w1.buysub.com Open in urlscan Pro
198.176.166.187 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-...
Effective URL:
https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Submission: On December 23 via manual (December 23rd 2022, 3:44:26 pm UTC) from US — Scanned from DE

Summary HTTP 45 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 45 HTTP transactions. The main IP is 198.176.166.187, located in United States and belongs to CDS-GLOBAL-01, US. The main domain is w1.buysub.com. The Cisco Umbrella rank of the primary domain is 232872.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 13th 2022. Valid for: a year.

This is the only time w1.buysub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	173.213.4.162 173.213.4.162	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
2 35	198.176.166.187 198.176.166.187	397973 (CDS-GLOBA...) (CDS-GLOBAL-01)
3	63.148.46.76 63.148.46.76	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	63.148.46.75 63.148.46.75	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
45	6

2 173.213.4.162 (United States) 2 redirects

ASN53316 (ASN-CHEETA-MAIL, US)

l.e-mail.hearstmags.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 198.176.166.187 (United States) 2 redirects

ASN397973 (CDS-GLOBAL-01, US)
PTR: w1.buysub.com

w1.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.148.46.76 (Reidsville, United States)

ASN53316 (ASN-CHEETA-MAIL, US)
PTR: sts.eccmp.com

sts.eccmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.148.46.75 (Reidsville, United States)

ASN53316 (ASN-CHEETA-MAIL, US)
PTR: ats.eccmp.com

ats.eccmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	buysub.com 2 redirects w1.buysub.com — Cisco Umbrella Rank: 232872	318 KB
4	eccmp.com sts.eccmp.com — Cisco Umbrella Rank: 17088 ats.eccmp.com — Cisco Umbrella Rank: 367973	18 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 757	83 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 304	67 KB
2	hearstmags.com 2 redirects l.e-mail.hearstmags.com	1000 B
0	jquery.com Failed code.jquery.com Failed
45	6

	Domain	Requested by
35	w1.buysub.com	2 redirects w1.buysub.com ats.eccmp.com
3	sts.eccmp.com	w1.buysub.com sts.eccmp.com
2	maxcdn.bootstrapcdn.com	w1.buysub.com maxcdn.bootstrapcdn.com
2	ajax.googleapis.com	w1.buysub.com ats.eccmp.com
2	l.e-mail.hearstmags.com	2 redirects
1	ats.eccmp.com	w1.buysub.com
0	code.jquery.com Failed	ats.eccmp.com
45	7

This site contains links to these domains. Also see Links.

Domain
service.bicycling.com
service.good
service.goodhousekeeping.com
www.hearst.com
optout.hearstmags.com

Subject Issuer	Validity	Valid
*.buysub.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.eccmp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-20` - `2023-06-20`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Frame ID: 33F0783981B91B72B2F7AE3CF6C1B752
Requests: 36 HTTP requests in this frame

Frame: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe.html
Frame ID: 2278779120D5C849D1AA72FE84A18995
Requests: 2 HTTP requests in this frame

Frame: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe(1).html
Frame ID: 8B0FF49432E297556399987598704F59
Requests: 2 HTTP requests in this frame

Frame: https://ats.eccmp.com/ats/show.aspx?cr=722&fm=45&email=mitchell@suu.edu&is_outbound=CC_Bills&mag_code=GHK&account_number=2346955749&name=Lucinda%20Mitchell&date_time=2022-12-23&page_id=13761&live_or_test=Live&complete=NO
Frame ID: 6F3CC71112B90A19BDED67C3003EBA4D
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Good Housekeeping Customer ServiceUntitled DocumentUntitled Document

Page URL History Show full URLs

http://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL... HTTP 302
https://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL... HTTP 302
https://w1.buysub.com/servlet/RemoteLoginGateway?cds_mag_code=GHK&cds_page_id=234741&cds_account_n... HTTP 302
https://w1.buysub.com/servlet/CSQuery?cds_mag_code=GHK&cds_account_number=2346955749&cds_query_typ... HTTP 302
https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1... Page URL
https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cd... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

45
Requests

91 %
HTTPS

33 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

484 kB
Transfer

994 kB
Size

5
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://service.bicycling.com/accounts/payments/2203401142627#main
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://service.good%20housekeeping.com/accounts/payments/2203401142627#main
Title: Skip Navigation

Search URL Search Domain Scan URL

URL: https://service.goodhousekeeping.com/
Title: Sign Out

Search URL Search Domain Scan URL

URL: https://www.hearst.com/-/us-magazines-privacy-notice
Title: Privacy Notice/Notice at Collection

Search URL Search Domain Scan URL

URL: https://www.hearst.com/-/us-magazines-privacy-notice#_ADDITIONAL_INFO
Title: Your California Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.hearst.com/-/us-magazines-privacy-notice#_INTEREST_BASED
Title: Interest-Based Ads

Search URL Search Domain Scan URL

URL: https://www.hearst.com/-/us-magazines-terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://optout.hearstmags.com/servlet/OrdersGateway?cds_mag_code=A99&cds_page_id=246801&client_id=7c9e3433malhhe1o5asmit2aeb
Title: DO NOT SELL MY PERSONAL INFORMATION

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://w1.buysub.com/servlet/RemoteLoginGateway?cds_mag_code=GHK&cds_page_id=234741&cds_account_number=2346955749&cds_query_type=A&cds_login_type=S&cds_return_url=https://w1.buysub.com/servlet/CSGateway%3Fcds_mag_code%3DGHK%26rc%3D&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://w1.buysub.com/servlet/CSQuery?cds_mag_code=GHK&cds_account_number=2346955749&cds_query_type=A&cds_page_id=234741&cds_remote_login=Y&cds_form_type=V&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l Page URL
https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://w1.buysub.com/servlet/RemoteLoginGateway?cds_mag_code=GHK&cds_page_id=234741&cds_account_number=2346955749&cds_query_type=A&cds_login_type=S&cds_return_url=https://w1.buysub.com/servlet/CSGateway%3Fcds_mag_code%3DGHK%26rc%3D&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://w1.buysub.com/servlet/CSQuery?cds_mag_code=GHK&cds_account_number=2346955749&cds_query_type=A&cds_page_id=234741&cds_remote_login=Y&cds_form_type=V&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l HTTP 302
https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Redirect_To_Payment.jsp Show response
w1.buysub.com/pubs/HR/GHK/
Redirect Chain

http://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l
https://l.e-mail.hearstmags.com/rts/go2.aspx?h=644347&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l&x=2346955749%7ci-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l
https://w1.buysub.com/servlet/RemoteLoginGateway?cds_mag_code=GHK&cds_page_id=234741&cds_account_number=2346955749&cds_query_type=A&cds_login_type=S&cds_return_url=https://w1.buysub.com/servlet/CSG...
https://w1.buysub.com/servlet/CSQuery?cds_mag_code=GHK&cds_account_number=2346955749&cds_query_type=A&cds_page_id=234741&cds_remote_login=Y&cds_form_type=V&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-C...
https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8K...

790 B
1 KB

227ms
227ms

Document
text/html

198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

454ef769b31ef89d6ea7647b2cae2ff068e98645dc09fae1484816b9599e126f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Language: en-US
Content-Length: 790
Content-Security-Policy: frame-ancestors 'none' ;
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 23 Dec 2022 15:44:22 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=86
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Accept-Encoding
X-Frame-Options: DENY
X-XSS-Protection: 1; mode = block
X-content-Type-Options: nosniff

Redirect headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Language: en-US
Content-Length: 0
Content-Security-Policy: frame-ancestors 'none' ;
Date: Fri, 23 Dec 2022 15:44:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=99
Location: https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff

GET
H/1.1 200
OK conversen-SDK.js Show response
sts.eccmp.com/sts/scripts/ 15 KB
8 KB 635ms
201ms Script
application/javascript 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.76 Reidsville, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: sts.eccmp.com
Software: /
Resource Hash: 735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 26 Oct 2022 19:18:40 GMT
Server
Age: 4921
ETag: "0e83bc16fe9d81:0"
X-Powered-By
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7528

GET 722
sts.eccmp.com/wts/WebEvent/GetCookieExpiry/ 0
0

GET
H/1.1 200
OK Primary Request GHK_payment.jsp Show response
w1.buysub.com/pubs/HR/GHK/ 283 KB
82 KB 288ms
288ms Document
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

f88bf85c68f81733a3a4fe8a4960dfad3a5cbbc5ffdd6b26ba2523b75763bbda

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/Redirect_To_Payment.jsp?cds_page_id=205804&cds_mag_code=GHK&id=1671810262029&lsid=23570944211045712&vid=1&source=Engage&tp=i-1NGB-Be-zTp-NmCaK-1w-CILJ-1c-J7PZ4-l8KFDXEZqq-UuL0l
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Encoding: gzip
Content-Language: en-US
Content-Security-Policy: frame-ancestors 'none' ;
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 23 Dec 2022 15:44:23 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=85
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: DENY
X-XSS-Protection: 1; mode = block
X-content-Type-Options: nosniff

GET
H/1.1 404
Not Found analytics.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 599ms
153ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:23 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=97
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found recaptcha__en.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 609ms
160ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/recaptcha__en.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:23 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=82
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found datadog-logs-us.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 453ms
164ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/datadog-logs-us.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:23 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=92
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found initDD.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 443ms
153ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/initDD.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:23 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=46
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET vendor.6c813ffd.css
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7/ 93 KB
34 KB 73ms
22ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 14:20:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33845
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Dec 2023 14:20:30 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 77ms
30ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 15:44:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723
age: 6122332
cdn-cachedat: 11/15/2021 21:49:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 8b677d48aa464c28c0815c97adbbe174
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 77e237e2da709195-FRA
cdn-requestpullsuccess: True

GET
H/1.1 404
Not Found CC.plus_scripts2.js
w1.buysub.com/pubs/HR/GHK/images/ 0
0 447ms
157ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/CC.plus_scripts2.js

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:23 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=92
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK gc_transactional_style.css
w1.buysub.com/pubs/HR/images/global_care_css/ 216 KB
60 KB 722ms
435ms Stylesheet
text/css 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

5a10de289e5a44ca3bc180c355d2041752fc5c61ee9e48e5bdac23e5d9fda3b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Encoding: gzip
X-content-Type-Options: nosniff
Date: Fri, 23 Dec 2022 15:44:23 GMT
Last-Modified: Mon, 27 Jun 2022 20:00:32 GMT
Age: 2330
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=97
Content-Length: 60983
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found payment-capture.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 254ms
155ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/payment-capture.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:23 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=84
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found pa-621d2bbb405b1d0011000901.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 161ms
160ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/pa-621d2bbb405b1d0011000901.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found 0.2aaa2c7d.chunk.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 158ms
157ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/0.2aaa2c7d.chunk.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found 2.5a885fa3.chunk.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 211ms
210ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/2.5a885fa3.chunk.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET vendor.6c813ffd.css
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0

GET
H/1.1 200
OK icon_visa.png
w1.buysub.com/pubs/HR/GHK/images/ 16 KB
17 KB 441ms
440ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/icon_visa.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

0bb9a9b4c586f4c483ac42f7dad2ed5b3ce4221e151e97bb7d055806dbbf1ae5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:24 GMT
X-content-Type-Options: nosniff
Last-Modified: Tue, 14 Jan 2020 22:19:42 GMT
Age: 0
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 16622
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon_mastercard.png
w1.buysub.com/pubs/HR/GHK/images/ 11 KB
12 KB 296ms
295ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/icon_mastercard.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

f66d85a1b62d15459ed38981ddf506fb0e2432926487c949771255ce2a0040ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:24 GMT
X-content-Type-Options: nosniff
Last-Modified: Tue, 14 Jan 2020 22:19:42 GMT
Age: 0
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=96
Content-Length: 11558
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon_discover.png
w1.buysub.com/pubs/HR/GHK/images/ 6 KB
7 KB 433ms
157ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/icon_discover.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

330c7b255f2ae49b2edabbe136c9bd494402d1d00fc2dcb4adb281fb6ce9226d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Tue, 14 Jan 2020 22:19:42 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 6117
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon_amex.png
w1.buysub.com/pubs/HR/GHK/images/ 10 KB
10 KB 426ms
157ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/icon_amex.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

16c5766c5df48cce2b97aad2a9662aca4619f42d2b714485c151e3873f2ae3aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Tue, 14 Jan 2020 22:19:42 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Keep-Alive: timeout=10, max=98
Content-Length: 10050
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found vendor.908687d5.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 158ms
158ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.908687d5.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found main.6b603782.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 161ms
161ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/main.6b603782.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found api.js.download
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ 0
0 214ms
157ms Script
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/api.js.download

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK script.js Show response
w1.buysub.com/pubs/HR/GHK/images/ 327 B
965 B 157ms
157ms Script
application/javascript 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/script.js

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

7768d68bf51b8cbd6cf88255aa17bf234e5f617c9ec297b99706672b5dfecdc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Wed, 09 Apr 2008 23:55:30 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
Content-Type: application/javascript
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 327
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ghk.png
w1.buysub.com/pubs/HR/GHK/images/2016/obpay/ 19 KB
20 KB 461ms
292ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/HR/GHK/images/2016/obpay/ghk.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

2cc8c5c52e430c21b9576f57b370c67e0577815d717c8fe7c3d7590c943259d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:24 GMT
X-content-Type-Options: nosniff
Last-Modified: Sat, 17 Sep 2016 18:23:51 GMT
Age: 3076
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 19659
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found fontawesome-webfont.woff2
w1.buysub.com/fonts/ 0
0 172ms
155ms Font
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=99
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK conversen-SDK.js Show response
sts.eccmp.com/sts/scripts/ 15 KB
8 KB 101ms
101ms Script
application/javascript 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.76 Reidsville, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: sts.eccmp.com
Software: /
Resource Hash: 735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 26 Oct 2022 19:18:40 GMT
Server
Age: 4923
ETag: "0e83bc16fe9d81:0"
X-Powered-By
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7528

GET
H/1.1 404
Not Found bframe.html Show response
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ Frame 2278 622 B
1 KB 285ms
151ms Document
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe.html

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

f61bc5e604194034dfd94d55de40e7eaf7e64a45863ae178643c2e6ad5265e5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

_WSEP
Connection: Keep-Alive
Content-Language: en-US
Content-Length: 622
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 23 Dec 2022 15:44:24 GMT
Keep-Alive: timeout=10, max=99
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff

GET
H/1.1 404
Not Found bframe(1).html Show response
w1.buysub.com/pubs/HR/GHK/payment_REAL_files/ Frame 8B0F 622 B
1 KB 334ms
195ms Document
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe(1).html

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

f61bc5e604194034dfd94d55de40e7eaf7e64a45863ae178643c2e6ad5265e5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

_WSEP
Connection: Keep-Alive
Content-Language: en-US
Content-Length: 622
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 23 Dec 2022 15:44:24 GMT
Keep-Alive: timeout=10, max=98
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff

GET
H/1.1 200
OK show.aspx Show response
ats.eccmp.com/ats/ Frame 6F3C 4 KB
2 KB 533ms
120ms Document
text/html 63.148.46.75
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.eccmp.com/ats/show.aspx?cr=722&fm=45&email=mitchell@suu.edu&is_outbound=CC_Bills&mag_code=GHK&account_number=2346955749&name=Lucinda%20Mitchell&date_time=2022-12-23&page_id=13761&live_or_test=Live&complete=NO
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.75 Reidsville, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: ats.eccmp.com
Software: /
Resource Hash: 95fa76c2d83dbd97d8672efafb2deda6697a950a2522904a7285c857a4f3fe13

Request headers

Referer: https://w1.buysub.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1259
Content-Type: text/html; charset=utf-8
Date: Fri, 23 Dec 2022 15:44:25 GMT
Expires: -1
Pragma: no-cache
SERVER
Vary: Accept-Encoding
X-Powered-By

GET
H/1.1 200
OK 722 Show response
sts.eccmp.com/wts/WebEvent/GetCookieExpiry/ 35 B
427 B 105ms
105ms XHR
text/xml 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/wts/WebEvent/GetCookieExpiry/722
Requested by: Host: sts.eccmp.com
URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.76 Reidsville, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: sts.eccmp.com
Software: /
Resource Hash: 61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
X-AspNetMvc-Version: 3.0
Server
X-Powered-By
Content-Type: text/xml; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Length: 35

GET
H/1.1 404
Not Found fontawesome-webfont.woff
w1.buysub.com/fonts/ 0
0 243ms
208ms Font
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/fonts/fontawesome-webfont.woff?v=4.7.0

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:24 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK CDS_Global_logo_60.png
w1.buysub.com/images/ Frame 2278 3 KB
3 KB 263ms
153ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/images/CDS_Global_logo_60.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

17d2b1fef942b27c2ebdd9c133db7c07d1d6660468e9ca5585d154e656544eb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:25 GMT
X-content-Type-Options: nosniff
Last-Modified: Wed, 12 May 2021 15:11:58 GMT
Age: 3186
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 2920
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK CDS_Global_logo_60.png
w1.buysub.com/images/ Frame 8B0F 3 KB
3 KB 238ms
145ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/images/CDS_Global_logo_60.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe(1).html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

17d2b1fef942b27c2ebdd9c133db7c07d1d6660468e9ca5585d154e656544eb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe(1).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:25 GMT
X-content-Type-Options: nosniff
Last-Modified: Wed, 12 May 2021 15:11:58 GMT
Age: 3186
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 2920
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found fontawesome-webfont.ttf
w1.buysub.com/fonts/ 0
0 176ms
156ms Font
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/fonts/fontawesome-webfont.ttf?v=4.7.0

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:25 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=99
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET jquery-latest.min.js
code.jquery.com/ Frame 6F3C 0
0

GET
H/1.1 200
OK jquery-1.6.2.min.js Show response
w1.buysub.com/javascript/jquery/ Frame 6F3C 89 KB
90 KB 291ms
290ms Script
application/javascript 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/javascript/jquery/jquery-1.6.2.min.js

Requested by

Host: ats.eccmp.com
URL: https://ats.eccmp.com/ats/show.aspx?cr=722&fm=45&email=mitchell@suu.edu&is_outbound=CC_Bills&mag_code=GHK&account_number=2346955749&name=Lucinda%20Mitchell&date_time=2022-12-23&page_id=13761&live_or_test=Live&complete=NO

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:25 GMT
X-content-Type-Options: nosniff
Last-Modified: Wed, 12 May 2021 15:11:58 GMT
Age: 2639
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=85
Content-Length: 91556
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame 6F3C 95 KB
33 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 09:02:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196934
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Dec 2023 09:02:11 GMT

GET
H/1.1 200
OK URL_QueryParameter.js Show response
w1.buysub.com/pubs/TK/AKO/images/js/ Frame 6F3C 8 KB
8 KB 147ms
146ms Script
application/javascript 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/TK/AKO/images/js/URL_QueryParameter.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

6f990797c81165faf3556848b0630a3fa16f9d7baf0d61d0bdd1c0c423c300b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Fri, 23 Dec 2022 15:44:25 GMT
X-content-Type-Options: nosniff
Last-Modified: Thu, 23 Mar 2017 18:40:45 GMT
Age: 233
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=98
Content-Length: 7994
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found fontawesome-webfont.woff2
w1.buysub.com/pubs/HR/images/GlobalCare/fonts/ 0
0 155ms
155ms Font
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/images/GlobalCare/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:25 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found fontawesome-webfont.woff
w1.buysub.com/pubs/HR/images/GlobalCare/fonts/ 0
0 150ms
150ms Font
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/images/GlobalCare/fonts/fontawesome-webfont.woff?v=4.7.0

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:25 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=97
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found fontawesome-webfont.ttf
w1.buysub.com/pubs/HR/images/GlobalCare/fonts/ 0
0 202ms
201ms Font
text/html 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/HR/images/GlobalCare/fonts/fontawesome-webfont.ttf?v=4.7.0

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://w1.buysub.com/pubs/HR/images/global_care_css/gc_transactional_style.css
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 15:44:25 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-US
_WSEP
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 622
X-XSS-Protection: 1; mode=block

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 292ms
266ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 15:44:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 894
cdn-cachedat: 07/10/2022 05:11:48
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 8e02a1b8f93798056b041802bc198e6d
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 77e237f05fb22bbb-FRA
cdn-requestpullsuccess: True

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sts.eccmp.com
URL: https://sts.eccmp.com/wts/WebEvent/GetCookieExpiry/722

Domain: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.6c813ffd.css

Domain: w1.buysub.com
URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.6c813ffd.css

Domain: code.jquery.com
URL: https://code.jquery.com/jquery-latest.min.js

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
l.e-mail.hearstmags.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: jwl4ovxhkythyv4atzod5rp0
l.e-mail.hearstmags.com/	1969-12-31 23:59:59	Name: BIGipServercnv_ats_ssl_pool Value: !q8bKzzmRZRwDXup6OZXeE4ohk16Q6rK2XRSYG2Pyfv3nAkSeZw/+XLc9y1gxHrKnOkcvUiV4p+byhDI=
w1.buysub.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 00009tyPLJcdsAphC_ubQnjXh8b:1dgnqdik0
.w1.buysub.com/	1969-12-31 23:59:59	Name: TS011e85fb Value: 01c449994b503b4b096a99cb64cc1aad1f12836b3e89bb6dfdd2b9f62c3b9bb5d5eeee1ef44d8ac800ee1703c5bf65c5fc0d5e612736cf32a49c1858c4efa0f2d287199214
.buysub.com/	1970-01-20 08:33:35	Name: xyz_cr_722_et_100 Value: =undefined&cr=722&wegc=null&et=100&ap=null

40 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/initDD.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to apply style from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.6c813ffd.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/images/CC.plus_scripts2.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/datadog-logs-us.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/datadog-logs-us.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/initDD.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/analytics.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/payment-capture.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to apply style from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.6c813ffd.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/recaptcha__en.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/recaptcha__en.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/images/CC.plus_scripts2.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/payment-capture.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.908687d5.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/main.6b603782.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/vendor.908687d5.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/main.6b603782.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
other	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761(Line 11348) Message: Error while parsing the 'sandbox' attribute: 'allow-storage-access-by-user-activation' is an invalid sandbox flag.
other	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761(Line 11354) Message: Error while parsing the 'sandbox' attribute: 'allow-storage-access-by-user-activation' is an invalid sandbox flag.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/pa-621d2bbb405b1d0011000901.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/pa-621d2bbb405b1d0011000901.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/0.2aaa2c7d.chunk.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/0.2aaa2c7d.chunk.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/2.5a885fa3.chunk.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/2.5a885fa3.chunk.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe.html Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/bframe(1).html Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/api.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://w1.buysub.com/pubs/HR/GHK/GHK_payment.jsp?lsid=23570944211045712&vid=1&cds_mag_code=GHK&cds_mag_code=13761 Message: Refused to execute script from 'https://w1.buysub.com/pubs/HR/GHK/payment_REAL_files/api.js.download' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://w1.buysub.com/fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/images/GlobalCare/fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/images/GlobalCare/fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://w1.buysub.com/pubs/HR/images/GlobalCare/fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
ats.eccmp.com
code.jquery.com
l.e-mail.hearstmags.com
maxcdn.bootstrapcdn.com
sts.eccmp.com
w1.buysub.com
code.jquery.com
sts.eccmp.com
w1.buysub.com
173.213.4.162
198.176.166.187
2606:4700::6812:acf
2a00:1450:4001:831::200a
63.148.46.75
63.148.46.76
0bb9a9b4c586f4c483ac42f7dad2ed5b3ce4221e151e97bb7d055806dbbf1ae5
16c5766c5df48cce2b97aad2a9662aca4619f42d2b714485c151e3873f2ae3aa
17d2b1fef942b27c2ebdd9c133db7c07d1d6660468e9ca5585d154e656544eb1
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cc8c5c52e430c21b9576f57b370c67e0577815d717c8fe7c3d7590c943259d0
330c7b255f2ae49b2edabbe136c9bd494402d1d00fc2dcb4adb281fb6ce9226d
454ef769b31ef89d6ea7647b2cae2ff068e98645dc09fae1484816b9599e126f
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
5a10de289e5a44ca3bc180c355d2041752fc5c61ee9e48e5bdac23e5d9fda3b8
61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6f990797c81165faf3556848b0630a3fa16f9d7baf0d61d0bdd1c0c423c300b6
735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3
7768d68bf51b8cbd6cf88255aa17bf234e5f617c9ec297b99706672b5dfecdc6
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
95fa76c2d83dbd97d8672efafb2deda6697a950a2522904a7285c857a4f3fe13
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
f61bc5e604194034dfd94d55de40e7eaf7e64a45863ae178643c2e6ad5265e5a
f66d85a1b62d15459ed38981ddf506fb0e2432926487c949771255ce2a0040ed
f88bf85c68f81733a3a4fe8a4960dfad3a5cbbc5ffdd6b26ba2523b75763bbda

w1.buysub.com Open in urlscan Pro 198.176.166.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

45 Requests

91 %HTTPS

33 %IPv6

6 Domains

7 Subdomains

6 IPs

2 Countries

484 kBTransfer

994 kBSize

5 Cookies

8 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

w1.buysub.com Open in urlscan Pro
198.176.166.187 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

91 %
HTTPS

33 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

484 kB
Transfer

994 kB
Size

5
Cookies

45 HTTP transactions
0 data transactions