avalon.sturgiswebservices.com Open in urlscan Pro
34.238.79.26 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mybill.mobi/qr/52240322-306a-4a24-b505-d6ef2fe5c081/IDHash/7F7809E199701F29CAA729205A747B8B
Effective URL:
https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
Submission: On August 10 via manual (August 10th 2020, 12:33:00 pm UTC) from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 17 HTTP transactions. The main IP is 34.238.79.26, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is avalon.sturgiswebservices.com.
TLS certificate: Issued by Amazon on January 21st 2020. Valid for: a year.

This is the only time avalon.sturgiswebservices.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.172.249.99 54.172.249.99	14618 (AMAZON-AES) (AMAZON-AES)
11	34.238.79.26 34.238.79.26	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
17	5

1 54.172.249.99 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-249-99.compute-1.amazonaws.com

mybill.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.238.79.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-79-26.compute-1.amazonaws.com

avalon.sturgiswebservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	sturgiswebservices.com avalon.sturgiswebservices.com	1 MB
1	gstatic.com www.gstatic.com	131 KB
1	google.com www.google.com	904 B
1	google-analytics.com www.google-analytics.com	18 KB
1	mybill.mobi 1 redirects mybill.mobi	2 KB
0	cloudfront.net Failed d1ebsyxxbc7tep.cloudfront.net Failed
17	6

	Domain	Requested by
11	avalon.sturgiswebservices.com	avalon.sturgiswebservices.com
1	www.gstatic.com	www.google.com
1	www.google.com	avalon.sturgiswebservices.com
1	www.google-analytics.com	avalon.sturgiswebservices.com
1	mybill.mobi	1 redirects
0	d1ebsyxxbc7tep.cloudfront.net Failed	avalon.sturgiswebservices.com
17	6

This site contains no links.

Subject Issuer	Validity	Valid
avalon.sturgiswebservices.com Amazon	`2020-01-21` - `2021-02-21`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
Frame ID: 33294722632E3EC6F010E07587819C28
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://mybill.mobi/qr/52240322-306a-4a24-b505-d6ef2fe5c081/IDHash/7F7809E199701F29CAA729205A747B8B HTTP 303
https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/ Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

17
Requests

82 %
HTTPS

60 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

1473 kB
Transfer

1686 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mybill.mobi/qr/52240322-306a-4a24-b505-d6ef2fe5c081/IDHash/7F7809E199701F29CAA729205A747B8B HTTP 303
https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
Redirect Chain

http://mybill.mobi/qr/52240322-306a-4a24-b505-d6ef2fe5c081/IDHash/7F7809E199701F29CAA729205A747B8B
https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

5 KB
7 KB

574ms
291ms

Document
text/html

34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

57d3dcba931f6755fb82153bd7961dd31f56f9a9c7d39da5c19e152b00df47f9

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: avalon.sturgiswebservices.com
:scheme: https
:path: /views/52240322-306a-4a24-b505-d6ef2fe5c081/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 10 Aug 2020 12:32:42 GMT
content-type: text/html
cache-control: max-age=3600, public
etag: "4d197444e2fc4a7b695bd6849591bb10"
vary: Accept
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
x-miniprofiler-ids: ["cb91ffe3-db8d-4d08-bd25-068d1bc5edeb"]
view: S3:avalon-code-useast1/_views/Test.html
region: US East (Virginia)
instanceid: i-08407b42cb8329d55
x-correlation-id: 292cb6b0255844d49a0fde908f2de8e0
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"

Redirect headers

Date: Mon, 10 Aug 2020 12:32:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/#/Record/7F7809E199701F29CAA729205A747B8B
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
X-MiniProfiler-Ids: ["67fc62a7-16d7-486a-94d7-d1637eb08cd0"]
X-Correlation-ID: 7558175ea3fc4fa58599d35784342d63
Access-Control-Allow-Headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source
Access-Control-Expose-Headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"

GET
H2 200 resources.min.css
avalon.sturgiswebservices.com/ 300 KB
301 KB 251ms
250ms Stylesheet
text/css 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/resources.min.css

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

478dc4bb2e546d9ea278baef26115d3082232ceb32abbc8c6d933a74922d257d

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:42 GMT
x-correlation-id: ced335e144eb466093bab97952550541
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
x-miniprofiler-ids: ["cb91ffe3-db8d-4d08-bd25-068d1bc5edeb","2a75baa5-fb98-4e53-96e3-baac011711c8"]
content-length: 306758
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Sep 2019 10:54:28 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "8d7312641e10a00"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
cache-control: max-age=86400, public
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 avalon.css
avalon.sturgiswebservices.com/Content/ 3 KB
4 KB 147ms
146ms Stylesheet
text/css 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/Content/avalon.css

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

2634a5332bd79e72f94aa87c731d3ac9580142ce3ebc9274821666819fa8d877

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:42 GMT
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
content-length: 2984
x-xss-protection: 1; mode=block
last-modified: Fri, 26 Apr 2019 09:29:04 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "8d6ca299f9f7000"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 darkTheme.css
avalon.sturgiswebservices.com/Content/ 68 KB
69 KB 367ms
366ms Stylesheet
text/css 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/Content/darkTheme.css

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

108e3db461f98604d9150d4f33ca43225c80e3a780c2fe103b6e849ba679e052

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:42 GMT
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
content-length: 69813
x-xss-protection: 1; mode=block
last-modified: Fri, 15 Mar 2019 15:30:02 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "8d6a95b17727900"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 2266A0863226BEAB386FB69D8734C04A.css
avalon.sturgiswebservices.com/css/52240322-306a-4a24-b505-d6ef2fe5c081/ 14 KB
15 KB 371ms
370ms Stylesheet
text/css 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/css/52240322-306a-4a24-b505-d6ef2fe5c081/2266A0863226BEAB386FB69D8734C04A.css

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

3df0cc0dc8074ea0f989d12251043e39d68c4ce0fd683c6af9b3548d6d160722

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:42 GMT
x-correlation-id: f135fbbc11334055bb0f4a9c7368571e
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
x-miniprofiler-ids: ["456d094b-00cd-4546-82df-34bbab8d6f4a"]
content-length: 13958
x-xss-protection: 1; mode=block
instanceid: i-0f0e78507f9bd93b4
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "1AF919C7DD8938F00BF9CA9C27E939F3"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/css
access-control-allow-origin: *
region: US East (Virginia)
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
cache-control: max-age=3600, public
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 avalonLogo.png
avalon.sturgiswebservices.com/Content/ 15 KB
16 KB 192ms
191ms Image
image/png 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avalon.sturgiswebservices.com/Content/avalonLogo.png

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

ed28facf8270dbe92a325af124212e5821b310f9f22d3253b862889a1076c344

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
content-length: 15349
x-xss-protection: 1; mode=block
last-modified: Fri, 25 Mar 2016 09:52:58 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "8d354933ece3900"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 resources.min.js Show response
avalon.sturgiswebservices.com/ 333 KB
335 KB 208ms
208ms Script
application/javascript 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/resources.min.js

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

7a11bc4779a4557b5425b89863182a3f5cc235b6317fcc638b61586aaea7ed96

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
x-correlation-id: ed88e8d79dd141a9969e6bdb4acbbd67
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
x-miniprofiler-ids: ["456d094b-00cd-4546-82df-34bbab8d6f4a","20b10987-bb45-4f52-ab83-269c186304d4"]
content-length: 341328
x-xss-protection: 1; mode=block
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
cache-control: max-age=86400, public
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 A07F1565331524880DEBC50E361564D6.js Show response
avalon.sturgiswebservices.com/js/52240322-306a-4a24-b505-d6ef2fe5c081/ 66 KB
67 KB 207ms
207ms Script
application/javascript 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/js/52240322-306a-4a24-b505-d6ef2fe5c081/A07F1565331524880DEBC50E361564D6.js

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

46c8542646767f145862f1c7099f97d41f8fda31b4b53c579c6595abcab11965

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
x-correlation-id: 4e84945054b34111aeb657e095d74984
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
x-miniprofiler-ids: ["cb91ffe3-db8d-4d08-bd25-068d1bc5edeb","2a75baa5-fb98-4e53-96e3-baac011711c8","2d388480-e4e3-4b48-b63b-ac75b2cfde99"]
content-length: 67255
x-xss-protection: 1; mode=block
instanceid: i-08407b42cb8329d55
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "0C4A89D18E730D68BCAFC54AC6DB009B"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
region: US East (Virginia)
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
cache-control: max-age=3600, public
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 7142
date: Mon, 10 Aug 2020 10:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Mon, 10 Aug 2020 12:33:41 GMT

GET
H2 200 Black_linen.png
avalon.sturgiswebservices.com/Content/ 195 KB
197 KB 275ms
275ms Image
image/png 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avalon.sturgiswebservices.com/Content/Black_linen.png

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

72b132eaa6dbe1ef1fbe4a2239b32269b985efd97d9264a01e2d9372f86a884c

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
content-length: 200175
x-xss-protection: 1; mode=block
last-modified: Fri, 25 Mar 2016 09:52:58 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
etag: "8d354933ece3900"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 fa-regular-400.woff2
avalon.sturgiswebservices.com/webfonts/ 149 KB
150 KB 187ms
187ms Font
application/font-woff2 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/webfonts/fa-regular-400.woff2

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

3474add504634a2a1995bc8f3d2d539888df184f645800ed9faf2f567e9cad0c

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://avalon.sturgiswebservices.com/resources.min.css
Origin: https://avalon.sturgiswebservices.com

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
x-correlation-id: 0e39c2f3c6e04387b74041e4d01256fa
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
x-miniprofiler-ids: ["456d094b-00cd-4546-82df-34bbab8d6f4a","20b10987-bb45-4f52-ab83-269c186304d4","fff454b9-59f3-4321-98f5-0ff896a9809a"]
content-length: 152180
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Sep 2019 10:54:28 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com
etag: "8d7312641e10a00"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
cache-control: max-age=86400, public
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 732 B
904 B 51ms
21ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=reCaptchaLoad&render=explicit

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/js/52240322-306a-4a24-b505-d6ef2fe5c081/A07F1565331524880DEBC50E361564D6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f81f73135af4ba3d3b1a4b9348ec2f316ed87ebc3bebc4e04af9fd5f13fbcec3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 468
x-xss-protection: 1; mode=block
expires: Mon, 10 Aug 2020 12:32:43 GMT

GET Chat
d1ebsyxxbc7tep.cloudfront.net/views/52240322-306a-4a24-b505-d6ef2fe5c081/ 0
0

GET logUser
d1ebsyxxbc7tep.cloudfront.net/ 0
0

GET Record
d1ebsyxxbc7tep.cloudfront.net/views/52240322-306a-4a24-b505-d6ef2fe5c081/ 0
0

GET
H2 200 fa-light-300.woff2
avalon.sturgiswebservices.com/webfonts/ 161 KB
163 KB 148ms
147ms Font
application/font-woff2 34.238.79.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://avalon.sturgiswebservices.com/webfonts/fa-light-300.woff2

Requested by

Host: avalon.sturgiswebservices.com
URL: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.79.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-79-26.compute-1.amazonaws.com

Software

Microsoft-IIS/8.5 /

Resource Hash

9f9936bcdcd5fd28c0f811afc230ba3c0253ba00284673299475e3c8aa43309f

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://avalon.sturgiswebservices.com
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://avalon.sturgiswebservices.com/resources.min.css
Origin: https://avalon.sturgiswebservices.com

Response headers

date: Mon, 10 Aug 2020 12:32:43 GMT
x-correlation-id: fd088a62bdc34352933de1f4108bbb23
x-content-type-options: nosniff
p3p: policyref="https://avalon.sturgiswebservices.com/resources/p3p.xml", CP="ADMa DEVa HISa OUR IND DSP NON LAW"
status: 200
x-miniprofiler-ids: ["cb91ffe3-db8d-4d08-bd25-068d1bc5edeb","2a75baa5-fb98-4e53-96e3-baac011711c8","2d388480-e4e3-4b48-b63b-ac75b2cfde99","3f2360d8-7112-430b-9c76-8df4f7c474c5"]
content-length: 164968
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Sep 2019 10:54:28 GMT
server: Microsoft-IIS/8.5
x-frame-options: ALLOW-FROM https://avalon.sturgiswebservices.com
etag: "8d7312641e10a00"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID
cache-control: max-age=86400, public
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
access-control-allow-headers: Origin, ETag, Cache-Control, X-Requested-With, Content-Type, Accept, Authorization, X-MiniProfiler-Ids, Region, InstanceID, Logic, SearchToken, X-Correlation-ID, reCaptchaSuccess, Source

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/ 332 KB
131 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=reCaptchaLoad&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://avalon.sturgiswebservices.com/views/52240322-306a-4a24-b505-d6ef2fe5c081/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 03 Aug 2020 17:22:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 04:06:51 GMT
server: sffe
age: 587401
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133278
x-xss-protection: 0
expires: Tue, 03 Aug 2021 17:22:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d1ebsyxxbc7tep.cloudfront.net
URL: https://d1ebsyxxbc7tep.cloudfront.net/views/52240322-306a-4a24-b505-d6ef2fe5c081/Chat

Domain: d1ebsyxxbc7tep.cloudfront.net
URL: https://d1ebsyxxbc7tep.cloudfront.net/logUser?ab=4

Domain: d1ebsyxxbc7tep.cloudfront.net
URL: https://d1ebsyxxbc7tep.cloudfront.net/views/52240322-306a-4a24-b505-d6ef2fe5c081/Record

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sturgiswebservices.com/	1970-01-19 11:39:09	Name: _gid Value: GA1.2.1263489686.1597062763
			.sturgiswebservices.com/	1970-01-20 05:08:54	Name: _ga Value: GA1.2.1682625404.1597062763

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src d1ebsyxxbc7tep.cloudfront.net .sturgiswebservices.com .google.com .masterpass.com .visa.com .americanexpress.com .vpsenv.com .paylocalgov.com .demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

avalon.sturgiswebservices.com
d1ebsyxxbc7tep.cloudfront.net
mybill.mobi
www.google-analytics.com
www.google.com
www.gstatic.com
d1ebsyxxbc7tep.cloudfront.net
2a00:1450:4001:814::200e
2a00:1450:4001:818::2003
2a00:1450:4001:81c::2004
34.238.79.26
54.172.249.99
108e3db461f98604d9150d4f33ca43225c80e3a780c2fe103b6e849ba679e052
2634a5332bd79e72f94aa87c731d3ac9580142ce3ebc9274821666819fa8d877
3474add504634a2a1995bc8f3d2d539888df184f645800ed9faf2f567e9cad0c
3df0cc0dc8074ea0f989d12251043e39d68c4ce0fd683c6af9b3548d6d160722
46c8542646767f145862f1c7099f97d41f8fda31b4b53c579c6595abcab11965
478dc4bb2e546d9ea278baef26115d3082232ceb32abbc8c6d933a74922d257d
57d3dcba931f6755fb82153bd7961dd31f56f9a9c7d39da5c19e152b00df47f9
72b132eaa6dbe1ef1fbe4a2239b32269b985efd97d9264a01e2d9372f86a884c
7a11bc4779a4557b5425b89863182a3f5cc235b6317fcc638b61586aaea7ed96
9f9936bcdcd5fd28c0f811afc230ba3c0253ba00284673299475e3c8aa43309f
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
ed28facf8270dbe92a325af124212e5821b310f9f22d3253b862889a1076c344
f81f73135af4ba3d3b1a4b9348ec2f316ed87ebc3bebc4e04af9fd5f13fbcec3
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

avalon.sturgiswebservices.com Open in urlscan Pro 34.238.79.26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

82 %HTTPS

60 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

1473 kBTransfer

1686 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

avalon.sturgiswebservices.com Open in urlscan Pro
34.238.79.26 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

60 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

1473 kB
Transfer

1686 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions