stopforeclosurefraud.com Open in urlscan Pro
192.185.20.32 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://stopforeclosurefraud.com/
Effective URL:
https://stopforeclosurefraud.com/
Submission Tags: tranco_l324
Submission: On March 22 via api (March 22nd 2024, 5:41:23 am UTC) from DE — Scanned from DE

Summary HTTP 36 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 12 domains to perform 36 HTTP transactions. The main IP is 192.185.20.32, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is stopforeclosurefraud.com.
TLS certificate: Issued by R3 on February 9th 2024. Valid for: 3 months.

This is the only time stopforeclosurefraud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 18	192.185.20.32 192.185.20.32	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 2	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
2	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1 8	2606:4700::68... 2606:4700::6812:1a03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	13.33.158.230 13.33.158.230	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c1f::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
36	13

18 192.185.20.32 (United States) 3 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: maitkava.com

stopforeclosurefraud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.stopforeclosurefraud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.21 (United States) 2 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:1a03 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.vcita.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.33.158.230 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-158-230.fra60.r.cloudfront.net

d2ra6nuwn69ktl.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1f::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	stopforeclosurefraud.com 3 redirects stopforeclosurefraud.com www.stopforeclosurefraud.com	352 KB
8	vcita.com 1 redirects www.vcita.com — Cisco Umbrella Rank: 167974	17 KB
3	cloudfront.net d2ra6nuwn69ktl.cloudfront.net	115 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	218 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2594	3 KB
2	paypal.com 2 redirects www.paypal.com — Cisco Umbrella Rank: 3055	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 251	90 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	2 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 195	17 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1408	7 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	4 KB
1	google.com www.google.com — Cisco Umbrella Rank: 5	1 KB
36	12

	Domain	Requested by
15	stopforeclosurefraud.com	1 redirects stopforeclosurefraud.com
8	www.vcita.com	1 redirects stopforeclosurefraud.com www.vcita.com static.cloudflareinsights.com
3	d2ra6nuwn69ktl.cloudfront.net	www.vcita.com d2ra6nuwn69ktl.cloudfront.net
3	www.stopforeclosurefraud.com	2 redirects stopforeclosurefraud.com
2	www.paypalobjects.com	stopforeclosurefraud.com
2	www.paypal.com	2 redirects
2	connect.facebook.net	stopforeclosurefraud.com connect.facebook.net
1	www.facebook.com	connect.facebook.net
1	fonts.gstatic.com	fonts.googleapis.com
1	stats.g.doubleclick.net	www.vcita.com
1	static.cloudflareinsights.com	www.vcita.com
1	fonts.googleapis.com	www.vcita.com
1	www.gstatic.com	www.google.com
1	www.google.com	stopforeclosurefraud.com
36	14

This site contains links to these domains. Also see Links.

Domain
forum.stopforeclosurefraud.com
www.mortgageauditsonline.com
www.securitizationauditpro.com
google
thewion.com
akismet.com
www.innzes.com
inoplugs.com
schoenmann.at

Subject Issuer	Validity	Valid
*.stopforeclosurefraud.com R3	`2024-02-09` - `2024-05-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-30` - `2024-03-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
www.vcita.com GTS CA 1P5	`2024-02-25` - `2024-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://stopforeclosurefraud.com/
Frame ID: F309E6A0D4CA5E1C08F15209591B7A8D
Requests: 26 HTTP requests in this frame

Frame: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
Frame ID: 1283C29E58A2D6BD0C09341967F1DA6D
Requests: 12 HTTP requests in this frame

Frame: https://www.vcita.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js
Frame ID: B4D567D0E8FA911585CC9E5F6B15BA36
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9e7cc081adc20c39%26domain%3Dstopforeclosurefraud.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstopforeclosurefraud.com%252Ff2e3f57694c3b1e92%26relation%3Dparent.parent&container_width=0&font=arial&href=https%3A%2F%2Fstopforeclosurefraud.com%2F&locale=en_US&sdk=joey&show_faces=false&width=320
Frame ID: AB677C0EEF4F88478B482F559B948949
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://stopforeclosurefraud.com/ HTTP 301
https://stopforeclosurefraud.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

36
Requests

86 %
HTTPS

69 %
IPv6

12
Domains

14
Subdomains

13
IPs

3
Countries

824 kB
Transfer

1989 kB
Size

6
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://forum.stopforeclosurefraud.com/
Title: Foreclosure Defense Forum

Search URL Search Domain Scan URL

URL: https://www.mortgageauditsonline.com/
Title: <img src="https://stopforeclosurefraud.com/wp-content/uploads/2020/08/B1-Artboard-1-copy_2x.png" alt="Get Securitization Audit Report in just $299" width="550">

Search URL Search Domain Scan URL

URL: http://www.securitizationauditpro.com/
Title: <img src="https://stopforeclosurefraud.com/wp-content/uploads/2020/08/SQUARE-Artboard-1-copy_2x.png" width="300" height="250" alt="Advert" />

Search URL Search Domain Scan URL

URL: http://google/
Title: Koreen Barowski

Search URL Search Domain Scan URL

URL: https://thewion.com/mortgage-audits-online-company-reviews/
Title: mortgage audits online company reviews – THEWION

Search URL Search Domain Scan URL

URL: https://akismet.com/
Title: 173,391 spam blocked by Akismet

Search URL Search Domain Scan URL

URL: https://www.innzes.com/
Title: INNZES SOLUTIONS

Search URL Search Domain Scan URL

URL: http://inoplugs.com/
Title: WP-Backgrounds Lite by InoPlugs Web Design

Search URL Search Domain Scan URL

URL: http://schoenmann.at/
Title: Juwelier Schönmann 1010 Wien

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://stopforeclosurefraud.com/ HTTP 301
https://stopforeclosurefraud.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif HTTP 301
https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif

Request Chain 6

https://www.stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1 HTTP 301
https://stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1

Request Chain 7

https://www.stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1 HTTP 301
https://stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1

Request Chain 35

https://www.vcita.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.vcita.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

Request Chain 37

https://www.paypal.com/en_US/i/scr/pixel.gif HTTP 301
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

36 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
stopforeclosurefraud.com/
Redirect Chain

http://stopforeclosurefraud.com/
https://stopforeclosurefraud.com/

120 KB
36 KB

572ms
278ms

Document
text/html

192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: a0bd52e1afe76e722698c3e59311ca2b852b24a6669188359e0dab6fbc78aa51

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 22 Mar 2024 05:41:17 GMT
expires: Fri, 22 Mar 2024 05:41:17 GMT
last-modified: Fri, 22 Mar 2024 04:23:19 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Cache-Control: max-age=0
Connection: Upgrade, Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 22 Mar 2024 05:41:16 GMT
Expires: Fri, 22 Mar 2024 05:41:16 GMT
Keep-Alive: timeout=5, max=75
Location: https://stopforeclosurefraud.com/
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding
X-Redirect-By: WordPress

GET
H2 200 657ea78122336a2113bfe0b2a37661d9.css
stopforeclosurefraud.com/wp-content/cache/min/1/ 105 KB
22 KB 147ms
147ms Stylesheet
text/css 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/wp-content/cache/min/1/657ea78122336a2113bfe0b2a37661d9.css
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: f2b3f99fda164dac1852f91593900e04517061fc161e030544959585353f6544

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:17 GMT
content-encoding: gzip
last-modified: Tue, 12 Mar 2024 08:11:31 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Sat, 22 Mar 2025 05:41:17 GMT

GET
H2 200 jquery.min.js Show response
stopforeclosurefraud.com/wp-includes/js/jquery/ 86 KB
38 KB 155ms
154ms Script
application/javascript 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:17 GMT
content-encoding: gzip
last-modified: Wed, 31 Jan 2024 09:28:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Sat, 22 Mar 2025 05:41:17 GMT

GET
H2 200 search.gif
stopforeclosurefraud.com/wp-content/themes/gazette/styles/lightblue/ 599 B
710 B 143ms
142ms Image
image/gif 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/themes/gazette/styles/lightblue/search.gif
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: d4e0e5aa2684264181be7eaa3583b79d75317c07c5317230b92435c83f5ba0bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:17 GMT
last-modified: Tue, 22 Jun 2010 11:10:08 GMT
server: Apache
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 599
expires: Sat, 20 Jul 2024 05:41:17 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 130ms
41ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e434fd58b76b78d5779c64365dfbb204109fc5269e954f3fe6dae67263492b59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 22 Mar 2024 05:41:18 GMT
content-md5: LgovdhmuOqJp/rhPNQZuhQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: iAiIzxdnVBvef6Ex0LhxzSBB3QSIffoznYLznaejaM7LqbjfIvtA7735URZEfGto9MpEAiF7gLrBWkTynygRGA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: cc3aa2b0b31e6b964087734ca84594fc
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "58914ae80e31744fc729afa79b51f3a4"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 22 Mar 2024 05:47:12 GMT

GET
H2

200

btn_donate_LG.gif
www.paypalobjects.com/en_US/i/btn/
Redirect Chain

https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif
https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif

2 KB
2 KB

173ms
39ms

Image
image/gif

151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif

Requested by

Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/

Protocol

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4a289c9f71fb1bb1e08de0f61000167d7824e87ad441c0a0dd8a9c68d0346252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
fastly-io-served-by: vpop-haf2300711
x-cache: HIT, HIT
fastly-io-info: ifsz=1597 idim=92x26 ifmt=gif ofsz=1582 odim=92x26 ofmt=gif
paypal-debug-id: aee89020ff067
fastly-stats: io=1
dc: ccg11-origin-www-1.paypal.com
content-length: 1582
x-served-by: cache-sjc10026-SJC, cache-fra-etou8220087-FRA
traceparent: 00-0000000000000000000aee89020ff067-2f974ea4e48349ec-01
x-timer: S1711086078.436039,VS0,VE0
etag: "/uezNCAzEMPWe00W1MC2Y5Nrk0Jj/FbzudktJNGYIBo"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 3505, 65

Redirect headers

date: Fri, 22 Mar 2024 05:41:18 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
paypal-debug-id: f678929215d01
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-etou8220096-FRA, cache-fra-etou8220096-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f678929215d01-dac0a8943820f317-01
x-timer: S1711086078.104808,VS0,VE156
location: https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 jquery.form.js Show response
www.stopforeclosurefraud.com/wp-includes/js/jquery/ 41 KB
16 KB 596ms
147ms Script
application/javascript 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stopforeclosurefraud.com/wp-includes/js/jquery/jquery.form.js?ver=2.02m
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 8e98c3b32ddbaaf2bc59655747927edf44b1d5694fef89e6b4d41cf66d6a052b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
last-modified: Wed, 31 Jan 2024 09:28:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 16440
expires: Sat, 22 Mar 2025 05:41:18 GMT

GET
H2

404

scripts.js
stopforeclosurefraud.com/wp-content/plugins/contact-form-7/
Redirect Chain

https://www.stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1
https://stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1

0
0

401ms
401ms

Script
text/html

192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://stopforeclosurefraud.com/wp-json/>; rel="https://api.w.org/"
content-length: 16271
expires: Wed, 11 Jan 1984 05:00:00 GMT

Redirect headers

date: Fri, 22 Mar 2024 05:41:18 GMT
server: Apache
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1
cache-control: no-cache, must-revalidate, max-age=0
content-length: 0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

sexy-bookmarks-public.js
stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/
Redirect Chain

https://www.stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1
https://stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1

0
0

451ms
451ms

Script
text/html

192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://stopforeclosurefraud.com/wp-json/>; rel="https://api.w.org/"
content-length: 16281
expires: Wed, 11 Jan 1984 05:00:00 GMT

Redirect headers

date: Fri, 22 Mar 2024 05:41:18 GMT
server: Apache
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1
cache-control: no-cache, must-revalidate, max-age=0
content-length: 0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 137ms
49ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Requested by

Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a7c29355792b945e2bfd121c08acbdc90b844924b2f2dc7be731f2202e6fc333

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 22 Mar 2024 05:41:18 GMT

GET
H2 200 lazyload.min.js Show response
stopforeclosurefraud.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/ 8 KB
3 KB 151ms
151ms Script
application/javascript 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
last-modified: Tue, 17 Nov 2020 02:13:37 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 3036
expires: Sat, 22 Mar 2025 05:41:18 GMT

GET
H2 200 ae1c5cc5b4f7db590ba1645419cf3c40.js Show response
stopforeclosurefraud.com/wp-content/cache/min/1/ 88 KB
36 KB 151ms
151ms Script
application/javascript 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://stopforeclosurefraud.com/wp-content/cache/min/1/ae1c5cc5b4f7db590ba1645419cf3c40.js
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: ab4a074acf9cfa2f5feb9b0fd18c43e6ac08074be0249032bf76f1b14e555cf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
last-modified: Tue, 12 Mar 2024 08:16:30 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Sat, 22 Mar 2025 05:41:18 GMT

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c132780b723b1f67f5d065ebad4f01604fddcedaac1f8d5add2cb1330b7e46f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c9017875e57958d3f3a369364ea4290cf8bbf67c558049cea85e9b3c60eec54

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 305 KB
86 KB 84ms
41ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=62159991865ee833a7f1791e4cd7a69b

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f3e8e39256adbbb26e9663d82965798657a45545605fb8b3875b95de329dfea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://stopforeclosurefraud.com/
Origin: https://stopforeclosurefraud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 22 Mar 2024 05:41:18 GMT
content-md5: N4Jeg1zxJH/k25yFdaqKGw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88151
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4330, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: IoRi7NtRY0Ra6/p1JndaXFHFUohuIH+M69dO2a8B/ySjknF77WHT7Tbg97LPzCPq7VbjYtwMQLd8BAwXQzCDwg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 47332cce5b6ca1b5b664a71fdb27b0d6
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "d7ee46a657f2fc08e00bbd1958fc3215"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sat, 22 Mar 2025 04:16:30 GMT

GET
H2 200 ico-arrow.gif
stopforeclosurefraud.com/wp-content/themes/gazette/images/ 312 B
344 B 143ms
143ms Image
image/gif 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/themes/gazette/images/ico-arrow.gif
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/wp-content/cache/min/1/657ea78122336a2113bfe0b2a37661d9.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 6975cf611393c0eb3efbf02a8a5f9257d8922f3cfd15a86ea44495e55e9ddf01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/wp-content/cache/min/1/657ea78122336a2113bfe0b2a37661d9.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
last-modified: Tue, 22 Jun 2010 11:10:08 GMT
server: Apache
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 312
expires: Sat, 20 Jul 2024 05:41:18 GMT

GET
H2 200 ico-comm.gif
stopforeclosurefraud.com/wp-content/themes/gazette/images/ 316 B
372 B 142ms
142ms Image
image/gif 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/themes/gazette/images/ico-comm.gif
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/wp-content/cache/min/1/657ea78122336a2113bfe0b2a37661d9.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: bec74e7d5efe65b57370ee6f2b4c74b9a88ee7694199b4cdae1d5947850b36bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/wp-content/cache/min/1/657ea78122336a2113bfe0b2a37661d9.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
last-modified: Tue, 22 Jun 2010 11:10:08 GMT
server: Apache
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 316
expires: Sat, 20 Jul 2024 05:41:18 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a14ea03c678fe3a3ac453e1778b500e39bd693d46843141ad49536f0760012d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/ 499 KB
199 KB 128ms
40ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

554fdc93109beed0802d148bc60f1b16fe7d8caf68ef4ecb95b562463b7844c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://stopforeclosurefraud.com/
Origin: https://stopforeclosurefraud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 15:16:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51869
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 203033
x-xss-protection: 0
last-modified: Tue, 19 Mar 2024 18:14:50 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Mar 2025 15:16:49 GMT

GET
H2 200 houselogo21AD2.png
stopforeclosurefraud.com/wp-content/uploads/2013/12/ 8 KB
8 KB 144ms
143ms Image
image/png 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/uploads/2013/12/houselogo21AD2.png
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 80ee5e203773ccf876f9f10382735c7ce1db3836a33c354d82ea4c5fb9f6025e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
last-modified: Fri, 27 Dec 2013 02:43:57 GMT
server: Apache
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 8511
expires: Sat, 20 Jul 2024 05:41:18 GMT

GET
H2 200 B1-Artboard-1-copy_2x.png
stopforeclosurefraud.com/wp-content/uploads/2020/08/ 64 KB
64 KB 282ms
281ms Image
image/png 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/uploads/2020/08/B1-Artboard-1-copy_2x.png
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 8daab9f494e36f080d77d5b6a9d838cd136aad9c46ab7496f103b90620cc837e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
last-modified: Tue, 17 Nov 2020 03:34:29 GMT
server: Apache
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 65483
expires: Sat, 20 Jul 2024 05:41:18 GMT

GET
H2 200 thumb.php
stopforeclosurefraud.com/wp-content/themes/gazette/ 3 KB
3 KB 239ms
239ms Image
image/jpeg 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/themes/gazette/thumb.php?src=wp-content/uploads/2011/08/imageunavailable.jpg&w=100&h=57&zc=1&q=90
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 6e2f69c6b905be0c096b9d7b776493d7a6ca7cb14ec891bd3f155c922622ce31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 05:41:18 GMT
server: Apache
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=864000, must-revalidate
accept-ranges: none
content-length: 2622
expires: Mon, 01 Apr 2024 05:41:18 GMT

GET
H2 200 SQUARE-Artboard-1-copy_2x.png
stopforeclosurefraud.com/wp-content/uploads/2020/08/ 125 KB
125 KB 143ms
143ms Image
image/png 192.185.20.32
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stopforeclosurefraud.com/wp-content/uploads/2020/08/SQUARE-Artboard-1-copy_2x.png
Requested by: Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.20.32 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: maitkava.com
Software: Apache /
Resource Hash: 2e04ed045045ec5b162c110924f48c371731fba720045524e0f828fd32359073

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:18 GMT
last-modified: Tue, 17 Nov 2020 03:45:50 GMT
server: Apache
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 127819
expires: Sat, 20 Jul 2024 05:41:18 GMT

GET
H2 200 ac5d538b2acaa19e Show response
www.vcita.com/widgets/contact_form/ Frame 1283 17 KB
7 KB 509ms
366ms Document
text/html 2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2

Requested by

Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc795d4811473192a9e27e1a6313c0f44c587f3e914bfbd9fbeaeaef369ce69e

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Referer: https://stopforeclosurefraud.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: *,x-requested-with,x-request,Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 60
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8683da163efe91f9-FRA
content-encoding: gzip
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=mMkOTWlXqGhhtHznxndrA4TyDsNDSgyPaU8ZJU.Lo9E-1711086078-1.0.1.1-mdA6icIcPL4p3fYJ99JDdMJpKjb8VUr4WKzcXIhKRyMSh9HaHn8rfdq5PPbJ.TOXAFw5bxt1OZNbjEZBd78KKUNYWKzOcPY_5ixAIHhm1SUDH0XRGlJdClaNrgp0usif1hy8Z82bVVd.klB42EI88Q; report-to cf-csp-endpoint
content-type: text/html; charset=utf-8
date: Fri, 22 Mar 2024 05:41:18 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=mMkOTWlXqGhhtHznxndrA4TyDsNDSgyPaU8ZJU.Lo9E-1711086078-1.0.1.1-mdA6icIcPL4p3fYJ99JDdMJpKjb8VUr4WKzcXIhKRyMSh9HaHn8rfdq5PPbJ.TOXAFw5bxt1OZNbjEZBd78KKUNYWKzOcPY_5ixAIHhm1SUDH0XRGlJdClaNrgp0usif1hy8Z82bVVd.klB42EI88Q"}],"group":"cf-csp-endpoint","max_age":86400}
server: cloudflare
status: 200 OK
x-frame-options: ALLOWALL
x-rack-cache: miss
x-request-id: e17892d2f53b3a463cf9fa3aecf227cf
x-runtime: 0.016438
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 css
fonts.googleapis.com/ Frame 1283 30 KB
4 KB 138ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

788b6d35e309e12b1ab299bc7bf6184804c5224e6f4f5e75b3af7c2e47cbcfe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 22 Mar 2024 05:41:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 05:41:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 22 Mar 2024 05:41:18 GMT

GET
H2 200 widgets.css
d2ra6nuwn69ktl.cloudfront.net/assets/external/ Frame 1283 17 KB
4 KB 156ms
39ms Stylesheet
text/css 13.33.158.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2ra6nuwn69ktl.cloudfront.net/assets/external/widgets.css?ver=7.css
Requested by: Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.158.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-158-230.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 30fc1f0e184f17deba7b82d22363db7e95dea73d250b6f2cec37342c46b8e8fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: vFe9Ql8fcLoJpEaV2eOBFDaEsVlbR7Vj
content-encoding: gzip
via: 1.1 78668cba389ee6455cf1c23180f33cf8.cloudfront.net (CloudFront)
date: Fri, 22 Mar 2024 02:46:57 GMT
last-modified: Mon, 18 Mar 2024 13:59:32 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 10598
x-amz-server-side-encryption: AES256
etag: W/"c8f2b489652f80326d96fb74627ea6de"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: COMPLETED
x-amz-cf-id: Cd479QsILIw0fUiTMdKMHzaiMtix3CCs_VGiejkNtBvHEHd1EpHM8w==

GET
H2 200 11.css
www.vcita.com/themes/ Frame 1283 3 KB
1 KB 350ms
350ms Stylesheet
text/css 2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vcita.com/themes/11.css

Requested by

Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b2f2af6c16b51f9a5d7af2792710061d68059ac4f72a5e91e46d767a84c202f

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
content-encoding: gzip
cf-cache-status: MISS
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status: 200 OK
x-request-id: ce026962d1b62f0c45519d45663d4eee
x-ua-compatible: IE=Edge,chrome=1
pragma: no-cache
x-runtime: 0.007086
last-modified: Fri, 22 Mar 2024 05:41:19 GMT
server: cloudflare
x-frame-options: ALLOWALL
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: must-revalidate, no-cache, no-store, private, max-age=0
cf-ray: 8683da18888d91f9-FRA
x-rack-cache: miss
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 widget.js Show response
d2ra6nuwn69ktl.cloudfront.net/assets/ Frame 1283 366 KB
108 KB 161ms
45ms Script
application/x-javascript 13.33.158.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2ra6nuwn69ktl.cloudfront.net/assets/widget.js?ver=1.js
Requested by: Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.158.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-158-230.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 15ecf3b2f626cf473819042fb301338d9cd4907e95278765ac34c0b18447e0d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: IYDo._BBgBv5rFOq2HsPo2juAT5PDgwg
content-encoding: gzip
via: 1.1 78668cba389ee6455cf1c23180f33cf8.cloudfront.net (CloudFront)
date: Fri, 22 Mar 2024 04:58:47 GMT
last-modified: Wed, 20 Mar 2024 10:40:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 2552
x-amz-server-side-encryption: AES256
etag: W/"ed0487edc830c24d877a8c7d8efae47e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
x-amz-replication-status: COMPLETED
x-amz-cf-id: CI43oOnXul_UJ2UGVI50h-K5HrVhlWUO9kNCQbfPgPu-3hMM56dR5Q==

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 1283 20 KB
7 KB 185ms
87ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://www.vcita.com/
Origin: https://www.vcita.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8683da1aac5b928d-FRA

GET
H2 200 dc.js Show response
stats.g.doubleclick.net/ Frame 1283 45 KB
17 KB 143ms
47ms Script
text/javascript 2a00:1450:400c:c1f::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1f::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 22 Mar 2024 04:10:41 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5438
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17093
expires: Fri, 22 Mar 2024 06:10:41 GMT

GET
H2 200 i
www.vcita.com/tr_pics/ Frame 1283 43 B
838 B 190ms
189ms Image
image/gif 2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vcita.com/tr_pics/i?frontage_iframe=true&o=Y29udGFjdA%3D%3D&p=844625&r=https%3A%2F%2Fstopforeclosurefraud.com%2F

Requested by

Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
cf-cache-status: DYNAMIC
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status: 200 OK
content-transfer-encoding: binary
content-disposition: inline
x-request-id: 6d1abe12f95dd70b310bba447e1afccf
x-ua-compatible: IE=Edge,chrome=1
pragma: no-cache
x-runtime: 0.018336
server: cloudflare
x-frame-options: ALLOWALL
content-type: image/gif
cache-control: must-revalidate, no-cache, no-store, private, max-age=0
cf-ray: 8683da1ad9d591f9-FRA
x-rack-cache: miss
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ Frame 1283 18 KB
19 KB 127ms
40ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.vcita.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 07:58:42 GMT
x-content-type-options: nosniff
age: 250957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18668
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Mar 2025 07:58:42 GMT

GET
H2 200 select_arrow.png
d2ra6nuwn69ktl.cloudfront.net/assets/widget/themes/ Frame 1283 3 KB
3 KB 40ms
39ms Image
image/png 13.33.158.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2ra6nuwn69ktl.cloudfront.net/assets/widget/themes/select_arrow.png
Requested by: Host: d2ra6nuwn69ktl.cloudfront.net
URL: https://d2ra6nuwn69ktl.cloudfront.net/assets/external/widgets.css?ver=7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.158.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-158-230.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 34289fd4335308a4d7b64c40844fc7e243666ba74b10eb3072dfe59001ad1b00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d2ra6nuwn69ktl.cloudfront.net/assets/external/widgets.css?ver=7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: oc1qw1F7j919syL.6vK9UelrMOCmsVDZ
date: Fri, 22 Mar 2024 02:03:36 GMT
via: 1.1 78668cba389ee6455cf1c23180f33cf8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 16564
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 2840
last-modified: Wed, 20 Mar 2024 10:40:03 GMT
server: AmazonS3
etag: "3f11633be685c3a354d1869c997a7b41"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 3AMVd26FT8Rtx4JnKAX3PhB1yT_uuB_5T1G39RlqN8jaVA3MoDfr1g==

GET
H2 200 calendar_big.png
www.vcita.com/assets/widget/themes/white/ Frame 1283 4 KB
4 KB 344ms
344ms Image
image/png 2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vcita.com/assets/widget/themes/white/calendar_big.png

Requested by

Host: www.vcita.com
URL: https://www.vcita.com/themes/11.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f51e73686f321a3d71ffc73cc9735eae789f8be474ce49de886ec4105df6309f

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.vcita.com/themes/11.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 20 Mar 2024 10:32:12 GMT
server: cloudflare
etag: "65fabb2c-e0c"
x-frame-options: ALLOWALL
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8683da1ad9d991f9-FRA
content-length: 3596
expires: Fri, 22 Mar 2024 09:41:19 GMT

GET
H2

200

main.js Show response
www.vcita.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/ Frame B4D5
Redirect Chain

https://www.vcita.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.vcita.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

8 KB
4 KB

47ms
47ms

Script
application/javascript

2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vcita.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

Requested by

Host: www.vcita.com
URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2

Protocol

Server

2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58ba1b724eaeb3ead135c135711bc601e0c859fb423733414ab488ad40c7cc4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8683da1b9a4791f9-FRA

Redirect headers

date: Fri, 22 Mar 2024 05:41:19 GMT
server: cloudflare
vary: Accept-Encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 8683da1b5a2391f9-FRA
content-length: 0

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame AB67 0
2 KB 244ms
149ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9e7cc081adc20c39%26domain%3Dstopforeclosurefraud.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstopforeclosurefraud.com%252Ff2e3f57694c3b1e92%26relation%3Dparent.parent&container_width=0&font=arial&href=https%3A%2F%2Fstopforeclosurefraud.com%2F&locale=en_US&sdk=joey&show_faces=false&width=320

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=62159991865ee833a7f1791e4cd7a69b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://stopforeclosurefraud.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
date: Fri, 22 Mar 2024 05:41:19 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1294, tbw=2777, tp=-1, tpl=-1, uplat=109, ullat=0
x-fb-debug: G7bY+DB6NKx1tm1m0XfE6lCGd3EeT/YcTU/jjF1FTsD5UY26xAxC/aEZ7Y3jMqFRBe67aljebgJyJLrdI2wNvw==
x-xss-protection: 0

GET
H2

200

pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain

https://www.paypal.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

42 B
495 B

39ms
39ms

Image
image/gif

151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: stopforeclosurefraud.com
URL: https://stopforeclosurefraud.com/

Protocol

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://stopforeclosurefraud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
log-origin: shield=SJC,src_ip=157.52.96.68,alternate_path=0,ip=157.52.96.120,port=443,name=shield_ssl_cache_sjc1000120_SJC,status=200,reason=OK,method=GET,url="/en_US/i/scr/pixel.gif",host=www.paypalobjects.com
log-timing: fetch=597717,misspass=105,do_stream=0
x-cache: HIT, HIT
fastly-io-info: ifsz=43 idim=1x1 ifmt=gif ofsz=42 odim=1x1 ofmt=gif
paypal-debug-id: 57a76f7c3a2e4
fastly-stats: io=1
dc: ccg11-origin-www-1.paypal.com
content-length: 42
x-served-by: cache-sjc1000120-SJC, cache-fra-etou8220087-FRA
traceparent: 00-000000000000000000057a76f7c3a2e4-250be50741178b6d-01
x-timer: S1711086080.555434,VS0,VE0
etag: "EMKH4Lmcv0jpPecX1lsuI9JDUC4i6ZE+vkcq+Tq/75s"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 3157, 763

Redirect headers

date: Fri, 22 Mar 2024 05:41:19 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
paypal-debug-id: f835170b23f8b
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-etou8220096-FRA, cache-fra-etou8220096-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f835170b23f8b-7de72df2300a37ee-01
x-timer: S1711086079.360790,VS0,VE155
location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0

POST
H2 200 8683da163efe91f9 Show response
www.vcita.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame B4D5 0
294 B 98ms
97ms XHR
text/plain 2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.vcita.com/cdn-cgi/challenge-platform/h/b/jsd/r/8683da163efe91f9
Requested by: Host: www.vcita.com
URL: https://www.vcita.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8683da1c8aca91f9-FRA
content-type: text/plain; charset=UTF-8

POST
H2 204 rum Show response
www.vcita.com/cdn-cgi/ Frame 1283 0
155 B 46ms
45ms XHR
text/plain 2606:4700::6812:1a03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vcita.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a03 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
content-type: application/json

Response headers

date: Fri, 22 Mar 2024 05:41:19 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.vcita.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8683da1d0b0691f9-FRA

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paypal.com/	1970-01-21 04:54:06	Name: ts_c Value: vr%3D64ad88ea18e0a551a066d2c3fd7dcf0c%26vt%3D64ad88ea18e0a551a066d2c3fd7dcf0b
.vcita.com/	1970-01-20 20:44:30	Name: ____vcita_session Value: BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJTBkMzk3YWU3YmE4MzA4MzFhMGNjY2UxMWZhNTU0ODJkBjsAVEkiFHNvdXJjZV9yZWZlcnJlcgY7AEZJIiZodHRwczovL3N0b3Bmb3JlY2xvc3VyZWZyYXVkLmNvbS8GOwBG--35a6f93d37c30a5c4516330e450e5a58b018f0db
.www.vcita.com/	1970-01-20 19:18:07	Name: __cf_bm Value: 9pI3HJK0tpVkPonJvjhtEecMrYIirewlMvJqddbitYw-1711086078-1.0.1.1-WxCBSk4XNSVS9t1.5gh28mp.7VNbJ3_QZ7JsOCuKnXhvzY4Qf7tiycDTlDK7pG9aHeVoY6UApspTOpY6GR3zjQ
.www.vcita.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 3xFHbMKHN.xFZhbO1NsU6_P8DPAxDZ2xoD0QIfaXDkw-1711086078761-0.0.1.1-604800000
.www.vcita.com/	1970-01-21 04:03:42	Name: cf_clearance Value: xOAjapuz5DWHd7vXQGIgiuVNb3McnPspcAV4HuAwjRU-1711086079-1.0.1.1-ezQ73naiBcS_51BbHDymdX2.KAXkmN4iOm_LwjF9hNtV_vFp0cWHbBtMd6okApdWixbihpuOUpJTW4MpDWy7TA
.paypal.com/	1970-01-21 04:54:06	Name: ts Value: vreXpYrS%3D1805694079%26vteXpYrS%3D1711087879%26vr%3D64ad88ea18e0a551a066d2c3fd7dcf0c%26vt%3D64ad88ea18e0a551a066d2c3fd7dcf0b%26vtyp%3Dnew

49 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2 Message: [Report Only] Refused to load the script 'https://d2ra6nuwn69ktl.cloudfront.net/assets/widget.js?ver=1.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://stopforeclosurefraud.com/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.2.3.1 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 15) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-7XRfsIMzoYH+0La+OkPto1gCSJK2a82Rs99FmOJR0nE='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 37) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-G7L8P/xpFjh0Bo2cj4IUdn9DSdJmkzSgt0UU1vo4Vck='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 308) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-lxP6xgVJL9FnCe6yRFac4M/ReKV47C3JbckBvOocfFM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 320) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-pWsHjLn2bwDItDxuo2jsAL4gGEgap0C4UNWkXZELY5E='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 328) Message: [Report Only] Refused to load the script 'https://stats.g.doubleclick.net/dc.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 447) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-wCi9yTfNQU0IYA59IbF+yNi9Fx7fkCqD1ke2LYMsR4I='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 464) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-Ry7F78UOfdpV+PdEGonea7qD8Lk/WCS/v6gClvE2l3Y='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 473) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-iFW+9qJxjtSwXzFeSD+dO6wSqPsbuXzvU5uXry+iQ1Y='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2 Message: [Report Only] Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.vcita.com/widgets/contact_form/ac5d538b2acaa19e?frontage_iframe=true&ver=2(Line 473) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-smCagxhLBkr6AdfvM1fRoyP2HLg18Mx0XXJyGbGIPbs='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	Message: [Report Only] Refused to load the script 'https://www.vcita.com/cdn-cgi/challenge-platform/scripts/jsd/main.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: about:blank Message: [Report Only] Refused to load the script 'https://www.vcita.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network	error	URL: https://stopforeclosurefraud.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2.1 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.vcita.com/cdn-cgi/challenge-platform/scripts/jsd/main.js Message: [Report Only] Refused to connect to 'https://www.vcita.com/cdn-cgi/challenge-platform/h/b/jsd/r/8683da163efe91f9' because it violates the following Content Security Policy directive: "connect-src 'none'".
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 Message: [Report Only] Refused to connect to 'https://www.vcita.com/cdn-cgi/rum?' because it violates the following Content Security Policy directive: "connect-src 'none'".
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://stopforeclosurefraud.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
d2ra6nuwn69ktl.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stopforeclosurefraud.com
www.facebook.com
www.google.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.stopforeclosurefraud.com
www.vcita.com
13.33.158.230
151.101.129.21
151.101.2.133
192.185.20.32
2606:4700::6810:5049
2606:4700::6812:1a03
2a00:1450:4001:80b::2003
2a00:1450:4001:812::2003
2a00:1450:4001:812::200a
2a00:1450:4001:829::2004
2a00:1450:400c:c1f::9a
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c
0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7
15ecf3b2f626cf473819042fb301338d9cd4907e95278765ac34c0b18447e0d7
2e04ed045045ec5b162c110924f48c371731fba720045524e0f828fd32359073
30fc1f0e184f17deba7b82d22363db7e95dea73d250b6f2cec37342c46b8e8fa
34289fd4335308a4d7b64c40844fc7e243666ba74b10eb3072dfe59001ad1b00
4a289c9f71fb1bb1e08de0f61000167d7824e87ad441c0a0dd8a9c68d0346252
4c9017875e57958d3f3a369364ea4290cf8bbf67c558049cea85e9b3c60eec54
554fdc93109beed0802d148bc60f1b16fe7d8caf68ef4ecb95b562463b7844c4
58ba1b724eaeb3ead135c135711bc601e0c859fb423733414ab488ad40c7cc4c
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
6975cf611393c0eb3efbf02a8a5f9257d8922f3cfd15a86ea44495e55e9ddf01
6b2f2af6c16b51f9a5d7af2792710061d68059ac4f72a5e91e46d767a84c202f
6e2f69c6b905be0c096b9d7b776493d7a6ca7cb14ec891bd3f155c922622ce31
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
788b6d35e309e12b1ab299bc7bf6184804c5224e6f4f5e75b3af7c2e47cbcfe3
80ee5e203773ccf876f9f10382735c7ce1db3836a33c354d82ea4c5fb9f6025e
8daab9f494e36f080d77d5b6a9d838cd136aad9c46ab7496f103b90620cc837e
8e98c3b32ddbaaf2bc59655747927edf44b1d5694fef89e6b4d41cf66d6a052b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0bd52e1afe76e722698c3e59311ca2b852b24a6669188359e0dab6fbc78aa51
a14ea03c678fe3a3ac453e1778b500e39bd693d46843141ad49536f0760012d2
a7c29355792b945e2bfd121c08acbdc90b844924b2f2dc7be731f2202e6fc333
ab4a074acf9cfa2f5feb9b0fd18c43e6ac08074be0249032bf76f1b14e555cf8
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
bc795d4811473192a9e27e1a6313c0f44c587f3e914bfbd9fbeaeaef369ce69e
bec74e7d5efe65b57370ee6f2b4c74b9a88ee7694199b4cdae1d5947850b36bb
c132780b723b1f67f5d065ebad4f01604fddcedaac1f8d5add2cb1330b7e46f8
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d4e0e5aa2684264181be7eaa3583b79d75317c07c5317230b92435c83f5ba0bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e434fd58b76b78d5779c64365dfbb204109fc5269e954f3fe6dae67263492b59
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
f2b3f99fda164dac1852f91593900e04517061fc161e030544959585353f6544
f3e8e39256adbbb26e9663d82965798657a45545605fb8b3875b95de329dfea9
f51e73686f321a3d71ffc73cc9735eae789f8be474ce49de886ec4105df6309f

stopforeclosurefraud.com Open in urlscan Pro 192.185.20.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

36 Requests

86 %HTTPS

69 %IPv6

12 Domains

14 Subdomains

13 IPs

3 Countries

824 kBTransfer

1989 kBSize

6 Cookies

9 Outgoing links

Page URL History

Redirected requests

36 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

stopforeclosurefraud.com Open in urlscan Pro
192.185.20.32 Public Scan

Screenshot
Live screenshot

Full Image

36
Requests

86 %
HTTPS

69 %
IPv6

12
Domains

14
Subdomains

13
IPs

3
Countries

824 kB
Transfer

1989 kB
Size

6
Cookies

36 HTTP transactions
5 data transactions