secureforms.heffler.com Open in urlscan Pro
40.117.177.17  Public Scan

12 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 413d7525-c869-46fe-9b54-0f3aa0e2e12f Show response secureforms.heffler.com/DynamicForms2/150/Form/	47 KB 11 KB	526ms 103ms	Document text/html	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash ae0fb8f8ae07dbbd20e01fe8e9c8504a2530c33e2bbac7d8e084d393e7b0ad11 Request headers Host secureforms.heffler.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Cache-Control private, s-maxage=0 Content-Type text/html; charset=utf-8 Content-Encoding gzip Vary Accept-Encoding Server Microsoft-IIS/8.5 X-AspNetMvc-Version 5.2 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Date Thu, 13 Feb 2020 17:19:28 GMT Content-Length 10912
GET H/1.1	200 OK	layout secureforms.heffler.com/Content/	228 KB 54 KB	106ms 106ms	Stylesheet text/css	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/Content/layout?v=fJGv2OzoGn6ebeuxalXDWQsxn0oQkQKfCHsbNg2Hm7o1 Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash a1c5071e7e5b6b6fbf1129c6c601f8ce62f64a9836523955452df7bbac4164cf Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip Last-Modified Thu, 13 Feb 2020 17:19:28 GMT Server Microsoft-IIS/8.5 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Vary User-Agent,Accept-Encoding Content-Type text/css; charset=utf-8 Cache-Control public Content-Length 54759 Expires Fri, 12 Feb 2021 17:19:28 GMT
GET H/1.1	200 OK	custom.css secureforms.heffler.com/assets/css/	2 KB 1 KB	292ms 97ms	Stylesheet text/css	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/assets/css/custom.css Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 45ba5bb174d0b78e1f28f4c0bd2edb552fbf687dc89a4fe34db4b2cc7922206c Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip ETag "01e1c6310cbd51:0" Last-Modified Tue, 14 Jan 2020 19:25:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Cache-Control no-cache Accept-Ranges bytes Content-Length 948
GET H/1.1	200 OK	layout Show response secureforms.heffler.com/bundles/	345 KB 133 KB	301ms 104ms	Script text/javascript	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/bundles/layout?v=8vE7zAmJlKUchWaPbnQAHI8yL6W1gqnLCGt7fHjv3Zg1 Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 9baa0b3095dcafacccd2c9ec51535fe1b557616f1f475bf0a89d6017a37ba2f3 Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip Last-Modified Thu, 13 Feb 2020 17:19:28 GMT Server Microsoft-IIS/8.5 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Vary User-Agent,Accept-Encoding Content-Type text/javascript; charset=utf-8 Cache-Control public Transfer-Encoding chunked Expires Fri, 12 Feb 2021 17:19:28 GMT
GET H/1.1	200 OK	layout-async Show response secureforms.heffler.com/bundles/	84 KB 32 KB	387ms 191ms	Script text/javascript	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/bundles/layout-async?v=jutTjwUh2Sq1OiYDfZ_DS7wG8RdhVoHAvJw8dlEP6TM1 Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 668200c9d817506859c5484ff2f75c026e96d061892e69d22a29a162a4930133 Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip Last-Modified Thu, 13 Feb 2020 17:19:28 GMT Server Microsoft-IIS/8.5 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Vary User-Agent,Accept-Encoding Content-Type text/javascript; charset=utf-8 Cache-Control public Content-Length 32487 Expires Fri, 12 Feb 2021 17:19:28 GMT
GET H/1.1	200 OK	blank.jpg secureforms.heffler.com/Content/images/	2 KB 3 KB	298ms 102ms	Image image/jpeg	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://secureforms.heffler.com/Content/images/blank.jpg Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash e11479c5f71a691de4df2c3c10c495476e464a990db9fa2109266d9e0e131f48 Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Last-Modified Tue, 14 Jan 2020 19:25:30 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0f1ea6110cbd51:0" Content-Type image/jpeg Cache-Control no-cache Accept-Ranges bytes Content-Length 2353
GET H/1.1	200 OK	SurveyLogin.js Show response secureforms.heffler.com/Scripts/custom/30941/	702 B 793 B	298ms 102ms	Script application/javascript	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/Scripts/custom/30941/SurveyLogin.js Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 61fa50436fda3a165c975e473089befbba732d3544ba21a571b2b283eb618c5b Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip ETag "05645b560e0d51:0" Last-Modified Mon, 10 Feb 2020 22:23:24 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Cache-Control no-cache Accept-Ranges bytes Content-Length 462
GET H/1.1	200 OK	SurveyCallout.jpg secureforms.heffler.com/Content/custom/30941/	71 KB 72 KB	186ms 185ms	Image image/jpeg	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://secureforms.heffler.com/Content/custom/30941/SurveyCallout.jpg Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 7745f246dc7db7fcd9919d5cb261626bdc554bef869c0b811f163e54d3a64090 Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Last-Modified Tue, 11 Feb 2020 21:39:52 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "084cfca23e1d51:0" Content-Type image/jpeg Cache-Control no-cache Accept-Ranges bytes Content-Length 73195
GET H/1.1	200 OK	captcha.js Show response secureforms.heffler.com/scripts/	3 KB 1 KB	102ms 101ms	Script application/javascript	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/scripts/captcha.js Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 4db39487720fbe2d81161195014eac057feb2cdaf135b311d006e55e678fae4c Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip ETag "0b94e4510cbd51:0" Last-Modified Tue, 14 Jan 2020 19:24:42 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Cache-Control no-cache Accept-Ranges bytes Content-Length 1013
GET H/1.1	200 OK	CustomValidation.js Show response secureforms.heffler.com/Scripts/	26 KB 5 KB	98ms 98ms	Script application/javascript	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/Scripts/CustomValidation.js Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 72f96b156ab36fc20ef19d5ad51d432ddb3e5e2677326cda6705c73c2dd907e3 Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip ETag "0b94e4510cbd51:0" Last-Modified Tue, 14 Jan 2020 19:24:42 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Cache-Control no-cache Accept-Ranges bytes Content-Length 4821
GET H/1.1	200 OK	bootstrap-datepicker.min.js Show response secureforms.heffler.com/Scripts/	33 KB 10 KB	185ms 185ms	Script application/javascript	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://secureforms.heffler.com/Scripts/bootstrap-datepicker.min.js Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash bab0b131a4edcae13c50ae5779562e41b9bf3219d77e5a99fc1f403a4c9382ea Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Content-Encoding gzip ETag "0b94e4510cbd51:0" Last-Modified Tue, 14 Jan 2020 19:24:42 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Cache-Control no-cache Accept-Ranges bytes Content-Length 10021
GET H/1.1	200 OK	HeaderBg.jpg secureforms.heffler.com/Content/images/	2 KB 2 KB	97ms 97ms	Image image/jpeg	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://secureforms.heffler.com/Content/images/HeaderBg.jpg Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 94ee3478d2b03b966c36a55b485cb32d6e9868b34c0d6caed03c2bb0c5132ff4 Request headers Referer https://secureforms.heffler.com/Content/layout?v=fJGv2OzoGn6ebeuxalXDWQsxn0oQkQKfCHsbNg2Hm7o1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Last-Modified Tue, 14 Jan 2020 19:25:30 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0f1ea6110cbd51:0" Content-Type image/jpeg Cache-Control no-cache Accept-Ranges bytes Content-Length 2069
GET H/1.1	200 OK	pdf.gif secureforms.heffler.com/Content/images/	580 B 851 B	97ms 97ms	Image image/gif	40.117.177.17 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://secureforms.heffler.com/Content/images/pdf.gif Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 40.117.177.17 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash c01a028ad36a52669b22934d666c22e08c07331ff370b46647825dd9012b462c Request headers Referer https://secureforms.heffler.com/Content/layout?v=fJGv2OzoGn6ebeuxalXDWQsxn0oQkQKfCHsbNg2Hm7o1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Thu, 13 Feb 2020 17:19:28 GMT Last-Modified Tue, 14 Jan 2020 19:25:30 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0f1ea6110cbd51:0" Content-Type image/gif Cache-Control no-cache Accept-Ranges bytes Content-Length 580
GET H2	200	analytics.js Show response www.google-analytics.com/	44 KB 18 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 06 Feb 2020 00:21:02 GMT server Golfe2 age 2756 date Thu, 13 Feb 2020 16:33:32 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 18174 expires Thu, 13 Feb 2020 18:33:32 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	738 B 823 B	32ms 19ms	Script text/javascript	2a00:1450:4001:820::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?onload=captchaLoadCallback&render=explicit Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/scripts/captcha.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 303a8c0cadd7928296ba60a38e258a67560c9c834c37b5a5508173d5cb3d0aef Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Thu, 13 Feb 2020 17:19:28 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 status 200 cache-control private, max-age=300 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 469 x-xss-protection 1; mode=block expires Thu, 13 Feb 2020 17:19:28 GMT
GET H2	200	collect www.google-analytics.com/r/	35 B 101 B	13ms 13ms	Image image/gif	2a00:1450:4001:806::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1828269700&t=pageview&_s=1&dl=https%3A%2F%2Fsecureforms.heffler.com%2FDynamicForms2%2F150%2FForm%2F413d7525-c869-46fe-9b54-0f3aa0e2e12f%3F333039343130574E4D59505444&ul=en-us&de=UTF-8&dt=Sanchez%20v.%20CalPERS%20Class%20Action%20Partial%20Settlement&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAAAB~&jid=1945720104&gjid=423611148&cid=727465509.1581614369&tid=UA-82088815-39&_gid=100506783.1581614369&_r=1&z=1386707566 Requested by Host: secureforms.heffler.com URL: https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers pragma no-cache date Thu, 13 Feb 2020 17:19:28 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 access-control-allow-origin * content-type image/gif status 200 cache-control no-cache, no-store, must-revalidate alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/JZfekeK8w6ZlhLfH_ZyseSLX/	259 KB 93 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/JZfekeK8w6ZlhLfH_ZyseSLX/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?onload=captchaLoadCallback&render=explicit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c32303ef7ad0a14c7c2b4f4af7211c93ab5b1f17b7804027861c1829e727e1ad Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Mon, 10 Feb 2020 18:21:04 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 10 Feb 2020 05:05:24 GMT server sffe age 255504 vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 95032 x-xss-protection 0 expires Tue, 09 Feb 2021 18:21:04 GMT
GET H2	200	anchor www.google.com/recaptcha/api2/ Frame 02A7	0 0	129ms 129ms	Document text/html	2a00:1450:4001:820::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeveRUUAAAAAMRdgfWYWDzGd1iGYPSB_TIvg7nN&co=aHR0cHM6Ly9zZWN1cmVmb3Jtcy5oZWZmbGVyLmNvbTo0NDM.&hl=en&v=JZfekeK8w6ZlhLfH_ZyseSLX&size=normal&cb=xct3yymxp5nk Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/JZfekeK8w6ZlhLfH_ZyseSLX/recaptcha__en.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-0c3eSOJ8++fsVlhqjEvYXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/anchor?ar=1&k=6LeveRUUAAAAAMRdgfWYWDzGd1iGYPSB_TIvg7nN&co=aHR0cHM6Ly9zZWN1cmVmb3Jtcy5oZWZmbGVyLmNvbTo0NDM.&hl=en&v=JZfekeK8w6ZlhLfH_ZyseSLX&size=normal&cb=xct3yymxp5nk pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest iframe accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Response headers status 200 content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Thu, 13 Feb 2020 17:19:28 GMT content-security-policy script-src 'report-sample' 'nonce-0c3eSOJ8++fsVlhqjEvYXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 10205 server GSE alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
GET H2	200	bframe www.google.com/recaptcha/api2/ Frame 5CDB	0 0	29ms 29ms	Document text/html	2a00:1450:4001:820::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=en&v=JZfekeK8w6ZlhLfH_ZyseSLX&k=6LeveRUUAAAAAMRdgfWYWDzGd1iGYPSB_TIvg7nN&cb=hrm2l42o2rv8 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/JZfekeK8w6ZlhLfH_ZyseSLX/recaptcha__en.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-/KmWZH1zR6gxdWCMGQBBeQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/bframe?hl=en&v=JZfekeK8w6ZlhLfH_ZyseSLX&k=6LeveRUUAAAAAMRdgfWYWDzGd1iGYPSB_TIvg7nN&cb=hrm2l42o2rv8 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest iframe accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Referer https://secureforms.heffler.com/DynamicForms2/150/Form/413d7525-c869-46fe-9b54-0f3aa0e2e12f?333039343130574E4D59505444 Response headers status 200 content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Thu, 13 Feb 2020 17:19:29 GMT content-security-policy script-src 'report-sample' 'nonce-/KmWZH1zR6gxdWCMGQBBeQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 1197 server GSE alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| userRefNum object| forms object| thisform string| pkid object| formConfig object| InitData function| captchaLoadCallback function| showform function| insertRequired function| bindFormField function| bindClaimTransactions function| setPostBackData function| refNumLogin function| formLoginValidated function| formLoginFailure function| formLogin function| ADACleanup object| regexrules function| getregexrule function| isNotPoBox function| isAllNumbers function| isForeign function| isValidPhonenumber object| html5 object| Modernizr object| respond string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha object| closure_lm_158176

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secureforms.heffler.com/	1970-01-19 07:20:14	Name: _gat Value: 1
			secureforms.heffler.com/	1970-01-19 07:21:40	Name: _gid Value: GA1.1.100506783.1581614369
			secureforms.heffler.com/	1970-01-20 00:51:26	Name: _ga Value: GA1.1.727465509.1581614369

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://secureforms.heffler.com/scripts/captcha.js(Line 47) Message: [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secureforms.heffler.com
www.google-analytics.com
www.google.com
www.gstatic.com
2a00:1450:4001:806::200e
2a00:1450:4001:808::2003
2a00:1450:4001:820::2004
40.117.177.17
303a8c0cadd7928296ba60a38e258a67560c9c834c37b5a5508173d5cb3d0aef
45ba5bb174d0b78e1f28f4c0bd2edb552fbf687dc89a4fe34db4b2cc7922206c
4db39487720fbe2d81161195014eac057feb2cdaf135b311d006e55e678fae4c
61fa50436fda3a165c975e473089befbba732d3544ba21a571b2b283eb618c5b
668200c9d817506859c5484ff2f75c026e96d061892e69d22a29a162a4930133
72f96b156ab36fc20ef19d5ad51d432ddb3e5e2677326cda6705c73c2dd907e3
7745f246dc7db7fcd9919d5cb261626bdc554bef869c0b811f163e54d3a64090
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
94ee3478d2b03b966c36a55b485cb32d6e9868b34c0d6caed03c2bb0c5132ff4
9baa0b3095dcafacccd2c9ec51535fe1b557616f1f475bf0a89d6017a37ba2f3
a1c5071e7e5b6b6fbf1129c6c601f8ce62f64a9836523955452df7bbac4164cf
ae0fb8f8ae07dbbd20e01fe8e9c8504a2530c33e2bbac7d8e084d393e7b0ad11
bab0b131a4edcae13c50ae5779562e41b9bf3219d77e5a99fc1f403a4c9382ea
c01a028ad36a52669b22934d666c22e08c07331ff370b46647825dd9012b462c
c32303ef7ad0a14c7c2b4f4af7211c93ab5b1f17b7804027861c1829e727e1ad
e11479c5f71a691de4df2c3c10c495476e464a990db9fa2109266d9e0e131f48
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d