appInsights function| handleScriptLoadError object| dataLayer boolean| exileHeaderAndFooter object| e function| n object| Microsoft object| google_tag_manager function| _ object| CSSModal object| intlTelInputGlobals function| intlTelInput object| nvtag object| _gaq object| Backbone object| atLayer function| _jqjsp object| user object| nvtag_plugins function| cardFromNumber function| cardFromType function| luhnCheck function| hasTextSelected function| safeVal function| replaceFullWidthChars function| reFormatNumeric function| reFormatCardNumber function| formatCardNumber function| formatBackCardNumber function| reFormatExpiry function| formatExpiry function| formatForwardExpiry function| formatForwardSlashAndSpace function| formatBackExpiry function| reFormatCVC function| restrictNumeric function| restrictCardNumber function| restrictExpiry function| restrictCVC function| setCardType object| _gat object| google_tag_data string| GoogleAnalyticsObject function| ga object| formview number| _rollbarStartTime function| rollbar boolean| _rollbarDidLoad object| VgForm object| SecureForm object| VGSCollect object| gaplugins object| gaGlobal object| gaData object| intlTelInputUtils

22 Cookies

Domain/Path Name / Value
.ngpvan.com/ Name: visid_incap_1002065
Value: guFsOzKqTOKLLEJxpWpvgJzvoWIAAAAAQUIPAAAAAABFMea9ziL1XqIzy3W6nMEa
.ngpvan.com/ Name: nlbi_1002065
Value: 1GybDFRp/lTivIeI0IOYSwAAAABBFAifQ6RngClirpJ6y+sr
.ngpvan.com/ Name: incap_ses_245_1002065
Value: qyKjEDM/jVvNTja31mpmA5zvoWIAAAAAHx5b6MsLkWsXvP8mivQzpQ==
.secure.ngpvan.com/ Name: TiPMix
Value: 46.57651464502308
.secure.ngpvan.com/ Name: x-ms-routing-name
Value: self
secure.ngpvan.com/ Name: ai_user
Value: il/cORfFRveP5fvJhFKQE5|2022-06-09T13:03:25.780Z
secure.ngpvan.com/ Name: ai_session
Value: oTpGkt5r/wpqwv8UP1b7Dc|1654779806089|1654779806089
.ngpvan.com/ Name: _ga
Value: GA1.2.191744000.1654779807
.ngpvan.com/ Name: visid_incap_972453
Value: BB2l7cMjTO657CQxTF3MU53voWIAAAAAQUIPAAAAAABWJIafda3JMVj66rJtODbp
.ngpvan.com/ Name: nlbi_972453
Value: kutpbPmR7AWYYRiC+GeOKAAAAABiKacPmIrTNOs6J8gu7/JQ
.ngpvan.com/ Name: incap_ses_245_972453
Value: SIlVcbnqPEwMUDa31mpmA53voWIAAAAA1cr6Ic4H1bgn+hoeHViCuw==
.ngpvan.com/ Name: _gid
Value: GA1.2.1356208865.1654779807
.ngpvan.com/ Name: _gat_UA-28243511-22
Value: 1
.ngpvan.com/ Name: _dc_gtm_UA-28243511-23
Value: 1
.ngpvan.com/ Name: visid_incap_2233503
Value: Gba+Z6FQSxiC7P6bLUue5J3voWIAAAAAQUIPAAAAAADwQnFuShZ8MRlui4pxR5R/
.ngpvan.com/ Name: nlbi_2233503
Value: MOZ9KtdU0DJEM2HgvIV21QAAAAAUlbmeTJIzUcSeHad6hDEB
.ngpvan.com/ Name: incap_ses_245_2233503
Value: i+kxEis5vgLRTza31mpmA53voWIAAAAAoeqBWXy0L3GAYwabVSxAJw==
profile.ngpvan.com/ Name: ngpvanuser
Value: LaobsHia1c_MwSkkhXBVUaqT
.ngpvan.com/ Name: ProfileDatabagId
Value: LaobsHia1c_MwSkkhXBVUaqT
.secure.everyaction.com/ Name: TiPMix
Value: 44.10785740957647
.secure.everyaction.com/ Name: x-ms-routing-name
Value: self
.everyaction.com/ Name: ProfileDatabagId
Value: LaobsHia1c_MwSkkhXBVUaqT

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az416426.vo.msecnd.net
dc.services.visualstudio.com
fastaction.ngpvan.com
js2.verygoodvault.com
nvlupin.blob.core.windows.net
profile.ngpvan.com
secure.everyaction.com
secure.ngpvan.com
ssl.google-analytics.com
static.everyaction.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
13.69.106.216
20.60.58.97
2600:9000:2156:1400:14:79be:a380:93a1
2600:9000:21f3:6000:3:1d53:4780:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2a00:1450:4001:811::200e
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2008
2a00:1450:400c:c08::9b
45.60.33.183
07b72cdaf7705e1ddffbb3cb0f419220fcbd53357f84bb7e1a69b2cacda0f310
0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799
1da880075013fc0d3813d127fca4c4eba4954497c6a046a847dfbd495bf6e684
1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756
2035729b940cec350488aad775a395fc25635f1e25644e6b75fe990590cdf1e0
2c5a5f92d9cf1bb0489e6034b9d292afe73863ab26fe5193039fe79b9c47dd1c
2decb492a5b143c935ba3f8b6a9a1dc970335e8981fb5f42b3ee7966735eeb16
2eee1a6db3cae26be8e355556d8092f0f7bde53e602f60051db2125e7a5dd8da
31011b0ffcd6e342bd17900f2f36303e05a55db177ba6a9e6ead8df061554f77
3b40e489a5f00a3459710925682f2035cb1e3c03ef8f433ca43bc742a1b64646
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
450c11968152d6120b39f80fe8de61e4284ee3f8555aa6d4f95905da97d565cb
4a52bd15d49c421b4257b9f64e360220a40f68d0f5daf2fee1994cb6302e759a
4d9fa995211a92f7466735bf5581e970c7199f3d90656abe32c2c2426e036df3
623e8b4ba0e94301901af5fade6b1dedf64e57e21bb739552490963b1408f91b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8496a94dcfd779693def6ae3e607a923fece02f38491ef1462e7cb51cab12e7d
92d20b6e55111266f61347ec04f0fd23e9f1abe3138150196ce6674d8ba529ea
9412e2dc8a64d642f1b8fe4d2402afd9d9a2c48ec903e08c290748091d67ce5b
a07a14b1a9190f5fc794d9e7aa2c26e89d0f946e1b03e17f5e01ff1a4ce2ae47
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ac769b4e8787efcdb7191bdb71f72252af9abdd56d0db66a44a468f7a9ea13ad
b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985
b8f056aae9cc425e4299db3cb8c644d9827a7107594cb8e6ad2226ae7d99b7a9
bd7717cd4f93abc9de5a76ca86561929f03033a0e254ef53f7d0b92e557f14a3
dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79adb1ae3d535afcba7e590308ed945ffed14b5198efd6d163d600a8e790bea
fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc