windhamzzme.buzz Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

URL: https://windhamzzme.buzz/Citizens/citizens/
Submission: On October 12 via api from JP — Scanned from NL

Summary

This website contacted 31 IPs in 8 countries across 29 domains to perform 109 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is windhamzzme.buzz.
TLS certificate: Issued by E1 on October 11th 2022. Valid for: 3 months.
This is the only time windhamzzme.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
23 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 65.9.66.95 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 151.101.65.175 54113 (FASTLY)
7 65.9.66.24 16509 (AMAZON-02)
22 2a02:26f0:470... 20940 (AKAMAI-ASN1)
4 178.249.101.23 11054 (LIVEPERSON)
1 8 54.76.60.98 16509 (AMAZON-02)
3 178.249.101.99 11054 (LIVEPERSON)
8 178.249.101.98 11054 (LIVEPERSON)
1 52.209.199.248 16509 (AMAZON-02)
1 15.236.176.210 16509 (AMAZON-02)
1 1 34.251.26.3 16509 (AMAZON-02)
1 35.244.174.68 15169 (GOOGLE)
1 1 2.18.232.236 16625 (AKAMAI-AS)
2 208.89.15.170 11054 (LIVEPERSON)
2 3 142.250.184.226 15169 (GOOGLE)
2 2a02:26f0:e30... 20940 (AKAMAI-ASN1)
1 1 193.0.160.129 54312 (ROCKETFUEL)
1 1 3.120.214.218 16509 (AMAZON-02)
1 2a02:26f0:470... 20940 (AKAMAI-ASN1)
2 2 34.254.133.1 16509 (AMAZON-02)
8 8 151.101.130.49 54113 (FASTLY)
1 69.173.144.139 26667 (RUBICONPR...)
1 2 185.80.39.216 27381 (CASALE-MEDIA)
3 208.89.12.87 11054 (LIVEPERSON)
1 2 37.252.172.123 29990 (ASN-APPNEX)
1 35.244.159.8 15169 (GOOGLE)
1 185.64.190.80 62713 (AS-PUBMATIC)
1 2 185.94.180.125 35220 (SPOTX-AMS)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 2 54.81.131.196 14618 (AMAZON-AES)
3 54.235.78.87 14618 (AMAZON-AES)
1 35.241.45.82 15169 (GOOGLE)
1 1 2.16.186.24 20940 (AKAMAI-ASN1)
1 2.16.186.40 20940 (AKAMAI-ASN1)
1 2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a02:26f0:470... 20940 (AKAMAI-ASN1)
109 31
Apex Domain
Subdomains
Transfer
23 windhamzzme.buzz
windhamzzme.buzz
266 KB
22 citizensbankonline.com
www4.citizensbankonline.com — Cisco Umbrella Rank: 168722
225 KB
11 lpsnmedia.net
accdn.lpsnmedia.net — Cisco Umbrella Rank: 4572
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 4874
723 KB
9 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1620
sync-tm.everesttech.net — Cisco Umbrella Rank: 930
2 KB
9 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 293
citizensbank.demdex.net — Cisco Umbrella Rank: 76137
12 KB
9 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 4537
va.idp.liveperson.net — Cisco Umbrella Rank: 16996
va.v.liveperson.net — Cisco Umbrella Rank: 5447
118 KB
7 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3863
68 KB
4 akamaihd.net
trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 2895
l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 2894
eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net
1 KB
4 kampyle.com
nebula-cdn.kampyle.com — Cisco Umbrella Rank: 6159
udc-neb.kampyle.com — Cisco Umbrella Rank: 3430
114 KB
3 glassboxdigital.io
report.citizen.glassboxdigital.io — Cisco Umbrella Rank: 72427
4 KB
3 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 304
899 B
3 appdynamics.com
cdn.appdynamics.com — Cisco Umbrella Rank: 4974
80 KB
2 rkdms.com
mid.rkdms.com — Cisco Umbrella Rank: 1502
71 B
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 835
1 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 334
2 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 908
1 KB
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 1102
586 B
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1898
c.go-mpulse.net — Cisco Umbrella Rank: 738
51 KB
2 citizensbank.com
smetrics.citizensbank.com — Cisco Umbrella Rank: 89148
www.citizensbank.com — Cisco Umbrella Rank: 118725
2 KB
2 glassboxcdn.com
cdn.glassboxcdn.com — Cisco Umbrella Rank: 17845
223 KB
1 akstat.io
68794905.akstat.io — Cisco Umbrella Rank: 23702
203 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 115
562 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 1513
225 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 708
273 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 493
239 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1457
418 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 1227
733 B
1 addthis.com
x.dlx.addthis.com — Cisco Umbrella Rank: 2094
175 B
1 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 596
98 B
109 29
Domain Requested by
23 windhamzzme.buzz windhamzzme.buzz
cdn.glassboxcdn.com
cdn.appdynamics.com
22 www4.citizensbankonline.com windhamzzme.buzz
www4.citizensbankonline.com
8 sync-tm.everesttech.net 8 redirects
8 lpcdn.lpsnmedia.net cdn.appdynamics.com
8 dpm.demdex.net 1 redirects windhamzzme.buzz
7 nexus.ensighten.com windhamzzme.buzz
cdn.appdynamics.com
4 lptag.liveperson.net windhamzzme.buzz
cdn.appdynamics.com
3 report.citizen.glassboxdigital.io cdn.glassboxcdn.com
3 va.v.liveperson.net cdn.appdynamics.com
3 cm.g.doubleclick.net 2 redirects windhamzzme.buzz
3 accdn.lpsnmedia.net cdn.appdynamics.com
lpcdn.lpsnmedia.net
3 nebula-cdn.kampyle.com windhamzzme.buzz
cdn.appdynamics.com
3 cdn.appdynamics.com windhamzzme.buzz
cdn.appdynamics.com
2 mid.rkdms.com 1 redirects windhamzzme.buzz
2 sync.search.spotxchange.com 1 redirects windhamzzme.buzz
2 ib.adnxs.com 1 redirects windhamzzme.buzz
2 dsum-sec.casalemedia.com 1 redirects windhamzzme.buzz
2 sync.crwdcntrl.net 2 redirects
2 va.idp.liveperson.net cdn.appdynamics.com
va.idp.liveperson.net
2 cdn.glassboxcdn.com windhamzzme.buzz
cdn.appdynamics.com
1 www.citizensbank.com
1 eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net
1 trial-eum-clienttons-s.akamaihd.net 1 redirects
1 l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net
1 trial-eum-clientnsv4-s.akamaihd.net 1 redirects
1 udc-neb.kampyle.com
1 68794905.akstat.io s.go-mpulse.net
1 www.facebook.com windhamzzme.buzz
1 image2.pubmatic.com windhamzzme.buzz
1 us-u.openx.net windhamzzme.buzz
1 pixel.rubiconproject.com windhamzzme.buzz
1 c.go-mpulse.net s.go-mpulse.net
1 ps.eyeota.net 1 redirects
1 p.rfihub.com 1 redirects
1 s.go-mpulse.net windhamzzme.buzz
1 x.dlx.addthis.com 1 redirects
1 idsync.rlcdn.com windhamzzme.buzz
1 cm.everesttech.net 1 redirects
1 smetrics.citizensbank.com cdn.glassboxcdn.com
1 citizensbank.demdex.net cdn.appdynamics.com
109 40

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
jobs.citizensbank.com
www4.citizensbankonline.com
investor.citizensbank.com
Subject Issuer Validity Valid
*.windhamzzme.buzz
E1
2022-10-11 -
2023-01-09
3 months crt.sh
*.appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-17 -
2023-07-22
a year crt.sh
glassboxcdn.com
Cloudflare Inc ECC CA-3
2022-04-01 -
2023-04-01
a year crt.sh
*.kampyle.com
GlobalSign Atlas R3 DV TLS CA 2022 Q1
2022-02-22 -
2023-03-26
a year crt.sh
nexus.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-07 -
2023-10-14
a year crt.sh
citizensbankonline.com
Entrust Certification Authority - L1M
2022-04-13 -
2023-04-13
a year crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2022-04-26 -
2023-04-26
a year crt.sh
*.lpsnmedia.net
Sectigo RSA Organization Validation Secure Server CA
2022-02-07 -
2023-02-07
a year crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1
2022-09-26 -
2023-10-27
a year crt.sh
smetrics.citizensbank.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-24 -
2023-07-25
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2022-02-03 -
2023-02-25
a year crt.sh
*.idp.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2022-06-09 -
2023-06-09
a year crt.sh
akstat.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-15 -
2023-04-19
a year crt.sh
*.v.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2022-03-22 -
2023-03-22
a year crt.sh
citizen.glassboxdigital.io
Amazon
2021-11-19 -
2022-12-17
a year crt.sh
www.citizensbank.com
Entrust Certification Authority - L1M
2022-07-01 -
2023-07-01
a year crt.sh

This page contains 6 frames:

Primary Page: https://windhamzzme.buzz/Citizens/citizens/
Frame ID: F19D578403BA8A34F747A3156D5BED9F
Requests: 84 HTTP requests in this frame

Frame: https://citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 3132E9E2ED2A551789F9B27D5FBBD3D8
Requests: 16 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=https%3A%2F%2Fwindhamzzme.buzz&site=89632304&env=prod&isCrossDomain=true
Frame ID: 7FDDC2765170491CDED103F1267A0A19
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1665618745010&loc=https%3A%2F%2Fwindhamzzme.buzz
Frame ID: F287D3A5D14D51217011E5650ABC54DB
Requests: 2 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Frame ID: 09EA44FD7478E08C34DA17D5B2D4E0F9
Requests: 4 HTTP requests in this frame

Frame: https://windhamzzme.buzz/Citizens/citizens/data/storage.html
Frame ID: 827FE42D7E4016C78ED399A35C25936C
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Online Login | Citizens

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adrum

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

109
Requests

83 %
HTTPS

21 %
IPv6

29
Domains

40
Subdomains

31
IPs

8
Countries

1887 kB
Transfer

5211 kB
Size

31
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1665618744484 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1665618744484
Request Chain 56
  • https://cm.everesttech.net/cm/dd?d_uuid=45722106828444985521759873122212631497 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0dTOAAAAJQSMAN6
Request Chain 62
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=45722106828444985521759873122212631497&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20 HTTP 301
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022101223522500010455064802
Request Chain 64
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDU3MjIxMDY4Mjg0NDQ5ODU1MjE3NTk4NzMxMjIyMTI2MzE0OTc= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NDU3MjIxMDY4Mjg0NDQ5ODU1MjE3NTk4NzMxMjIyMTI2MzE0OTc=&google_tc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEOXGljOauTTBniJ1PO98G34&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 67
  • https://p.rfihub.com/cm?in=1&pub=7085 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588521719255851
Request Chain 68
  • https://ps.eyeota.net/match?bid=6j5b2cv&uid=45722106828444985521759873122212631497&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
Request Chain 70
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=45722106828444985521759873122212631497?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=45722106828444985521759873122212631497?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
Request Chain 71
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTBkVE9BQUFBSlFTTUFONg==
Request Chain 73
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y0dTOAAAAJQSMAN6&expires=90
Request Chain 82
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y0dTOAAAAJQSMAN6 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y0dTOAAAAJQSMAN6&C=1
Request Chain 84
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://ib.adnxs.com/setuid?entity=158&code=Y0dTOAAAAJQSMAN6 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY0dTOAAAAJQSMAN6
Request Chain 85
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y0dTOAAAAJQSMAN6
Request Chain 86
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y0dTOAAAAJQSMAN6
Request Chain 87
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y0dTOAAAAJQSMAN6&img=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y0dTOAAAAJQSMAN6&img=1&__user_check__=1&sync_id=ec81955f-4a88-11ed-a881-1fd522ee0406
Request Chain 88
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y0dTOAAAAJQSMAN6&t=2592000&o=0
Request Chain 89
  • https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=45722106828444985521759873122212631497&_ct=img HTTP 302
  • https://mid.rkdms.com/restricted
Request Chain 102
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pddzwcy33 HTTP 302
  • https://l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net/eum/results.txt
Request Chain 103
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pddzwcy33 HTTP 302
  • https://eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net/eum/results.txt

109 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
windhamzzme.buzz/Citizens/citizens/
45 KB
13 KB
Document
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d720cad36f7d04e6ed10fd33d22ba5040927dfdde6c48aa8ee87414cd152d76

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7593bfbe3e32bb9e-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 12 Oct 2022 23:52:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Ho%2FcuhgtPXSt78P8bdDsS35P6uyU0UBsOSJM9E0Dw8zmYnh94%2FWF0pVuVgGGArDEhqMKRsAFJJonHzAjDokP%2FxfrLY%2B9stp%2BK5YOD3TAnoGZi7a01e%2BeAs4wC%2FY7OyrCOlOYalGSycUdSmEvTq7"}],"group":"cf-nel","max_age":604800}
server
cloudflare
adrum-ext.59191791453ae6311081a09b4cf33c2d.js
cdn.appdynamics.com/
51 KB
20 KB
Script
General
Full URL
https://cdn.appdynamics.com/adrum-ext.59191791453ae6311081a09b4cf33c2d.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-95.fra56.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
e490994ad61a64454e06354b4c74756269548b48e8bd476b35762d713ccb8c86

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 02:24:25 GMT
content-encoding
gzip
via
1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
941279
x-cache
Hit from cloudfront
last-modified
Wed, 21 Jul 2021 17:52:36 GMT
server
nginx/1.16.1
etag
W/"60f85ee4-ccbc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2678400, s-max-age=14400
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
vsFX3ED4cSsIffghVHcSPXGWseHLicfiYNqVaHt5a9A6N83Hqg6TiQ==
detector-dom.min.js
cdn.glassboxcdn.com/citizen/OLB/p/
364 KB
112 KB
Script
General
Full URL
https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
x-amz-version-id
bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding
gzip
cf-cache-status
HIT
via
1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
6874
x-cache
Hit from cloudfront
last-modified
Thu, 13 May 2021 10:48:21 GMT
server
cloudflare
etag
W/"845173368b011e7fa14658b57426fe09"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
7593bfc03dde9202-FRA
x-amz-cf-id
UV9DTLjwNxkD6S23fGa-51R7a9XBwE8EJ6Rer3Zfc23faSyCDwZoLg==
expires
Thu, 13 Oct 2022 03:52:24 GMT
embed.js
nebula-cdn.kampyle.com/wu/356861/onsite/
1 KB
940 B
Script
General
Full URL
https://nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4ba8fc34aa3793516de38635653f6a69d9ff1e9f14880f6b6df52d00bcfdad4c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
P0vUE_TJe.yQCf1POgYtfWkHzc0CIb7I
content-encoding
gzip
via
1.1 varnish
date
Wed, 12 Oct 2022 23:52:24 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
QJRMA58BMA560227
age
613139
x-cache
HIT
content-length
517
x-amz-id-2
24kWpgpwSiAzZPA3z/E7FgAGM4oGZybaFI7heodzK7SqbNuA83P1SvziaoenGXmrEVNoyoiKHeM=
x-served-by
cache-ams21034-AMS
last-modified
Wed, 05 Oct 2022 21:33:25 GMT
server
AmazonS3
x-timer
S1665618744.340157,VS0,VE0
etag
"8b72f36bbd0721428f49dda9c3bd04ac"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
x-cache-hits
32
adrum-latest.js
cdn.appdynamics.com/adrum/
109 KB
40 KB
Script
General
Full URL
https://cdn.appdynamics.com/adrum/adrum-latest.js?
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-95.fra56.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
a4ea3de02f4ec1874478b152a09b89aecc2fc4f63ae2a4208ee8fb6585cebb11

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Tue, 20 Sep 2022 17:25:06 GMT
content-encoding
gzip
via
1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
1924038
x-cache
Hit from cloudfront
last-modified
Tue, 06 Sep 2022 21:05:13 GMT
server
nginx/1.16.1
etag
W/"6317b609-1b2d9"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2678400, s-max-age=14400
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dFuiBSk1539LprEL7JL3GMJ0v0pJvbSs-ehqhALELANA3ToLV4qf2Q==
8551dd7fcee1fd2889578f827080ad62.js
nexus.ensighten.com/citizensbank/olbprod/code/
15 B
482 B
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/code/8551dd7fcee1fd2889578f827080ad62.js?conditionId0=4842183
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
aoJA4xuOoFemAhjg4lZAdeni.2iMq5FL
date
Wed, 12 Oct 2022 23:52:26 GMT
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
content-length
15
last-modified
Fri, 22 Jul 2022 23:48:01 GMT
server
AmazonS3
etag
"ffe905f50d9b47e6353b68513c4d48ac"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
-GirRuHUZlCVmofJK1-LrEw8nUMPK7IZg7FFtLVXC-nBcFC8_Dzf5Q==
e1e7d705b52d64878487641c8c7b1a06.js
nexus.ensighten.com/citizensbank/olbprod/code/
15 B
462 B
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/code/e1e7d705b52d64878487641c8c7b1a06.js?conditionId0=421909
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:26 GMT
x-amz-version-id
aoJA4xuOoFemAhjg4lZAdeni.2iMq5FL
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
last-modified
Fri, 22 Jul 2022 23:48:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-type
application/javascript
cache-control
no-cache, no-store
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
15
x-amz-cf-id
skl4We1eEyqla-cjOMegEODPGo5gedoLHtEkYXe0Mqie1qZeJQ2w2A==
serverComponent.php
nexus.ensighten.com/citizensbank/olbprod/
514 B
818 B
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Tue%20Mar%2022%2018:34:33%20GMT%202022&ClientID=397&PageID=https%3A%2F%2Fwww4.citizensbankonline.com%2Fefs%2Fservlet%2Fefs%2Flogin.jsp
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
c8e977ce7ef24c640495bb1441eec809c774393711d5e88b6dd8e5cb8d2d748e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
no-cache, no-store
content-length
514
x-amz-cf-id
mPMCOfQ_GNQGvXVR8V3m9GPEmyYws9Oa2PtI1ZzCr2wppCbo9sD2pA==
expires
Wed, 12 Oct 2022 23:52:23 GMT
Bootstrap.js
nexus.ensighten.com/citizensbank/olbprod/
102 KB
31 KB
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5adb5d548656117fa0e82394f44d4e2669d40ffbc850ad928e03dd774c8b4938

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 04:24:24 GMT
x-amz-version-id
6VlOzl96zfTglXsm.ylgZ_Vxg_x9B5Dp
content-encoding
br
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
70081
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Wed, 12 Oct 2022 04:24:01 GMT
server
AmazonS3
etag
W/"e28169ebc267a281e5ca0d996e98214e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
x-amz-cf-id
SaEWiE-GjIJHVblnF4aWZVB8cG4AIzO2WRmF61kg1VvjGU68QxSlcw==
pm_fp.js
www4.citizensbankonline.com/efs/efs/jsp-ns/
23 KB
6 KB
Script
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=34
content-length
5739
x-olb-req-received
t=1664624438144259
last-modified
Sat, 01 Oct 2022 11:43:08 GMT
server
Akamai Resource Optimizer
etag
"5cbf-5e886c8b6c3b5"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=1088
jquery-ui-1.10.3.custom.min.css
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
19 KB
3 KB
Stylesheet
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=64
content-length
3118
x-olb-req-received
t=1664624440428594
last-modified
Sat, 01 Oct 2022 11:43:19 GMT
server
Akamai Resource Optimizer
etag
"4a56-5e886c8b6c3b5"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=773
normalize.css
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=59
content-length
2300
x-olb-req-received
t=1664624440392498
last-modified
Sat, 01 Oct 2022 11:43:14 GMT
server
Akamai Resource Optimizer
etag
"26c2-5e886c8b6c3b5"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=554
main.css
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
61 KB
11 KB
Stylesheet
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=53
content-length
10382
x-olb-req-received
t=1664624440270119
last-modified
Sat, 01 Oct 2022 11:46:01 GMT
server
Akamai Resource Optimizer
etag
"f405-5e886c8b785c9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=2547
flows.css
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
8 KB
2 KB
Stylesheet
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 01:45:50 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=49
content-length
1975
x-olb-req-received
t=1664624440356301
last-modified
Mon, 03 Oct 2022 09:48:10 GMT
server
Akamai Resource Optimizer
etag
"21ce-5e886c8b77629"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=6805
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=672
ad-containers.css
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=44
content-length
1227
x-olb-req-received
t=1664624436070058
last-modified
Sat, 01 Oct 2022 11:45:10 GMT
server
Akamai Resource Optimizer
etag
"1dd4-5e886c8b764a9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=406
modernizr-2.6.2.min.js
www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/
15 KB
6 KB
Script
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=15
content-length
5535
x-olb-req-received
t=1664624436071290
last-modified
Sat, 01 Oct 2022 11:42:26 GMT
server
Akamai Resource Optimizer
etag
"3c36-5e886c8b6cf6d"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=797
jquery-1.9.1.min.js
www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/
90 KB
29 KB
Script
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:56 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=20
content-length
29409
x-olb-req-received
t=1664624512527941
last-modified
Sat, 01 Oct 2022 11:42:54 GMT
server
Akamai Resource Optimizer
etag
"169d6-5e886c8b789b1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=45451
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=4859
plugins.js
www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/
199 KB
38 KB
Script
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=25
content-length
38875
x-olb-req-received
t=1664624440293448
last-modified
Sat, 01 Oct 2022 11:46:23 GMT
server
Akamai Resource Optimizer
etag
"31d24-5e886c8b78002"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=8301
main.js
www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/
19 KB
4 KB
Script
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=29
content-length
3967
x-olb-req-received
t=1664624436115425
last-modified
Sat, 01 Oct 2022 11:43:04 GMT
server
Akamai Resource Optimizer
etag
"4c03-5e886c8b6cf6d"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=798
placeholders.min.js
www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/
4 KB
2 KB
Script
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires
Thu, 13 Oct 2022 12:29:54 GMT
date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
strict-transport-security
max-age=15768000
server-timing
cdn-cache; desc=HIT, edge; dur=10
content-length
1394
x-olb-req-received
t=1664624436058972
last-modified
Sat, 01 Oct 2022 11:42:28 GMT
server
Akamai Resource Optimizer
etag
"10aa-5e886c8b79181"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=45449
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=451
tag.js
lptag.liveperson.net/tag/
0
0
Script
General
Full URL
https://lptag.liveperson.net/tag/tag.js?site=83789770
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

.jsonp
lptag.liveperson.net/lptag/api/account/83789770/configuration/applications/taglets/
0
0
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/83789770/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

citizensns.min.46109.css
www4.citizensbankonline.com/efs/hhf/css/
0
0
Stylesheet
General
Full URL
https://www4.citizensbankonline.com/efs/hhf/css/citizensns.min.46109.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

CTZ_Green-01.png
www4.citizensbankonline.com/efs/hhf/img/
5 KB
5 KB
Image
General
Full URL
https://www4.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=120
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624436693627
strict-transport-security
max-age=15768000
last-modified
Sat, 10 Sep 2022 04:49:38 GMT
etag
"149d-5e84b63cc8c7b"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=154894
server-timing
cdn-cache; desc=HIT, edge; dur=6
accept-ranges
bytes
content-length
5277
lb-action
None
expires
Fri, 14 Oct 2022 18:53:59 GMT
feedback.png
windhamzzme.buzz/Citizens/citizens/data/
824 B
1 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/feedback.png
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENg7RrYV3nHxI1wS8uWPvYnLCRCRxh1AILc6czyITANnzFpBE3XcwOqznxMl8mdnSS%2F5Gaat1n3s11ZlfkT2ZIOdsJ3QNmRjfWYOuYQAB1bZaltTyguejm9Uw%2BpQQNNpOUNR05s0JPRM9uxMvB1R"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc0e911bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
824
equal-housing.gif
windhamzzme.buzz/Citizens/citizens/data/
1 KB
1 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/equal-housing.gif
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTRjHHCBcp0r9NM6oGgHwRLIjVHiq1gikr4rzMqan%2BQdjrIdBUifOczl4YEwjRA2b95g7GRErU9WzXkiIzil0AfR58cv%2BUn5rxrll52Q45tnJG6y3kh1veDPy9Ug0khW497bKbjb8uCxJ9ie1tCc"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc0e914bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1134
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1665618744484
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1665618744484
4 KB
2 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1665618744484
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b5422adb792178cefebbefeaac24d9ffc99d512be3f75271b248e0cc8d5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-0460362a2.edge-irl1.demdex.com 8 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
K3R2ISObSX0=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://windhamzzme.buzz
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1321
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-1-v044-038a43fef.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
e3zW4Z5QQ8A=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://windhamzzme.buzz
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1665618744484
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
footer-follow-facebook.png
windhamzzme.buzz/Citizens/citizens/data/
395 B
677 B
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/footer-follow-facebook.png
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jf9neYuaikgdbZufsIteK9pxvWn5YbCShErVbPhVkpCPtxrQGMp3wtdwUktGv7bk3o63B2MZQ7K9e1TzlHpAKml6HrnS1EfOWWXZcV%2Bms7dP53MKpOHDYyYnhIbGSTP%2Fsj6myqayBhsTFFIueLIl"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc12967bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
395
footer-follow-twitter.png
windhamzzme.buzz/Citizens/citizens/data/
3 KB
4 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/footer-follow-twitter.png
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:25 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pvGNVfJSiPDL%2FSa7UY%2FiUQPPnMnUBrGLmAB3kIEhrtGvOHEGEIbc1O2YXtRCxOY2r6t2ro6qgzQhBvWXEJLKR9F6BlZDZ3y59GCiWRD6KUPSV%2FZAZ9MB%2BCAI8yHxIiWVQM%2FAl7%2FDQu0AxfS4oCei"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc12974bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3295
footer-follow-linkedin.png
windhamzzme.buzz/Citizens/citizens/data/
3 KB
3 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/footer-follow-linkedin.png
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unZeoafxvrKVOskKQIuE%2Bcb%2BQs0yZV8eeAE5NQ0wRxyYklCI%2FrMauPTajKf09MGyI%2F4jGO09cgsoWi5Vk1RMZ%2FexubEcvCtinxKDHoLfeyLdExqHYjf0MuuEnjoaz1eHNoxo5nkkWXY5Qft9FPvg"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc12975bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3239
footer-follow-youtube.png
windhamzzme.buzz/Citizens/citizens/data/
3 KB
3 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/footer-follow-youtube.png
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:26 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M2dwFgmyAmmxpNU8mvKSTZa5E4sJiPLiFiaDLi8BeoiEL56qQ7CAWD0ZrRhnFewXadLIyls4oGv%2FteL5A7TBRmZX%2BDaTamzWtsvraSgsixhkbJZDeOAgEZbRYcBizv3GTtIXcKc5odbbdnhbwEaV"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc14990bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3278
elh.gif
windhamzzme.buzz/Citizens/citizens/data/
1 KB
2 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/elh.gif
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:28 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9lene8LhnUCzghMvR8Xu4SE%2BDm8db7SffujofcNaE3HvTGreJO0Lw8clJIDSrDqarSBQceEaSfTmvi%2BBp0I%2FxdVXfMzQLVKhqEtKVi3rGEQr3XhhOM6mbLHLJGInoA9Rs1NVyGL8%2BWUwwwW0AgvL"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc14991bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1433
fdicFooter.gif
windhamzzme.buzz/Citizens/citizens/data/
2 KB
3 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/fdicFooter.gif
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:27 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TU43qey5mNMVe0WFfO1HuvM08u8tfGhJU8HVYROwwNK5wa1522SL1Gc3YS7UaXjjcsWhXpyC%2BSNSeJ3zB7vU01ORPTzTuzDi9AtAh9Uq%2FyTIueQFbIwQjj8nuD4FRMj%2FICZqZ7xYirFew98n10vf"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfc14992bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2245
meta.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/meta.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCbRacMRitiVVt7FnEEkA1bR5%2FSNO6K0Je9pL9cU3wfbyMrJRj3pc6n%2FZohf8MxqaLrvgpFJ6RcVeTRDBrt3YytFqrhGYnV4DxYfQtLEtmTNkQpu8TkFJB1ckwmHLIb2BizEAOjbX%2B5JLNco96gp"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc12968bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
vendor.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/vendor.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tmHC%2FE6kLDte7g8wBLbaAT%2FbTazR8TVaDsofz8XXjnUO9efLPNhZJgbTRiLmvVFKm494%2BV4UzOGmxpthxACWYu9FaBFZHkVg16VmdhQ6iBT68PIr%2FCbIw9VIMGUXEehwtWXwbprTI08O1UicJ4Vv"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc1296bbb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pubsub.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/pubsub.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JX2IZkqwPt0zfLxlfflfD2iUnsakOTXQPjG5MgV%2BIxkbWwXFPuEICNjnpyPB9Hzl6A60L8L8mBEwYVknHkbvQnpHCfXAZHioASqUTOeaRQ%2BZSfNjLErGIcKj7kg0FLYm8Uw1V0v8tSc1rHgCKch4"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc1296ebb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
citizensHeaderFooter-citizensns.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/citizensHeaderFooter-citizensns.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:26 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1b8QudC7b7vnJOZZdn0EGc7WppuOIMlre6GN0D0%2FDgkH0VSy7cMUUJfpQCEi%2FdffgQYOyh1unrOG2BCCRudaRuHjLxYZEULISuiRnr%2B94DN34lIAdUThBtRX%2BNs4sTCa3Vv5dXqcqRwamUzoOfpQ"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc1296fbb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
app.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/app.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:27 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iL8a2zi3w8V7SUXOyeqduseSAR3pzilmotHQ41hPs2kzIJbn3cJNmGLwulLrHY%2BbgDEiC58QBAfVyQAAvoyAF3rKYeNrZrVkcQKsnhASSnsdy18XNevKNX%2BW3sUq50GlW2RvM%2B4J1wMHnTXp4cDY"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc14993bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
JSSEZWQw0C
windhamzzme.buzz/Citizens/citizens/data/
77 KB
77 KB
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/JSSEZWQw0C
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
cf-cache-status
DYNAMIC
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FuWMBGU8NnB5ZYvqlxrqKst5lknvsJcebVz8LWNuvnet11H7jYTMlcED9OujbE7w9lWV0QLwfxNWRYfROapW2zAaugYOBBlP%2FanO%2BPbalnXB%2BC%2BF5j3f%2FdT1YYKuo2GzNOtztSnX1r3SKSVR8nV"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7593bfc12971bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78590
sec-3-6.css
windhamzzme.buzz/Citizens/citizens/data/
2 KB
868 B
Stylesheet
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/sec-3-6.css
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25a7a102a22ad70761585350775304dd658ec1b2d79cfcba77d17ae70010a7c3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6JY9bujIUX1MeVdY3cE7%2FMHuVIsoQ%2B1eYdffSHKGyhvZuvthkQ8ADVydQrvnv7052lExvxPbRdVD%2Bqmu3KZJotWDkiDRet%2BEkdTKwiHKwdF93L%2BPlSDBuhHDJq8OhYJANMyG3H6EEuOHO3S7sVx"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7593bfc12972bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
sec-cpt-3-6.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/sec-cpt-3-6.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:27 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTDnskC2szH1L4Hr1HXjKhh%2BX5dl%2FZJbveMXLTVRsPrPTE3zYp966ozooHgAygkd1JQcuM9k%2FRsjGrDFIwMufTDRiy05orssuu0oEWxlgrsrUVjc781NwJ0zVT2ef78%2B6zVfHv0ivhBkXKvJfpLw"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc14994bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
generic1637355035732.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/generic1637355035732.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:27 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WjZ8VZ6EbTh0iJBNgoSY2Cx5sIlYqFvD0MIkkOAafXEDBimkgBk%2BABAIc%2FasKUkeD9Usu7xjYMXdOILubBLUfNsIGLOEi5AUZV%2F2sSL%2BG7TYvtkFnXETBVg%2BPfnU4nrgOhr2hepS3%2F4gqrxD0lqu"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc14995bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
storage.js
windhamzzme.buzz/Citizens/citizens/data/
0
0
Script
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/storage.js
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQRYFB5Tg33ab0rtmAlNEmz2a8g9qtRXuGf%2FsJ4IrVezBMIsCMd%2Bw5fOm49%2FGdX5cyzKsemJcld1XLW5IcK1HLmvAU%2B0UwrouD2HeGyh28zVPyKt44x%2FH0115n8N46V6pIdDl5EI3eafAjf%2F0p1g"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7593bfc12973bb9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
serverComponent.php
nexus.ensighten.com/citizensbank/olbprod/
401 B
705 B
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2012%2004:23:59%20GMT%202022&ClientID=397&PageID=https%3A%2F%2Fwindhamzzme.buzz%2FCitizens%2Fcitizens%2F
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
2a3eea062394c824b60d3604e44c66b53139c74394b76b510d9321c605b5bcf0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
no-cache, no-store
content-length
401
x-amz-cf-id
UKUfwi5GdIYYlLtYoKq4peOmle0oIDuWyJ4Kq-7EI--enVz1yqDSOw==
expires
Wed, 12 Oct 2022 23:52:23 GMT
tag.js
lptag.liveperson.net/tag/
21 KB
8 KB
Script
General
Full URL
https://lptag.liveperson.net/tag/tag.js?site=89632304
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=300; includeSubDomains
last-modified
Thu, 03 Sep 2020 08:27:49 GMT
server
ws
etag
"5f50a905-1d8f"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
7567
0f6386a3b63d9bbb3a5a73b133de89a7.js
nexus.ensighten.com/citizensbank/olbprod/code/
27 KB
5 KB
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/code/0f6386a3b63d9bbb3a5a73b133de89a7.js?conditionId0=421909
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad7f8c7c3c420d4836dafb15b1d5d1be4d29ffabe1d768888e4b01babcfdac49

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 03:57:12 GMT
x-amz-version-id
NiK352lECAFDggvv33Jq9naFD_ydY3Ez
content-encoding
br
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
71713
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Wed, 12 Oct 2022 03:57:00 GMT
server
AmazonS3
etag
W/"42ede44761b41779f967c114c118aa3e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
K6m0wZI8dxUaF8NeDvgNERAzpM82TVS7Z80dlXv_9MxKCnYI27IRow==
28663fdb1da63e0b261fc581f8084619.js
nexus.ensighten.com/citizensbank/olbprod/code/
88 KB
30 KB
Script
General
Full URL
https://nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3b531a8826aeb7dd365eb418b6aee5b8204f5e38c311f588ad75bbe7de570b16

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 04:24:14 GMT
x-amz-version-id
7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
content-encoding
br
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
70091
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Wed, 12 Oct 2022 04:24:01 GMT
server
AmazonS3
etag
W/"7f943d1386ac8d666a04c5f7c1aca6a2"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
PRFQWmQigaDnJt4zW0WzEFvQ89egRd564tPcadrq5zLTaIDidCh3bQ==
.jsonp
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/
278 KB
100 KB
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
e44704633dfece18430629409c2d9a9434e082280ecf86c84273e82768575d6d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
strict-transport-security
max-age=300; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
/
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/
7 KB
3 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-accdn.lpsnmedia.net
Software
ws /
Resource Hash
909957127d7134ea1ed1c005a622d937aa8aadff84d0b0a3b0e4ed8fcdec186e
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Wed, 12 Oct 2022 23:53:24 GMT
desktopEmbeddedStyle.js
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/resources/js/
592 KB
306 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/resources/js/desktopEmbeddedStyle.js?version=10.22.0.0-release_5548
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
07c9f195b802b98c0a702dd5f26467c81db912f5b272a407f7c4dea462ad4637
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 01 Oct 2022 02:35:46 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/
40 KB
15 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/ui-framework.js?version=10.22.0.0-release_5548
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 01 Oct 2022 02:35:40 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
UMSClientAPI.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/
88 KB
30 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/UMSClientAPI.min.js?version=10.22.0.0-release_5548
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 01 Oct 2022 02:35:39 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
lpChatV3.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/
92 KB
31 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/lpChatV3.min.js?version=10.22.0.0-release_5548
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 01 Oct 2022 02:35:39 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/
8 KB
3 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/surveylogicinstance.min.js?version=10.22.0.0-release_5548
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 01 Oct 2022 02:35:41 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
zones
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/
5 KB
2 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-accdn.lpsnmedia.net
Software
ws /
Resource Hash
23c49096a53731271078b6f05b9c5c8e504712d1971f8df05911c55051341840
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Wed, 12 Oct 2022 23:53:24 GMT
dest5.html
citizensbank.demdex.net/ Frame 3132
7 KB
3 KB
Document
General
Full URL
https://citizensbank.demdex.net/dest5.html?d_nsid=0
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.199.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-199-248.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://windhamzzme.buzz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v044-06a78a427.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
u5Mw01KFSTQ=
content-encoding
gzip
date
Wed, 12 Oct 2022 23:52:24 GMT
last-modified
Thu, 29 Sep 2022 16:18:56 GMT
transfer-encoding
chunked
vary
accept-encoding
id
smetrics.citizensbank.com/
48 B
463 B
XHR
General
Full URL
https://smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=A&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&mid=45747980804941220151757354650189770158&ts=1665618744703
Requested by
Host: cdn.glassboxcdn.com
URL: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
244e0f4dbea32e669ea6161e4d10b42b5973daa683c483106e95b70266a42a39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://windhamzzme.buzz/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
https://windhamzzme.buzz
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Y0dTOAAAAJQSMAN6
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=45722106828444985521759873122212631497
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0dTOAAAAJQSMAN6
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0dTOAAAAJQSMAN6
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v044-0eb4cc283.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
mP27p3lzSfg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0dTOAAAAJQSMAN6
Date
Wed, 12 Oct 2022 23:52:24 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
desktopEmbedded.js
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/
958 KB
299 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/desktopEmbedded.js?version=10.22.0.0-release_5548
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
04ad75bb75fb9bd7ccfc6ced51ab98904f932b3737be7e03ca4dd2a01eb2ec88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 01 Oct 2022 02:35:39 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/ Frame 7FDD
39 KB
16 KB
Document
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=https%3A%2F%2Fwindhamzzme.buzz&site=89632304&env=prod&isCrossDomain=true
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://windhamzzme.buzz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods
GET, POST, PATCH
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Wed, 12 Oct 2022 23:52:24 GMT
expires
Thu, 12 Oct 2023 23:52:24 GMT
last-modified
Mon, 08 Aug 2022 03:15:58 GMT
server
ws
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-cache-status
HIT
x-content-type-options
nosniff
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/
37 KB
15 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=https%3A%2F%2Fwindhamzzme.buzz&site=89632304&force=1&env=prod&isCrossDomain=true
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 08 Aug 2022 03:16:03 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 12 Oct 2023 23:52:24 GMT
365868.gif
idsync.rlcdn.com/ Frame 3132
0
98 B
Image
General
Full URL
https://idsync.rlcdn.com/365868.gif?partner_uid=45722106828444985521759873122212631497
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
refererrestrictions
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 7FDD
681 B
2 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb61872x4060
Requested by
Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=https%3A%2F%2Fwindhamzzme.buzz&site=89632304&env=prod&isCrossDomain=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-accdn.lpsnmedia.net
Software
ws /
Resource Hash
6efe73868647646af1a7daecae70cd7011d0416ed71f323a17eedef2a44eb5c7
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://lpcdn.lpsnmedia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:24 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Wed, 12 Oct 2022 23:53:24 GMT
ibs:dpid=134096&dpuuid=2022101223522500010455064802
dpm.demdex.net/ Frame 3132
Redirect Chain
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=45722106828444985521759873122212631497&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022101223522500010455064802
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022101223522500010455064802
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-0d690d0dc.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
vlOE7P/MTVI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022101223522500010455064802
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=2628000
content-length
0
expires
Wed, 12 Oct 2022 23:52:25 GMT
postmessage.min.html
va.idp.liveperson.net/postmessage/ Frame F287
11 KB
5 KB
Document
General
Full URL
https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1665618745010&loc=https%3A%2F%2Fwindhamzzme.buzz
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.idp.liveperson.net
Software
ws /
Resource Hash
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://windhamzzme.buzz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods
GET, POST, PATCH
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
content-encoding
gzip
content-type
text/html
date
Wed, 12 Oct 2022 23:52:25 GMT
etag
W/"5f2ff440-2a51"
last-modified
Sun, 09 Aug 2020 13:04:00 GMT
server
ws
strict-transport-security
max-age=31536000; includeSubDomains
ibs:dpid=771&dpuuid=CAESEOXGljOauTTBniJ1PO98G34&google_cver=1
dpm.demdex.net/ Frame 3132
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDU3MjIxMDY4Mjg0NDQ5ODU1MjE3NTk4NzMxMjIyMTI2MzE0OTc=
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NDU3MjIxMDY4Mjg0NDQ5ODU1MjE3NTk4NzMxMjIyMTI2MzE0OTc=&google_tc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEOXGljOauTTBniJ1PO98G34&google_cver=1?gdpr=0&gdpr_consent=
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEOXGljOauTTBniJ1PO98G34&google_cver=1?gdpr=0&gdpr_consent=
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-063d3650f.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
xsLpP4sVR3c=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEOXGljOauTTBniJ1PO98G34&google_cver=1?gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
citizen_roman.woff
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
31 KB
32 KB
Font
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
https://windhamzzme.buzz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=190
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624437768452
strict-transport-security
max-age=15768000
last-modified
Tue, 13 Sep 2022 03:41:14 GMT
etag
"7ce0-5e886c8b6bfcd"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=154892
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
31968
lb-action
None
expires
Fri, 14 Oct 2022 18:53:57 GMT
A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
s.go-mpulse.net/boomerang/ Frame 09EA
205 KB
49 KB
Script
General
Full URL
https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:e300:186::11a6 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:25 GMT
content-encoding
br
last-modified
Sat, 17 Sep 2022 06:27:11 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
ibs:dpid=1121&dpuuid=5144588521719255851
dpm.demdex.net/ Frame 3132
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=7085
  • https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588521719255851
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588521719255851
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-00915bc04.edge-irl1.demdex.com 1 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ZIWjMH1JQg0=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588521719255851
Date
Wed, 12 Oct 2022 23:52:25 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame 3132
Redirect Chain
  • https://ps.eyeota.net/match?bid=6j5b2cv&uid=45722106828444985521759873122212631497&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
  • https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
42 B
960 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v044-0eb4cc283.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Os8ugfFLQQU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error
303,104
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date
Wed, 12 Oct 2022 23:52:25 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
config.json
c.go-mpulse.net/api/ Frame 09EA
805 B
1 KB
XHR
General
Full URL
https://c.go-mpulse.net/api/config.json?key=A9397-AA2WQ-WQN9E-BBVTK-Y8BXE&d=windhamzzme.buzz&t=5552062&v=1.720.0&if=&sl=0&si=82685f28-4039-46ba-9afa-673e6f22d14d-rjnznc&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=354307
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:4700:298::11a6 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8ba41d4dc36f7ed9059bee959d6b902b7619a9b953f6cdfce4c3a99e0ac700e5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 12 Oct 2022 23:52:25 GMT
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
805
Content-Type
application/json
ibs:dpid=121998&dpuuid=
dpm.demdex.net/ Frame 3132
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=45722106828444985521759873122212631497?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=45722106828444985521759873122212631497?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
42 B
960 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
54.76.60.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-0d690d0dc.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
jIG2tOPpSNU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error
104,300
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

expires
0
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
cache-control
no-cache
x-server
10.45.17.87
content-length
0
x-consent
absent
pixel
cm.g.doubleclick.net/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTBkVE9BQUFBSlFTTUFONg==
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTBkVE9BQUFBSlFTTUFONg==
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by
cache-ams21082-AMS
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
via
1.1 varnish
server
Varnish
x-timer
S1665618746.556574,VS0,VE0
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTBkVE9BQUFBSlFTTUFONg==
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
authorize
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame F287
678 B
2 KB
XHR
General
Full URL
https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=91740
Requested by
Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1665618745010&loc=https%3A%2F%2Fwindhamzzme.buzz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.idp.liveperson.net
Software
ws /
Resource Hash
809c817e5eb70827f02b8944f90f5ff2bc22ddc4ae5821a3e021aa03c852a477
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

LP-DOMAIN-REFERER
https://windhamzzme.buzz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
*/*
Referer
https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1665618745010&loc=https%3A%2F%2Fwindhamzzme.buzz
X-Requested-With
XMLHttpRequest
LP-URL
https://windhamzzme.buzz/Citizens/citizens/

Response headers

pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
access-control-allow-origin
https://va.idp.liveperson.net
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
content-length
678
tap.php
pixel.rubiconproject.com/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y0dTOAAAAJQSMAN6&expires=90
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y0dTOAAAAJQSMAN6&expires=90
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by
cache-ams21082-AMS
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
via
1.1 varnish
server
Varnish
x-timer
S1665618746.614708,VS0,VE0
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y0dTOAAAAJQSMAN6&expires=90
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
icon-secure.png
www4.citizensbankonline.com/efs/efs/grafx/
292 B
604 B
Image
General
Full URL
https://www4.citizensbankonline.com/efs/efs/grafx/icon-secure.png
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=135
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624436802847
strict-transport-security
max-age=15768000
last-modified
Sat, 20 Aug 2022 05:23:48 GMT
etag
"124-5e6a56b59c31b"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=154826
server-timing
cdn-cache; desc=HIT, edge; dur=8
accept-ranges
bytes
content-length
292
lb-action
None
expires
Fri, 14 Oct 2022 18:52:51 GMT
flows-tooltip.png
www4.citizensbankonline.com/efs/efs/grafx/
364 B
677 B
Image
General
Full URL
https://www4.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=101
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624446452305
strict-transport-security
max-age=15768000
last-modified
Sat, 20 Aug 2022 05:27:53 GMT
etag
"16c-5e6a579ecbd78"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=154960
server-timing
cdn-cache; desc=HIT, edge; dur=9
accept-ranges
bytes
content-length
364
lb-action
None
expires
Fri, 14 Oct 2022 18:55:05 GMT
arrow-button-white.png
www4.citizensbankonline.com/efs/efs/grafx/
1017 B
1 KB
Image
General
Full URL
https://www4.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=102
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624437004797
strict-transport-security
max-age=15768000
last-modified
Sat, 20 Aug 2022 05:27:52 GMT
etag
"3f9-5e6a579eb1b7c"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=154834
server-timing
cdn-cache; desc=HIT, edge; dur=2
accept-ranges
bytes
content-length
1017
lb-action
None
expires
Fri, 14 Oct 2022 18:52:59 GMT
arrow-down-blue.png
www4.citizensbankonline.com/efs/efs/grafx/
1 KB
1 KB
Image
General
Full URL
https://www4.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=99
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624436628708
strict-transport-security
max-age=15768000
last-modified
Sat, 20 Aug 2022 05:27:52 GMT
etag
"41e-5e6a579eb1b7c"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=154960
server-timing
cdn-cache; desc=HIT, edge; dur=2
accept-ranges
bytes
content-length
1054
lb-action
None
expires
Fri, 14 Oct 2022 18:55:05 GMT
arrow-right-orange.png
www4.citizensbankonline.com/efs/efs/grafx/
165 B
478 B
Image
General
Full URL
https://www4.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=93
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624436969240
strict-transport-security
max-age=15768000
last-modified
Sat, 20 Aug 2022 05:27:52 GMT
etag
"a5-5e6a579eb1f64"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=154897
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
165
lb-action
None
expires
Fri, 14 Oct 2022 18:54:02 GMT
citiolb_icons.woff
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
18 KB
18 KB
Font
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
https://windhamzzme.buzz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=220
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624438317910
strict-transport-security
max-age=15768000
last-modified
Tue, 13 Sep 2022 03:41:14 GMT
etag
"485c-5e886c8b6b7fd"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=154814
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
18524
lb-action
None
expires
Fri, 14 Oct 2022 18:52:39 GMT
citizen_book.woff
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
31 KB
31 KB
Font
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
https://windhamzzme.buzz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=147
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624438342331
strict-transport-security
max-age=15768000
last-modified
Tue, 13 Sep 2022 03:41:14 GMT
etag
"7c78-5e886c8b76891"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=154741
server-timing
cdn-cache; desc=HIT, edge; dur=2
accept-ranges
bytes
content-length
31864
lb-action
None
expires
Fri, 14 Oct 2022 18:51:26 GMT
citizen_extrabold.woff
www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
27 KB
28 KB
Font
General
Full URL
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
Requested by
Host: www4.citizensbankonline.com
URL: https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:195::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www4.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
https://windhamzzme.buzz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-olb-req-duration
D=211
date
Wed, 12 Oct 2022 23:52:25 GMT
x-olb-req-received
t=1664624436894593
strict-transport-security
max-age=15768000
last-modified
Tue, 13 Sep 2022 03:41:14 GMT
etag
"6ccc-5e886c8b6bbe5"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=154746
server-timing
cdn-cache; desc=HIT, edge; dur=2
accept-ranges
bytes
content-length
27852
lb-action
None
expires
Fri, 14 Oct 2022 18:51:31 GMT
rum
dsum-sec.casalemedia.com/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y0dTOAAAAJQSMAN6
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y0dTOAAAAJQSMAN6&C=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y0dTOAAAAJQSMAN6&C=1
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Oct 2022 23:52:25 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 12 Oct 2022 23:52:25 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
/rum?cm_dsp_id=88&external_user_id=Y0dTOAAAAJQSMAN6&C=1
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
89632304
va.v.liveperson.net/api/js/
242 B
1 KB
Script
General
Full URL
https://va.v.liveperson.net/api/js/89632304?&cb=lpCb6038x61349&t=sp&ts=1665618745002&pid=1910536310&tid=9217027055&pt=Online%20Login%20%7C%20Citizens&u=https%3A%2F%2Fwindhamzzme.buzz%2FCitizens%2Fcitizens%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2298cfabca-1327-408f-8fab-ca1327a08f7c%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
03fe1d489657c93d8544e63c91014120bdce2a596dee2bdc22f2aad54e2fab66

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:26 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
bounce
ib.adnxs.com/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
  • https://ib.adnxs.com/setuid?entity=158&code=Y0dTOAAAAJQSMAN6
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY0dTOAAAAJQSMAN6
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY0dTOAAAAJQSMAN6
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Oct 2022 23:52:25 GMT
AN-X-Request-Uuid
cc5f74d9-f8fb-4aa8-bd37-e5e0dc4996d5
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
95.211.199.145; 95.211.199.145; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 12 Oct 2022 23:52:25 GMT
AN-X-Request-Uuid
1d3c7cb9-72df-424c-9cfc-f73cc12a91c1
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY0dTOAAAAJQSMAN6
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
95.211.199.145; 95.211.199.145; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y0dTOAAAAJQSMAN6
43 B
273 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y0dTOAAAAJQSMAN6
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Oct 2022 23:52:26 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by
cache-ams21082-AMS
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:25 GMT
via
1.1 varnish
server
Varnish
x-timer
S1665618746.960551,VS0,VE0
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y0dTOAAAAJQSMAN6
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
Pug
image2.pubmatic.com/AdServer/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y0dTOAAAAJQSMAN6
0
225 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y0dTOAAAAJQSMAN6
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Wed, 12 Oct 2022 23:52:26 GMT
cache-control
no-store, no-cache, private
content-encoding
gzip
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

x-served-by
cache-ams21082-AMS
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:26 GMT
via
1.1 varnish
server
Varnish
x-timer
S1665618746.055931,VS0,VE0
x-cache
HIT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y0dTOAAAAJQSMAN6
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
partner
sync.search.spotxchange.com/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y0dTOAAAAJQSMAN6&img=1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y0dTOAAAAJQSMAN6&img=1&__user_check__=1&sync_id=ec81955f-4a88-11ed-a881-1fd522ee0406
43 B
548 B
Image
General
Full URL
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y0dTOAAAAJQSMAN6&img=1&__user_check__=1&sync_id=ec81955f-4a88-11ed-a881-1fd522ee0406
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
HTTP/1.1
Server
185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Wed, 12 Oct 2022 23:52:26 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
62
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Wed, 12 Oct 2022 23:52:26 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Location
/partner?adv_id=6409&uid=Y0dTOAAAAJQSMAN6&img=1&__user_check__=1&sync_id=ec81955f-4a88-11ed-a881-1fd522ee0406
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
79
Connection
keep-alive
Content-Length
0
b.php
www.facebook.com/fr/ Frame 3132
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y0dTOAAAAJQSMAN6&t=2592000&o=0
43 B
562 B
Image
General
Full URL
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y0dTOAAAAJQSMAN6&t=2592000&o=0
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 16:52:26 PDT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-fb-rlafr
0
pragma
public
x-fb-debug
sQtT2PpA1YVJt6QDrVka3u3+/2Fi+LlIiA5siGLr23mHms4nyNr0nDOs4pJNr8VgZmFAgOyUnQNkMCWCtWW3cg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type
image/gif
cache-control
public, max-age=0
expires
Wed, 12 Oct 2022 16:52:26 PDT

Redirect headers

x-served-by
cache-ams21082-AMS
pragma
no-cache
date
Wed, 12 Oct 2022 23:52:26 GMT
via
1.1 varnish
server
Varnish
x-timer
S1665618746.257712,VS0,VE0
x-cache
HIT
location
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y0dTOAAAAJQSMAN6&t=2592000&o=0
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
restricted
mid.rkdms.com/ Frame 3132
Redirect Chain
  • https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=45722106828444985521759873122212631497&_ct=img
  • https://mid.rkdms.com/restricted
0
0
Image
General
Full URL
https://mid.rkdms.com/restricted
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H2
Server
54.81.131.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-81-131-196.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

location
/restricted
date
Wed, 12 Oct 2022 23:52:26 GMT
server
nginx
content-length
0
89632304
va.v.liveperson.net/api/js/
42 B
792 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/89632304?sid=ySOqJq8CSviIEC5nr65wzg&cb=lpCb89811x25671&t=uc&ts=1665618745747&pid=1910536310&tid=9217027055&sdes=%5B%7B%22type%22%3A%22error%22%2C%22error%22%3A%7B%22message%22%3Anull%2C%22code%22%3A%22The%20online%20user%20ID%20below%20does%20not%20match%20our%20records.%20Please%20review%20your%20information%20then%20try%20again.%20If%20you%20are%20still%20unable%20to%20continue%2C%20please%20call%20our%20Customer%20Service%20Center.%22%7D%7D%5D&vid=dkOTFhYzk2YmUwMTg0ZjRk
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
396fde878bcf084ce13dbb2185ca0203d8eb8e9eb738b72e00f79aae8f00b7b9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:26 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
JSSEZWQw0C
windhamzzme.buzz/Citizens/citizens/data/
77 KB
77 KB
XHR
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/JSSEZWQw0C
Requested by
Host: cdn.glassboxcdn.com
URL: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821

Request headers

Referer
https://windhamzzme.buzz/Citizens/citizens/
ADRUM
isAjax:true
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 12 Oct 2022 23:52:28 GMT
cf-cache-status
DYNAMIC
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHKID3fWsNPdnUnlfp0691N5Z4sCnSccnMlAcZ9Qw4IPUM8tv3NbDqIjqSZqpjNUjt18WCG0q3v%2F0MAEfo57Kf%2BOimrJjnHuDQ7zyIyzWVPBKfEQ2QY4r84JKhU637PjCaUAoMLQgdjp34z7kDiq"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7593bfce0b8c9bd0-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78590
storage.html
windhamzzme.buzz/Citizens/citizens/data/ Frame 827F
315 B
654 B
Document
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/storage.html
Requested by
Host: windhamzzme.buzz
URL: https://windhamzzme.buzz/Citizens/citizens/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer
https://windhamzzme.buzz/Citizens/citizens/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7593bfce1b929bd0-FRA
content-encoding
br
content-type
text/html; charset=iso-8859-1
date
Wed, 12 Oct 2022 23:52:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Q%2FvYSRgBUq0xGhiY05hkSRDc7XBCamQNX0wETWnHexcMZsp5q00FgNcC7%2BT3qMUaS5WLLvt4oKzhprXK3pyIky%2Binf6SZWUKHJQhwkTZlkCxMW57AWGzNf5FgeRN7m5hLXHuypx88lieg1e7uwL"}],"group":"cf-nel","max_age":604800}
server
cloudflare
JSSEZWQw0C
windhamzzme.buzz/Citizens/citizens/data/
77 KB
77 KB
XHR
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/JSSEZWQw0C
Requested by
Host: cdn.glassboxcdn.com
URL: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821

Request headers

Referer
https://windhamzzme.buzz/Citizens/citizens/
ADRUM
isAjax:true
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 12 Oct 2022 23:52:28 GMT
cf-cache-status
DYNAMIC
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1x0dlMQtCF7WgkkDLGSq6JD0fxoYJ9JhbpR%2FfdRaSjnIdCEQbyeZ2D0lQwvQCvCSY%2B7EuOI0I%2FXJwpN2xDZ6i3x4914mxKOYbK56KvJJqHya5mjkoK4R8gB69yUuKVRsD5kpasDCsa1Qu7cOfw3w"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7593bfd15e969bd0-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78590
89632304
va.v.liveperson.net/api/js/
111 B
854 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/89632304?sid=ySOqJq8CSviIEC5nr65wzg&cb=lpCb60481x93756&t=pl&ts=1665618747601&pid=1910536310&tid=9217027055&vid=dkOTFhYzk2YmUwMTg0ZjRk
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
fc88f3be05d0066bdd9c4163a527870a9b51b8212af107f2835f99005d14400e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:27 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
cls_report
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/
737 B
1 KB
XHR
General
Full URL
https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=ac265965-849f-48da-b2cf-71374d8c2062%3A0&_cls_v=601e5416-100a-4f91-b556-a10da9c93aee&pv=2&f_cls_s=true
Requested by
Host: cdn.glassboxcdn.com
URL: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.235.78.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-235-78-87.compute-1.amazonaws.com
Software
GlassBox Cligate /
Resource Hash
6c0c69076c7dddffe26bf03496cb1817af9e8763a3887d35b4a68d4960c870cb

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Wed, 12 Oct 2022 23:52:28 GMT
content-encoding
gzip
Server
GlassBox Cligate
vary
origin
Content-Type
application/json
access-control-allow-origin
https://windhamzzme.buzz
access-control-allow-credentials
true
Connection
keep-alive
GB-Server
g5035
X-Robots-Tag
noindex
Content-Length
429
generic1665005603563.js
nebula-cdn.kampyle.com/us/wu/356861/onsite/
791 KB
112 KB
Script
General
Full URL
https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1665005603563.js
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7737fc059e071e961c41bac0799ba7bf8bc5545841a101b9d0f16fb197f4de82
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
sS15mP2HP1_gvO6GweV7zdqjZ8tqzGJg
content-encoding
gzip
via
1.1 varnish
date
Wed, 12 Oct 2022 23:52:28 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
CH9478KPJA8ZV5DF
age
613127
x-cache
HIT
content-length
114411
x-amz-id-2
lave/djgc5VHUYOZ/95a3B/JpFNfOF1VPzzbu+o7dPnPLg/EcA4fz6fbxEZ3PNRimgu/RFWWHc8=
x-served-by
cache-ams21034-AMS
last-modified
Wed, 05 Oct 2022 21:33:24 GMT
server
AmazonS3
x-timer
S1665618749.674031,VS0,VE0
etag
"ba78af14d365f8ccbd56a01ca6bf1c05"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
x-cache-hits
13
adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
cdn.appdynamics.com/
52 KB
20 KB
Script
General
Full URL
https://cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-95.fra56.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
9b0f859e5508780a810e47e772554395a5d2ae5e679c338df1b6cd600d69dad2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 21:13:11 GMT
content-encoding
gzip
via
1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
441557
x-cache
Hit from cloudfront
last-modified
Tue, 06 Sep 2022 21:05:12 GMT
server
nginx/1.16.1
etag
W/"6317b608-d132"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2678400, s-max-age=14400
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
oEWxmFN6u3i7RD03KgDg41-qOWVXgo99tb3p9QaupKjel6QkBSW3JQ==
embed.js
nebula-cdn.kampyle.com/wu/356861/onsite/
1 KB
595 B
Script
General
Full URL
https://nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4ba8fc34aa3793516de38635653f6a69d9ff1e9f14880f6b6df52d00bcfdad4c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
P0vUE_TJe.yQCf1POgYtfWkHzc0CIb7I
content-encoding
gzip
via
1.1 varnish
date
Wed, 12 Oct 2022 23:52:28 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
QJRMA58BMA560227
age
613144
x-cache
HIT
content-length
517
x-amz-id-2
24kWpgpwSiAzZPA3z/E7FgAGM4oGZybaFI7heodzK7SqbNuA83P1SvziaoenGXmrEVNoyoiKHeM=
x-served-by
cache-ams21034-AMS
last-modified
Wed, 05 Oct 2022 21:33:25 GMT
server
AmazonS3
x-timer
S1665618749.683846,VS0,VE0
etag
"8b72f36bbd0721428f49dda9c3bd04ac"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
x-cache-hits
33
detector-dom.min.js
cdn.glassboxcdn.com/citizen/OLB/p/
364 KB
112 KB
Script
General
Full URL
https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:28 GMT
x-amz-version-id
bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding
gzip
cf-cache-status
HIT
via
1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
6878
x-cache
Hit from cloudfront
last-modified
Thu, 13 May 2021 10:48:21 GMT
server
cloudflare
etag
W/"845173368b011e7fa14658b57426fe09"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
7593bfdb4cb29202-FRA
x-amz-cf-id
UV9DTLjwNxkD6S23fGa-51R7a9XBwE8EJ6Rer3Zfc23faSyCDwZoLg==
expires
Thu, 13 Oct 2022 03:52:28 GMT
/
68794905.akstat.io/
0
203 B
Ping
General
Full URL
https://68794905.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:e300:186::11a6 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://windhamzzme.buzz/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 12 Oct 2022 23:52:28 GMT
content-type
image/gif
access-control-allow-origin
https://windhamzzme.buzz
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Wed, 12 Oct 2022 23:52:28 GMT
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/
0
317 B
Image
General
Full URL
https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNi4wLjUyNDkuOTEgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiV2luMzIiLCJwYWdlX3RpdGxlIjogIk9ubGluZSBMb2dpbiB8IENpdGl6ZW5zIiwicGFnZV91cmwiOiAiaHR0cHM6Ly93aW5kaGFtenptZS5idXp6L0NpdGl6ZW5zL2NpdGl6ZW5zLyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY1NjE4NzQ4NzYwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODNjZTlkMjU0NTRlOC0wNjA4YzUwZjYwY2U3Yy0xMzNiMzQ3NC0xZDRjMDAtMTgzY2U5ZDI1NDY5ZWYiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHBzOi8vd2luZGhhbXp6bWUuYnV6ei9DaXRpemVucy9jaXRpemVucy8iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImRkMDctZTRiMi1mNWE2LTc1OTEtYmZlMi03MzE3LWQ0NDAtY2ZjYSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY1NjE4NzQ4NzQ5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDc5MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NTYxODc0ODc2MCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
82.45.241.35.bc.googleusercontent.com
Software
Jetty(9.2.11.v20150529) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-me
prod-instance-gatewayservice-blue-ws2b
date
Wed, 12 Oct 2022 23:52:28 GMT
via
1.1 google
server
Jetty(9.2.11.v20150529)
access-control-max-age
1800
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
image/gif; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept
content-length
0
x-application-context
application:9090
results.txt
l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net/eum/ Frame 09EA
Redirect Chain
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pddzwcy33
  • https://l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net/eum/results.txt
8 B
312 B
XHR
General
Full URL
https://l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
2.16.186.40 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Wed, 12 Oct 2022 23:52:29 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net/eum/results.txt
Access-Control-Allow-Origin
*
Date
Wed, 12 Oct 2022 23:52:28 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
results.txt
eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net/eum/ Frame 09EA
Redirect Chain
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pddzwcy33
  • https://eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net/eum/results.txt
8 B
312 B
XHR
General
Full URL
https://eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Wed, 12 Oct 2022 23:52:29 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net/eum/results.txt
Access-Control-Allow-Origin
*
Date
Wed, 12 Oct 2022 23:52:28 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
feedback.png
windhamzzme.buzz/Citizens/citizens/data/
824 B
1 KB
Image
General
Full URL
https://windhamzzme.buzz/Citizens/citizens/data/feedback.png
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/Citizens/citizens/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:29 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 30 Nov 2021 20:02:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1%2BCphC5WiJCoNOWar4gy7X4wLM7qGajZaE6SO%2FAz7uTxeFMytbDS1xS1Oto%2BPajXxs7VxpUq1wSwZlUduUEn03vbM8yoZoRUEC2ejxoGk%2BHg6M03fo0fg38Ga0Dp%2Fba0%2B5xE9qWi8FDLft4u8jv"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7593bfdd2ca69bd0-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
824
feedback.png
www.citizensbank.com/assets/CB_media/images/
824 B
1 KB
Image
General
Full URL
https://www.citizensbank.com/assets/CB_media/images/feedback.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:19a::1f37 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://windhamzzme.buzz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 23:52:29 GMT
strict-transport-security
max-age=15768000
last-modified
Wed, 22 Jan 2020 18:38:44 GMT
server
Microsoft-IIS/10.0
etag
"052b72c53d1d51:0"
x-powered-by
ASP.NET, ARR/3.0
content-type
image/png
cache-control
max-age=600
server-timing
cdn-cache; desc=HIT, edge; dur=6
accept-ranges
bytes
x-robots-tag
none
content-length
824
cls_report
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/
737 B
1 KB
XHR
General
Full URL
https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=ac265965-849f-48da-b2cf-71374d8c2062:0&_cls_v=601e5416-100a-4f91-b556-a10da9c93aee&pid=16b5245c-2812-4f8a-826b-0d6c5c9c97c9&sn=1&cfg&pv=2&aid=
Requested by
Host: cdn.glassboxcdn.com
URL: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.235.78.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-235-78-87.compute-1.amazonaws.com
Software
GlassBox Cligate /
Resource Hash
6c0c69076c7dddffe26bf03496cb1817af9e8763a3887d35b4a68d4960c870cb

Request headers

Referer
https://windhamzzme.buzz/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 12 Oct 2022 23:52:30 GMT
content-encoding
gzip
Server
GlassBox Cligate
vary
origin
Content-Type
application/json
access-control-allow-origin
https://windhamzzme.buzz
access-control-allow-credentials
true
Connection
keep-alive
GB-Server
g5035
X-Robots-Tag
noindex
Content-Length
429
cls_report
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/
145 B
923 B
XHR
General
Full URL
https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=ac265965-849f-48da-b2cf-71374d8c2062:0&_cls_v=601e5416-100a-4f91-b556-a10da9c93aee&pid=16b5245c-2812-4f8a-826b-0d6c5c9c97c9&sn=2&cfg=27baeec&pv=2&aid=
Requested by
Host: cdn.glassboxcdn.com
URL: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.235.78.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-235-78-87.compute-1.amazonaws.com
Software
GlassBox Cligate /
Resource Hash
64755b4a4bb7c4ad0b3519354e2ce40afb515b62af4a5ca8b1c7f63f055d7049

Request headers

Referer
https://windhamzzme.buzz/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 12 Oct 2022 23:52:30 GMT
content-encoding
gzip
Server
GlassBox Cligate
vary
origin
Content-Type
application/json
access-control-allow-origin
https://windhamzzme.buzz
access-control-allow-credentials
true
Connection
keep-alive
GB-Server
g5035
X-Robots-Tag
noindex
Content-Length
140

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

143 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _cls_config object| _detector undefined| optimizely object| KAMPYLE_EMBED object| ADRUM number| adrum-start-time string| timeStamp string| pageURL string| pageName object| digitalData object| ensBootstraps object| eventListenerMap object| Bootstrapper number| _delay object| adobe function| Visitor object| s_c_il number| s_c_in object| visitor boolean| isProductionEnvironment string| lpAccountNumber object| lpTag object| adrum-config function| checkNested function| waitForGlobal string| sName string| s_account function| getUrlVars function| getIntUrlVars object| today object| currentDate number| sundays number| currentDayNum function| endOfDatePeriod function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| olb function| DIL number| s_objectID number| s_giq function| _typeof function| _extends object| lpTaglogListeners object| proxyless object| lpMTagConfig function| createFrameworkGlobals object| liveperson function| SurveyManager function| _stateChanged object| STORAGE object| proto string| QUESTION_ERROR_TYPE object| __core-js_shared__ object| lpIntlTelInputUtils object| lpIntlTelInputGlobals string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| CITIZENSOLB object| Placeholders object| BOOMR_mq string| BOOMR_API_key object| BOOMR number| BOOMR_lstart object| thebody number| BOOMR_configt object| _ac object| _cf object| bmak number| bm_counter object| bm_script undefined| scripts string| bm_url object| url_split string| obfus_state_field string| state_field_str string| _sd_trace function| op number| formId function| showSurvey number| BOOMR_onload object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_CLICKTALE_FUNC object| KAMPYLE_SESSIONCAM object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK object| KAMPYLE_INTEGRATION object| cooladata string| key string| sessionId

31 Cookies

Domain/Path Name / Value
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD Name: _cls_cfgver
Value: 27baeec
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD Name: _cls_s
Value: ac265965-849f-48da-b2cf-71374d8c2062:0
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD Name: _cls_v
Value: 601e5416-100a-4f91-b556-a10da9c93aee
.windhamzzme.buzz/ Name: _cls_v
Value: 601e5416-100a-4f91-b556-a10da9c93aee
.windhamzzme.buzz/ Name: _cls_s
Value: ac265965-849f-48da-b2cf-71374d8c2062:0
.demdex.net/ Name: demdex
Value: 45722106828444985521759873122212631497
.windhamzzme.buzz/ Name: AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y0dTOAAAAJQSMAN6
.dpm.demdex.net/ Name: dpm
Value: 45722106828444985521759873122212631497
.windhamzzme.buzz/ Name: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg
Value: 359503849%7CMCIDTS%7C19278%7CMCMID%7C45747980804941220151757354650189770158%7CMCAAMLH-1666223544%7C6%7CMCAAMB-1666223544%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1665625944s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19285%7CvVersion%7C5.0.1
.doubleclick.net/ Name: IDE
Value: AHWqTUmJPMrXAb7YRXEZwWAk330z5P-R0XwKq530vGU-kpr_aB_02ikMnEdkLFfExhI
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1vFxGtoZmZqZmhhbmJqbGwGAHlCXzsQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1MjQ3tDQyNbUwNRTiM9T1DswtMDFKSc-Id8sCALW1CkglAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1MjQ3tDQyNbUwNRTiM9T1DswtMDFKSc-Id8sCALW1CkglAAAA
.eyeota.net/ Name: SERVERID
Value: 20239~DM
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.casalemedia.com/ Name: CMID
Value: Y0dTOcX-r-osb7yaw8OREAAA
.casalemedia.com/ Name: CMPS
Value: 3387
.casalemedia.com/ Name: CMPRO
Value: 3387
.adnxs.com/ Name: uuid2
Value: 6649470599998367789
.adnxs.com/ Name: anj
Value: dTM7k!M4.FErk#WF']wIg2In:gh[R`!]tbPl1MwL(!R7qUY'C7<w48/(=sCdveAWE%4*sXK<C^R9RFMZ9bmtwgM/]vGiO_uH]IVPDYw?IEBnq=!=0)ZS<t:a
.spotxchange.com/ Name: audience
Value: ec8194d3-4a88-11ed-a881-1fd522ee0406
.demdex.net/ Name: dextp
Value: 60-1-1665618744906|843-1-1665618745007|771-1-1665618745107|1121-1-1665618745208|30064-1-1665618745309|121998-1-1665618745410|144230-1-1665618745510|144231-1-1665618745611|144232-1-1665618745750|144233-1-1665618745851|144234-1-1665618745952|144235-1-1665618746052|144236-1-1665618746153|144237-1-1665618746254|129099-1-1665618746355
.windhamzzme.buzz/ Name: LPVID
Value: dkOTFhYzk2YmUwMTg0ZjRk
.windhamzzme.buzz/ Name: LPSID-89632304
Value: ySOqJq8CSviIEC5nr65wzg
windhamzzme.buzz/ Name: mdLogger
Value: false
windhamzzme.buzz/ Name: kampyle_userid
Value: dd07-e4b2-f5a6-7591-bfe2-7317-d440-cfca
windhamzzme.buzz/ Name: kampyleUserSession
Value: 1665618748749
windhamzzme.buzz/ Name: kampyleUserSessionsCount
Value: 1
windhamzzme.buzz/ Name: kampyleSessionPageCounter
Value: 1
report.citizen.glassboxdigital.io/ Name: AWSALBCORS
Value: wLIcbNO+QYO3gR+zx4hux6fjZrjt3CcprBerNbP539NPIIadiyAWMJkV5zwUucUuQfSRToKMBCXz0ilutdzdaTe6Cjs5g10nfAUnnWOW3U0hCmSPE92wKGo1Q7DX

15 Console Messages

Source Level URL
Text
network error URL: https://lptag.liveperson.net/tag/tag.js?site=83789770
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://lptag.liveperson.net/lptag/api/account/83789770/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/meta.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/pubsub.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/storage.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/vendor.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://idsync.rlcdn.com/365868.gif?partner_uid=45722106828444985521759873122212631497
Message:
Failed to load resource: the server responded with a status of 451 ()
javascript warning URL: https://windhamzzme.buzz/Citizens/citizens/(Line 106)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://windhamzzme.buzz/Citizens/citizens/(Line 106)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www4.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://www4.citizensbankonline.com/efs/hhf/css/citizensns.min.46109.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/citizensHeaderFooter-citizensns.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/app.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/generic1637355035732.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/sec-cpt-3-6.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://windhamzzme.buzz/Citizens/citizens/data/storage.html
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

68794905.akstat.io
accdn.lpsnmedia.net
c.go-mpulse.net
cdn.appdynamics.com
cdn.glassboxcdn.com
citizensbank.demdex.net
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
dsum-sec.casalemedia.com
eaarv6caecqdikqce3ydkaaaczruouz4-pddzwc-631ba0a0e-clienttons-s.akamaihd.net
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
l7j4peiccc5bqy2hkm6a-pddzwc-4ce7d9085-clientnsv4-s.akamaihd.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
mid.rkdms.com
nebula-cdn.kampyle.com
nexus.ensighten.com
p.rfihub.com
pixel.rubiconproject.com
ps.eyeota.net
report.citizen.glassboxdigital.io
s.go-mpulse.net
smetrics.citizensbank.com
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.search.spotxchange.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
udc-neb.kampyle.com
us-u.openx.net
va.idp.liveperson.net
va.v.liveperson.net
windhamzzme.buzz
www.citizensbank.com
www.facebook.com
www4.citizensbankonline.com
x.dlx.addthis.com
142.250.184.226
15.236.176.210
151.101.130.49
151.101.65.175
178.249.101.23
178.249.101.98
178.249.101.99
185.64.190.80
185.80.39.216
185.94.180.125
193.0.160.129
2.16.186.24
2.16.186.40
2.18.232.236
208.89.12.87
208.89.15.170
2606:4700::6812:e16
2a02:26f0:3500:16::215:149b
2a02:26f0:4700:195::17c7
2a02:26f0:4700:19a::1f37
2a02:26f0:4700:298::11a6
2a02:26f0:e300:186::11a6
2a03:2880:f11c:8183:face:b00c:0:25de
2a06:98c1:3120::3
3.120.214.218
34.251.26.3
34.254.133.1
35.241.45.82
35.244.159.8
35.244.174.68
37.252.172.123
52.209.199.248
54.235.78.87
54.76.60.98
54.81.131.196
65.9.66.24
65.9.66.95
69.173.144.139
03fe1d489657c93d8544e63c91014120bdce2a596dee2bdc22f2aad54e2fab66
04ad75bb75fb9bd7ccfc6ced51ab98904f932b3737be7e03ca4dd2a01eb2ec88
07c9f195b802b98c0a702dd5f26467c81db912f5b272a407f7c4dea462ad4637
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
23c49096a53731271078b6f05b9c5c8e504712d1971f8df05911c55051341840
244e0f4dbea32e669ea6161e4d10b42b5973daa683c483106e95b70266a42a39
25a7a102a22ad70761585350775304dd658ec1b2d79cfcba77d17ae70010a7c3
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
2a3eea062394c824b60d3604e44c66b53139c74394b76b510d9321c605b5bcf0
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
396fde878bcf084ce13dbb2185ca0203d8eb8e9eb738b72e00f79aae8f00b7b9
3b531a8826aeb7dd365eb418b6aee5b8204f5e38c311f588ad75bbe7de570b16
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba8fc34aa3793516de38635653f6a69d9ff1e9f14880f6b6df52d00bcfdad4c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
5adb5d548656117fa0e82394f44d4e2669d40ffbc850ad928e03dd774c8b4938
5d720cad36f7d04e6ed10fd33d22ba5040927dfdde6c48aa8ee87414cd152d76
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
64755b4a4bb7c4ad0b3519354e2ce40afb515b62af4a5ca8b1c7f63f055d7049
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
6c0c69076c7dddffe26bf03496cb1817af9e8763a3887d35b4a68d4960c870cb
6efe73868647646af1a7daecae70cd7011d0416ed71f323a17eedef2a44eb5c7
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
7737fc059e071e961c41bac0799ba7bf8bc5545841a101b9d0f16fb197f4de82
7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
809c817e5eb70827f02b8944f90f5ff2bc22ddc4ae5821a3e021aa03c852a477
8ba41d4dc36f7ed9059bee959d6b902b7619a9b953f6cdfce4c3a99e0ac700e5
8d70b5422adb792178cefebbefeaac24d9ffc99d512be3f75271b248e0cc8d5c
909957127d7134ea1ed1c005a622d937aa8aadff84d0b0a3b0e4ed8fcdec186e
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b0f859e5508780a810e47e772554395a5d2ae5e679c338df1b6cd600d69dad2
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
a4ea3de02f4ec1874478b152a09b89aecc2fc4f63ae2a4208ee8fb6585cebb11
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
ad7f8c7c3c420d4836dafb15b1d5d1be4d29ffabe1d768888e4b01babcfdac49
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
c8e977ce7ef24c640495bb1441eec809c774393711d5e88b6dd8e5cb8d2d748e
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44704633dfece18430629409c2d9a9434e082280ecf86c84273e82768575d6d
e490994ad61a64454e06354b4c74756269548b48e8bd476b35762d713ccb8c86
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc88f3be05d0066bdd9c4163a527870a9b51b8212af107f2835f99005d14400e
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e