developed.nswoodworks.buzz Open in urlscan Pro
2606:4700:3033::6818:6797  Malicious Activity! Public Scan

Submitted URL: http://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e
Effective URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Submission: On September 17 via automatic, source openphish

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 29 HTTP transactions. The main IP is 2606:4700:3033::6818:6797, located in United States and belongs to CLOUDFLARENET, US. The main domain is developed.nswoodworks.buzz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 24th 2020. Valid for: a year.
This is the only time developed.nswoodworks.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online) Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
18 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
29 7
Domain Requested by
18 developed.nswoodworks.buzz developed.nswoodworks.buzz
4 cdn.by.wonderpush.com developed.nswoodworks.buzz
cdn.by.wonderpush.com
3 fonts.gstatic.com fonts.googleapis.com
2 trk-log.frdavidjones.com 2 redirects
1 measurements-api.wonderpush.com cdn.by.wonderpush.com
1 get.geojs.io cdn.by.wonderpush.com
1 fonts.googleapis.com developed.nswoodworks.buzz
1 cdnjs.cloudflare.com developed.nswoodworks.buzz
29 8

This site contains links to these domains. Also see Links.

Domain
mtp.identityproofs.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-24 -
2021-08-24
a year crt.sh
cdnjs.cloudflare.com
DigiCert ECC Secure Server CA
2020-08-12 -
2022-08-17
2 years crt.sh
by.wonderpush.com
Let's Encrypt Authority X3
2020-08-10 -
2020-11-08
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-08-26 -
2020-11-18
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-08-26 -
2020-11-18
3 months crt.sh
measurements-api.wonderpush.com
GTS CA 1D2
2020-08-31 -
2020-11-29
3 months crt.sh

This page contains 1 frames:

Primary Page: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Frame ID: 639C608AB268484255246B5324B547B3
Requests: 29 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e HTTP 301
    https://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e HTTP 302
    https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

29
Requests

100 %
HTTPS

100 %
IPv6

7
Domains

8
Subdomains

7
IPs

2
Countries

553 kB
Transfer

1140 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e HTTP 301
    https://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e HTTP 302
    https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request yd
developed.nswoodworks.buzz/
Redirect Chain
  • http://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e
  • https://trk-log.frdavidjones.com/ga/click/2-2005043-71-3218-6321-6432-000856d38e-9af7a6fe1e
  • https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
21 KB
6 KB
Document
General
Full URL
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.1
Resource Hash
242499632cf240c6e265d33409ed41416a717df90254910b713376e5d5b631b8

Request headers

:method
GET
:authority
developed.nswoodworks.buzz
:scheme
https
:path
/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 17 Sep 2020 01:33:12 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d907fc24e771190bd52097e2d68609b4c1600306391; expires=Sat, 17-Oct-20 01:33:11 GMT; path=/; domain=.nswoodworks.buzz; HttpOnly; SameSite=Lax; Secure
x-powered-by
PHP/7.2.1
cf-cache-status
DYNAMIC
cf-request-id
053b4ac2d000001e47438f3200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5d3f13e48c421e47-FRA
content-encoding
br

Redirect headers

status
302 302 Found
date
Thu, 17 Sep 2020 01:33:11 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=deba7abfc8bc0d8c62dbdb647b9f7a96d1600306391; expires=Sat, 17-Oct-20 01:33:11 GMT; path=/; domain=.frdavidjones.com; HttpOnly; SameSite=Lax; Secure
x-rack-cache
miss
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
x-request-id
70d1b68dd602224d905a4f700169c684
location
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
x-ua-compatible
IE=Edge,chrome=1
x-runtime
0.036421
expires
Mon, 01 Jan 1990 00:00:00 GMT
x-powered-by
Phusion Passenger 6.0.4
cf-cache-status
DYNAMIC
cf-request-id
053b4ac00000002b714b8ee200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5d3f13e00ec42b71-FRA
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/
27 KB
5 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
30388
x-via
cfworker/kv
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4972
cf-request-id
053b4ac5cd00002c199410e200000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
etag
"5eb03e5f-6b4a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5d3f13e94e932c19-FRA
expires
Tue, 07 Sep 2021 01:33:12 GMT
bootstrap.min.css
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
118 KB
18 KB
Stylesheet
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/bootstrap.min.css
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:53 GMT
server
cloudflare
age
10
etag
W/"1d970-5af4363b3f2a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
5d3f13e948c51e47-FRA
cf-request-id
053b4ac5cd00001e474391f200000001
custome.css
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
45 KB
9 KB
Stylesheet
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/custome.css
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
436eb63bd65b02ea9f6f5aac0d98ac6e8948d027fd5c40b53b8ccba52fc528b7

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:41:17 GMT
server
cloudflare
age
10
etag
W/"b5b7-5af43ac9dac6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
5d3f13e948c61e47-FRA
cf-request-id
053b4ac5ce00001e4743920200000001
jquery.min.js
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
85 KB
29 KB
Script
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/jquery.min.js
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
W/"1538e-5af4363b5daef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
5d3f13e948c71e47-FRA
cf-request-id
053b4ac5ce00001e4743921200000001
bootstrap.min.js
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
36 KB
9 KB
Script
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/bootstrap.min.js
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
W/"90b5-5af4363b53ac7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
5d3f13e948c81e47-FRA
cf-request-id
053b4ac5ce00001e4743922200000001
wonderpush-loader.min.js
cdn.by.wonderpush.com/sdk/1.1/
881 B
1 KB
Script
General
Full URL
https://cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:13b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81afd6045b28099677e163f0df5b439bd9a3e3dc108e43f06b4bbd46437af0d2

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
gzip
cf-cache-status
HIT
age
32113
x-cache
Hit from cloudfront
status
200
access-control-max-age
86400
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
494
cf-request-id
053b4ac5e00000641317312200000001
access-control-allow-origin
*
last-modified
Wed, 16 Sep 2020 16:37:48 GMT
server
cloudflare
etag
"f2063251379395a52728ba0d086ed93fed6e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
HEAD, GET
content-type
application/javascript
via
1.1 a3c2566f9e36ad3cdf79fc6307fcf567.cloudfront.net (CloudFront)
cache-control
public,max-age=86400
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
cf-ray
5d3f13e96c246413-FRA
x-amz-cf-id
qauIatWZUQ6cwyGFyfNd50CiFJZ0AamvfYhPmKVdfjar80u00E-fdQ==
logo3.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
7 KB
7 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/logo3.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3302335108b2863a71ce68a1567cbcbc51a1edb3a6cbb3c056348d087a558850

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
2268
etag
"1ac9-5af4363ba91f7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e948c91e47-FRA
content-length
6857
cf-request-id
053b4ac5ce00001e4743923200000001
packingbox.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
99 KB
99 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/packingbox.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef2dd1a863266a66724cc98aaf544e7544ad005873447d2a9a4aa742658ca618

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
"18b7e-5af4363bbda17"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e948ca1e47-FRA
content-length
101246
cf-request-id
053b4ac5ce00001e4743924200000001
tickpic.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
17 KB
17 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/tickpic.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
910b702695e4a005e4a458ed75917ae0fbe816679401f37a07f4d8e96aff3e09

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
"43d7-5af4363c27967"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e948cb1e47-FRA
content-length
17367
cf-request-id
053b4ac5ce00001e4743925200000001
s20.jpg
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
37 KB
38 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/s20.jpg
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fa2785852d54f7af66fbd8ea3965e41588f3434bb93a1205dc5d41044fcd06a

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
"95ce-5af4363bec817"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e948cd1e47-FRA
content-length
38350
cf-request-id
053b4ac5ce00001e4743926200000001
qnt.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
3 KB
3 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/qnt.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6af479992ad8981e0aad3a93e2230d8e573f7e2096d4ded8dc4a0dbf4a72428b

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
"bbe-5af4363bd2237"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e948ce1e47-FRA
content-length
3006
cf-request-id
053b4ac5ce00001e4743927200000001
11.jpg
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
30 KB
30 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/11.jpg
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6654fb4826da62311efa94d34b800106d478bd077f046050989d77de36b0adac

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
8
etag
"7972-5af4363b67eff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958d71e47-FRA
content-length
31090
cf-request-id
053b4ac5d500001e4743928200000001
tv.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
102 KB
102 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/tv.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f2f0c972b4321108863fdab278c5857664651fcfb95dcdb297268560ae0574b

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:55 GMT
server
cloudflare
age
7
etag
"1987a-5af4363c3e0c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958da1e47-FRA
content-length
104570
cf-request-id
053b4ac5d700001e4743929200000001
socialicon.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
4 KB
4 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/socialicon.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
015728d971f379a474200ed9580bff8eaa4415b2e7e1d887e50af2a59b152916

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
10
etag
"ee8-5af4363c00c4f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958db1e47-FRA
content-length
3816
cf-request-id
053b4ac5d700001e474392a200000001
grantee_imag.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
17 KB
17 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/grantee_imag.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
841f5a88af438e31ee4133ccd0aa726a1b418048cf7e50a6871819374714db2e

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
7
etag
"421a-5af4363b71f27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958dc1e47-FRA
content-length
16922
cf-request-id
053b4ac5d700001e474392b200000001
signs.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
2 KB
2 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/signs.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b48969d61be48112a007c961b0e76b02cd22d5dda86db14120f13c71a35c9ec

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:29:26 GMT
server
cloudflare
age
8
etag
"78b-5af438245576f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958df1e47-FRA
content-length
1931
cf-request-id
053b4ac5d700001e474392c200000001
lock.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
571 B
701 B
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/lock.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92270ecd9b9cbb44622809715e9e862132731dca255313296ccb10f100fe2d0d

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
9
etag
"23b-5af4363b7c337"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958e11e47-FRA
content-length
571
cf-request-id
053b4ac5d700001e474392d200000001
ssl.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
6 KB
7 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/ssl.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd2dda7485a9fef032f36694a1168141fbd485f1704eabca64e4a02d3ae14c9a

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
7
etag
"19dd-5af4363c1546f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958e41e47-FRA
content-length
6621
cf-request-id
053b4ac5d700001e474392e200000001
logo2.png
developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/
21 KB
21 KB
Image
General
Full URL
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/logo2.png
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6818:6797 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90ecfbee19b034e584218f267c694e210cee162a424ec2b684bf5a5a51e56c70

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Sep 2020 10:20:54 GMT
server
cloudflare
age
2267
etag
"5523-5af4363b94dbf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5d3f13e958e61e47-FRA
content-length
21795
cf-request-id
053b4ac5d700001e474392f200000001
css
fonts.googleapis.com/
26 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Requested by
Host: developed.nswoodworks.buzz
URL: https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/custome.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e98a84d201a5ce748c59f64fe3b5341601b863b3fff7d63a045aa6f655edf08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://developed.nswoodworks.buzz/allcustomfiles/UK-amazon-multi-SEP-2020/custome.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 17 Sep 2020 01:33:12 GMT
server
ESF
date
Thu, 17 Sep 2020 01:33:12 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 17 Sep 2020 01:33:12 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://developed.nswoodworks.buzz
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Sep 2020 18:20:36 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:28 GMT
server
sffe
age
112356
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Wed, 15 Sep 2021 18:20:36 GMT
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://developed.nswoodworks.buzz
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Sep 2020 18:22:22 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:49 GMT
server
sffe
age
112250
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9180
x-xss-protection
0
expires
Wed, 15 Sep 2021 18:22:22 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://developed.nswoodworks.buzz
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Sep 2020 18:20:36 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:27 GMT
server
sffe
age
112356
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9080
x-xss-protection
0
expires
Wed, 15 Sep 2021 18:20:36 GMT
wonderpush.min.js
cdn.by.wonderpush.com/sdk/1.1.25.8/
404 KB
96 KB
Script
General
Full URL
https://cdn.by.wonderpush.com/sdk/1.1.25.8/wonderpush.min.js
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:13b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51efc99683bf2e99e715813d73d2e4d1e66887869bd6636d7b9c5edcec04c27a

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
gzip
cf-cache-status
HIT
age
32113
x-cache
Hit from cloudfront
status
200
access-control-max-age
86400
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
97472
cf-request-id
053b4ac6400000641317314200000001
access-control-allow-origin
*
last-modified
Wed, 16 Sep 2020 16:37:45 GMT
server
cloudflare
etag
"4c8c7ba67f4e600b20312b38356e4905ed6e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
HEAD, GET
content-type
application/javascript
via
1.1 2d1e1e8dc0f3eb7773ec9d89a7d50ce2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,stale-while-revalidate=2592000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
cf-ray
5d3f13ea0c356413-FRA
x-amz-cf-id
m8WwVi-JyVCnMQ0FNU4Du5FkDXU4Eh7zgf49xzW84WpTuFMDDOP8EQ==
41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0
cdn.by.wonderpush.com/config/webkeys/
1 KB
1 KB
XHR
General
Full URL
https://cdn.by.wonderpush.com/config/webkeys/41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1.25.8/wonderpush.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:13b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f49be23c64193b4c30b829b8ba61855ba97175c9c95ea7c1bc565c9591185b4

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1795
x-cache
Miss from cloudfront
status
200
access-control-max-age
86400
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
663
cf-request-id
053b4ac68d000005ed9cbf3200000001
access-control-allow-origin
*
last-modified
Mon, 22 Jun 2020 15:35:20 GMT
server
cloudflare
etag
"1bd6bd54171b7d1826920d9839e8a0e2ed6e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
HEAD, GET
content-type
application/json
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
cf-ray
5d3f13ea7e4505ed-FRA
x-amz-cf-id
oVjfG0naZWie4gAqpvy7-xq-j1XsioCBuC2d9ptdri-MaQJtgmlTfg==
geojs.js
cdn.by.wonderpush.com/plugins/geojs/1.0.2/
2 KB
1 KB
Script
General
Full URL
https://cdn.by.wonderpush.com/plugins/geojs/1.0.2/geojs.js
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1.25.8/wonderpush.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:13b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b877ef66eabd2dd21768d59e2ac26f9c4f48e0ed602e27cbd4d53c0701c7d515

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
gzip
cf-cache-status
HIT
age
7466259
x-cache
Miss from cloudfront
status
200
access-control-max-age
86400
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1055
cf-request-id
053b4ac6a40000641317317200000001
access-control-allow-origin
*
last-modified
Mon, 22 Jun 2020 15:30:23 GMT
server
cloudflare
etag
"eade35070a4a96bcbeb77c55c1856e96ed6e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
HEAD, GET
content-type
application/javascript
via
1.1 50584ad285d5f627ddebae74efdd0771.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,stale-while-revalidate=2592000
x-amz-cf-pop
OSL50-C1
accept-ranges
bytes
cf-ray
5d3f13eaac496413-FRA
x-amz-cf-id
20um1NkDIzY8WTsYdtY3Lw7Rpv_Br6dbhU0LP8tkl4t8AzS30VB60A==
geo.json
get.geojs.io/v1/ip/
363 B
829 B
XHR
General
Full URL
https://get.geojs.io/v1/ip/geo.json
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/plugins/geojs/1.0.2/geojs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adb3df06bc15b3c7f0eaba62d5a58b424678e6b9066984fe3995d1677cc0d59f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
053b4ac6da00002b713f18e200000001
x-request-id
0bf3d46da8010730fad9fee9df6d5c2e-AMS
x-geojs-location
AMS
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
cf-ray
5d3f13eafad52b71-FRA
events
measurements-api.wonderpush.com/v1/
21 B
206 B
XHR
General
Full URL
https://measurements-api.wonderpush.com/v1/events
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1.25.8/wonderpush.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://developed.nswoodworks.buzz/yd?mn=Z31wlW5oamKclX12wZyWaIh7YKCDomZjamKjY31y/ulrich.zuehlke%40koeln.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 17 Sep 2020 01:33:12 GMT
server
Google Frontend
status
202
content-type
application/json
access-control-allow-origin
https://developed.nswoodworks.buzz
x-cloud-trace-context
78307436ad25b296600fa51eccb92a54
access-control-allow-credentials
true
content-length
21

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online) Generic Scam (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| WonderPush function| chkvali function| partstep function| toSimpleJson function| startTimer object| d number| minutes string| hours string| ampm object| months object| days undefined| o undefined| two undefined| three undefined| four undefined| five number| srt

1 Cookies

Domain/Path Name / Value
.nswoodworks.buzz/ Name: __cfduid
Value: d907fc24e771190bd52097e2d68609b4c1600306391

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.by.wonderpush.com
cdnjs.cloudflare.com
developed.nswoodworks.buzz
fonts.googleapis.com
fonts.gstatic.com
get.geojs.io
measurements-api.wonderpush.com
trk-log.frdavidjones.com
2001:4860:4802:38::15
2606:4700:20::681a:164
2606:4700:3033::6818:6797
2606:4700:3037::681b:bd6f
2606:4700::6811:4e6b
2606:4700::6812:13b7
2a00:1450:4001:819::200a
2a00:1450:4001:81d::2003
015728d971f379a474200ed9580bff8eaa4415b2e7e1d887e50af2a59b152916
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1e98a84d201a5ce748c59f64fe3b5341601b863b3fff7d63a045aa6f655edf08
242499632cf240c6e265d33409ed41416a717df90254910b713376e5d5b631b8
3302335108b2863a71ce68a1567cbcbc51a1edb3a6cbb3c056348d087a558850
3f2f0c972b4321108863fdab278c5857664651fcfb95dcdb297268560ae0574b
436eb63bd65b02ea9f6f5aac0d98ac6e8948d027fd5c40b53b8ccba52fc528b7
4b48969d61be48112a007c961b0e76b02cd22d5dda86db14120f13c71a35c9ec
51efc99683bf2e99e715813d73d2e4d1e66887869bd6636d7b9c5edcec04c27a
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
6654fb4826da62311efa94d34b800106d478bd077f046050989d77de36b0adac
6af479992ad8981e0aad3a93e2230d8e573f7e2096d4ded8dc4a0dbf4a72428b
7f49be23c64193b4c30b829b8ba61855ba97175c9c95ea7c1bc565c9591185b4
7fa2785852d54f7af66fbd8ea3965e41588f3434bb93a1205dc5d41044fcd06a
81afd6045b28099677e163f0df5b439bd9a3e3dc108e43f06b4bbd46437af0d2
841f5a88af438e31ee4133ccd0aa726a1b418048cf7e50a6871819374714db2e
90ecfbee19b034e584218f267c694e210cee162a424ec2b684bf5a5a51e56c70
910b702695e4a005e4a458ed75917ae0fbe816679401f37a07f4d8e96aff3e09
92270ecd9b9cbb44622809715e9e862132731dca255313296ccb10f100fe2d0d
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
adb3df06bc15b3c7f0eaba62d5a58b424678e6b9066984fe3995d1677cc0d59f
b877ef66eabd2dd21768d59e2ac26f9c4f48e0ed602e27cbd4d53c0701c7d515
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
ef2dd1a863266a66724cc98aaf544e7544ad005873447d2a9a4aa742658ca618
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fd2dda7485a9fef032f36694a1168141fbd485f1704eabca64e4a02d3ae14c9a