Report - rallycu.com/covidresponse/

Report Overview

URL

rallycu.com/covidresponse/
IP

141.193.213.20

ASN

#209242 Cloudflare London, LLC
Submitted

2023-02-09T15:32:58Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

1
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
6414188.fls.doubleclick.net (1)	unknown	2017-04-19T10:00:35Z	2023-02-20T23:43:26Z	628	1046	142.250.74.70
ocsp.sca1b.amazontrust.com (1)	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350	1004	54.230.245.110
www.google.no (1)	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	658	641	142.250.74.35
centro.pixel.ad (2)	42636	2015-04-30T01:03:26Z	2023-03-08T21:24:50Z	808	258	207.198.113.205
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413	5844	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
fonts.googleapis.com (2)	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	953	78408	142.250.74.74
www.google-analytics.com (1)	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	368	20615	216.239.32.178
libs.salemove.com (4)	22528	2018-08-28T20:19:24Z	2023-03-11T12:12:46Z	1582	178886	54.230.111.104
up.pixel.ad (1)	11031	2020-02-29T21:31:53Z	2023-03-13T08:09:51Z	376	1867	178.79.242.16
ocsp.pki.goog (12)	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	4116	8392	142.250.74.163
translate.google.com (1)	1156	2012-05-30T03:30:32Z	2023-03-13T05:10:57Z	404	691	216.58.211.14
p.typekit.net (1)	620	2012-05-23T16:28:57Z	2023-03-13T05:10:18Z	426	2354	23.36.76.184
api.glia.com (2)	30061	2020-06-03T03:36:19Z	2023-03-11T12:12:46Z	888	22345	54.230.111.39
www.gstatic.com (1)	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	477	5111	216.58.211.3
e1.o.lencr.org (1)	6159	2021-08-20T09:36:30Z	2023-03-13T05:21:46Z	338	729	95.101.11.115
prism.app-us1.com (1)	8479	2019-01-09T07:40:26Z	2023-03-13T08:16:44Z	407	462	104.17.146.91
rallycu.com (91)	unknown	2022-06-27T19:54:55Z	2023-02-20T23:43:23Z	39680	401999	141.193.213.21
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2366	6206	95.101.11.115
ocsp.digicert.com (11)	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	3751	7931	93.184.220.29
m.stripe.com (1)	1092	2017-01-30T13:42:51Z	2023-03-13T06:40:22Z	443	722	54.68.161.103
adservice.google.com (1)	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	636	806	142.250.74.34
googleads.g.doubleclick.net (2)	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	1360	3387	142.250.74.130
stats.g.doubleclick.net (1)	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	596	590	64.233.165.156
region1.google-analytics.com (1)	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	683	442	216.239.32.36
www.facebook.com (1)	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	626	349	31.13.72.36
use.fontawesome.com (2)	942	2017-01-30T05:43:25Z	2023-03-13T05:09:17Z	843	2058	172.64.132.15
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782	2374	35.241.9.150
cdn.jsdelivr.net (1)	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	412	4027	151.101.1.229
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	35.165.197.103
m.stripe.network (2)	1204	2017-05-17T17:53:13Z	2023-03-13T05:20:40Z	864	18176	151.101.0.176
use.typekit.net (1)	494	2012-07-05T03:42:39Z	2023-03-13T05:10:17Z	382	1016	23.33.119.19
connect.facebook.net (1)	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	369	28822	157.240.205.11
pubsub.salemove.com (1)	15427	2018-06-15T13:12:49Z	2023-03-11T02:36:20Z	1239	231	52.44.110.202
www.google.com (1)	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	386	737	142.250.74.164
js.stripe.com (2)	1149	2012-09-30T14:39:23Z	2023-03-13T05:20:37Z	867	2215	54.230.111.108
client-logger.salemove.com (1)	15340	2017-05-15T14:35:18Z	2023-03-11T02:36:23Z	446	301	44.197.252.129
stackpath.bootstrapcdn.com (2)	2467	2018-06-15T22:36:43Z	2023-03-13T07:25:30Z	822	1909	104.18.10.207
maxcdn.bootstrapcdn.com (1)	724	2014-06-18T02:37:31Z	2023-03-13T07:25:00Z	422	947	104.18.10.207
fonts.gstatic.com (2)	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	982	43768	142.250.74.163
translate.googleapis.com (1)	1005	2012-05-31T09:21:21Z	2023-03-13T08:44:18Z	483	76815	142.250.74.10
collector-29065.us.tvsquared.com (2)	unknown	2023-02-09T16:32:48Z	2023-02-20T23:43:26Z	1032	9110	3.18.94.176
pixel.sitescout.com (8)	3280	2012-05-21T15:21:02Z	2023-03-13T08:25:03Z	3914	2660	98.98.134.241
www.googletagmanager.com (1)	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	377	72149	142.250.74.168
adservice.google.no (1)	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	628	847	172.217.21.162
img-getpocket.cdn.mozilla.net (4)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2164	40200	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-09T15:33:46Z	medium	Client IP	141.193.213.21	ET HUNTING Suspicious GET Request with Possible COVID-19 URI M1

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (187)

URL IP Response Size

rallycu.com/covidresponse/

141.193.213.21

301 Moved Permanently

162

URL HTTP/1.1

rallycu.com/covidresponse/
IP

141.193.213.21:0
ASN

#209242 Cloudflare London, LLC

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 URI M1

HTTP Headers

                                        GET /covidresponse/ HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 15:32:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rallycu.com/covidresponse/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796da8dd7b1d0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

408d1564e8f59e6626e41be4106ce2e6

4149a1f17e8f7c446e7aa4963f3a49b6a00b6164

46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8303
Expires: Thu, 09 Feb 2023 17:51:09 GMT
Date: Thu, 09 Feb 2023 15:32:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

565c1bbc5c1c40be1988b3bf6fd9dc1a

cfdba5bc597130461dd67bf6cda53183be592493

60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2388
Expires: Thu, 09 Feb 2023 16:12:34 GMT
Date: Thu, 09 Feb 2023 15:32:46 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

ff250d3ef3fa45322bf05039a0122a9f

b3e7a2c383bce1bab807dbe1a03c375258b51f1d

d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 14:34:15 GMT
content-type: application/json
age: 3511
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

50a2f8cdbbd1059f5318753155bba7ef

405e63ea4683be44f876feae34b5cb645ff751f2

f6ac743a5a17d64d2858fec5791050d2dc8074ddd823826c93e67bffdb2f0868

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6AC743A5A17D64D2858FEC5791050D2DC8074DDD823826C93E67BFFDB2F0868"
Last-Modified: Thu, 09 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8502
Expires: Thu, 09 Feb 2023 17:54:28 GMT
Date: Thu, 09 Feb 2023 15:32:46 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

e76071a28ee566dababb3834f46d68ed

aebb4e68c1ba2de0f90025283e8ed8470944fde0

78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: Pu7Li3p2pevJ0WSafmjX2alk7Az4tEOC0YHy2lL4XiJPYOWztvah2F8NzhhRqaUvucCWeUAZBXU=
x-amz-request-id: V3QP995XW1XBY3QA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 14:46:26 GMT
age: 2780
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

c56418bec578e9125f5132212c351750

90383871ec7459f8d35b2d1646aba6ea1bca516f

32839d1a337017df52c0cdf8819cb26073c6c77a9c3a2f6d7e8cb34296b80976

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6016
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 15:32:46 GMT
Last-Modified: Thu, 09 Feb 2023 13:52:30 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 15:32:46 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

07988edcea4d42196745acce6d85b6c6

5ba931eb112d881cea6506fac80b6bb51bf76af2

2a948439a9910bb395b796fff9f498ca6fa9c7ebcd6112a9670abf4045118459

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=130201
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 15:32:46 GMT
Etag: "63e46bb7-1d7"
Expires: Sat, 11 Feb 2023 03:42:47 GMT
Last-Modified: Thu, 09 Feb 2023 03:42:47 GMT
Server: nginx
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 15:14:53 GMT
age: 1074
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

c56418bec578e9125f5132212c351750

90383871ec7459f8d35b2d1646aba6ea1bca516f

32839d1a337017df52c0cdf8819cb26073c6c77a9c3a2f6d7e8cb34296b80976

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6017
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 15:32:47 GMT
Last-Modified: Thu, 09 Feb 2023 13:52:30 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

07988edcea4d42196745acce6d85b6c6

5ba931eb112d881cea6506fac80b6bb51bf76af2

2a948439a9910bb395b796fff9f498ca6fa9c7ebcd6112a9670abf4045118459

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=130201
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 15:32:47 GMT
Etag: "63e46bb7-1d7"
Expires: Sat, 11 Feb 2023 03:42:48 GMT
Last-Modified: Thu, 09 Feb 2023 03:42:47 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

rallycu.com/wp-content/uploads/23493_NA_20_New-Website_icons-77.png

141.193.213.20

200 OK

822

URL HTTP/2

rallycu.com/wp-content/uploads/23493_NA_20_New-Website_icons-77.png
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

822
Hash

9f01e031b242b780565bf19bc31ccb75

76c8410181bdd325e9102b456af3056aed859c89

45e662d3ca78c38698ad948eb6ef60545a0123d5f93327700763198301b21ce5

HTTP Headers

                                        GET /wp-content/uploads/23493_NA_20_New-Website_icons-77.png HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: image/webp
content-length: 822
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2886
content-disposition: inline; filename="23493_NA_20_New-Website_icons-77.webp"
etag: "63924cce-b46"
last-modified: Thu, 08 Dec 2022 20:45:02 GMT
vary: Accept
cf-cache-status: HIT
age: 122351
accept-ranges: bytes
server: cloudflare
cf-ray: 796da8e33823b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

rallycu.com/wp-content/themes/mdr-emerald-child/images/NCUA.png

141.193.213.20

200 OK

9422

URL HTTP/2

rallycu.com/wp-content/themes/mdr-emerald-child/images/NCUA.png
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

9422
Hash

2e83f55f7bc5dd1ba2f5fd6349e6cdad

3cf464ea2674d39dbe3ae951815ac0cfc83671b2

6277de27cb0de185bb5861de7bd6d3a4093e054adf78f26e3f43340dfb116872

HTTP Headers

                                        GET /wp-content/themes/mdr-emerald-child/images/NCUA.png HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: image/webp
content-length: 9422
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=19606
content-disposition: inline; filename="NCUA.webp"
etag: "638fc6eb-4c96"
last-modified: Tue, 06 Dec 2022 22:49:15 GMT
vary: Accept
cf-cache-status: HIT
age: 122351
accept-ranges: bytes
server: cloudflare
cf-ray: 796da8e33828b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

rallycu.com/wp-content/themes/mdr-emerald-child/images/logo-ehl.png

141.193.213.20

200 OK

1128

URL HTTP/2

rallycu.com/wp-content/themes/mdr-emerald-child/images/logo-ehl.png
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

1128
Hash

a777024edeb10b319d4844e5c7de7af8

cc57c0d3333db8eee535963f4eae0c4320baa272

97f3e330ee66086fccfbd30d06e67811438d33d6c6148f271122835959721098

HTTP Headers

                                        GET /wp-content/themes/mdr-emerald-child/images/logo-ehl.png HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: image/webp
content-length: 1128
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2844
content-disposition: inline; filename="logo-ehl.webp"
etag: "638fc6dd-b1c"
last-modified: Tue, 06 Dec 2022 22:49:01 GMT
vary: Accept
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 796da8e3382ab511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

8ba328ca1dafc69ce7b7537cdc89616d

7ff4ddc85601ddb20d852b3b70e152ebb63e439d

27a975bedc82774262e4da67a21436afb618fc1ba3a9a29ca78401e812266929

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1157
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 15:32:47 GMT
Last-Modified: Thu, 09 Feb 2023 15:13:31 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279

rallycu.com/wp-includes/js/dist/token-list.min.js?ver=f2cf0bb3ae80de227e43

141.193.213.20

200 OK

888

URL HTTP/2

rallycu.com/wp-includes/js/dist/token-list.min.js?ver=f2cf0bb3ae80de227e43
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

ASCII text, with very long lines (1482)

Size

888
Hash

555d656aa3ac9e385bfce3c2b0a3f132

b1079c24a1fe27ac0f815bad3d2b78e4dd35eea8

d318b78c876fc79277ef5ceb950e6fc8cdb3503a478ef6f7700340e39681015f

HTTP Headers

                                        GET /wp-includes/js/dist/token-list.min.js?ver=f2cf0bb3ae80de227e43 HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 20 Sep 2022 15:43:29 GMT
etag: W/"6329dfa1-5ed"
cache-control: public, max-age=31536000
access-control-allow-origin: *
cf-cache-status: HIT
age: 122352
server: cloudflare
cf-ray: 796da8e31ff4b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

rallycu.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

141.193.213.20

200 OK

2954

URL HTTP/2

rallycu.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

ASCII text, with very long lines (6475), with no line terminators

Size

2954
Hash

90fe9a644c3ce5ec5626bea9b7c59264

74238a05027fa7d1a138cc8667baa4c8d1318be7

eb6adc898cc0cc834d9af27735702673df94c9baa75ea3145cd1aa30e90ffee9

HTTP Headers

                                        GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: W/"6254194e-194b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
cf-cache-status: HIT
age: 122352
server: cloudflare
cf-ray: 796da8e2cf7fb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

0333fa3e34f17f01e9829bd8ee662c23

be4c7a8599038facc49c73d6d14451023bc919e7

8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 15:32:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rallycu.com/wp-content/themes/mdr-emerald/js/theme.js?ver=6.1.1

141.193.213.20

200 OK

4691

URL HTTP/2

rallycu.com/wp-content/themes/mdr-emerald/js/theme.js?ver=6.1.1
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

ASCII text, with very long lines (1281)

Size

4691
Hash

01f654bf9e76887a03e3eb7cac11fb87

db451e7d78d2c6c170da474db66cd6994319d2f5

5c8c12bc9ab8ba804f49af3fc43b855f735375d5c4b5a1cc28c3ee18901ffecc

HTTP Headers

                                        GET /wp-content/themes/mdr-emerald/js/theme.js?ver=6.1.1 HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 05 Dec 2022 19:59:56 GMT
etag: W/"638e4dbc-2f96"
cache-control: public, max-age=31536000
access-control-allow-origin: *
cf-cache-status: HIT
age: 122352
server: cloudflare
cf-ray: 796da8e3381fb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

use.typekit.net/lis2nas.css?ver=6.1.1

23.33.119.19

200 OK

590

URL HTTP/2

use.typekit.net/lis2nas.css?ver=6.1.1
IP

23.33.119.19:0
ASN

#20940 Akamai International B.V.

Magic

Unicode text, UTF-8 text, with very long lines (516)

Size

590
Hash

73d789c5cac4d573044183fb6a590827

9e780d2b95e30243f0fc1a6faccab53e96fdff82

244d63f30509d88d38fed43f39ca1ea4e5d5b454928c503a688d16340dc251a0

HTTP Headers

                                        GET /lis2nas.css?ver=6.1.1 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 590
date: Thu, 09 Feb 2023 15:32:47 GMT
X-Firefox-Spdy: h2

rallycu.com/wp-content/themes/mdr-emerald/js/holder.js?ver=6.1.1

141.193.213.20

200 OK

23811

URL HTTP/2

rallycu.com/wp-content/themes/mdr-emerald/js/holder.js?ver=6.1.1
IP

141.193.213.20:0
ASN

#209242 Cloudflare London, LLC

Magic

Unicode text, UTF-8 text

Size

23811
Hash

433b755654617cd72ec22cd8c2086772

bb8d62a73abf05d1760d1560683af5c1e2633c74

d9e0b70d9609f970c6109f207483936672fa655320ab510f66514995be80ae08

HTTP Headers

                                        GET /wp-content/themes/mdr-emerald/js/holder.js?ver=6.1.1 HTTP/1.1
Host: rallycu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/covidresponse/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:32:47 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 05 Dec 2022 19:59:56 GMT
etag: W/"638e4dbc-15766"
cache-control: public, max-age=31536000
access-control-allow-origin: *
cf-cache-status: HIT
age: 122352
server: cloudflare
cf-ray: 796da8e37886b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/canvas-confetti@1.5.1/dist/confetti.browser.min.js?ver=6.1.1

151.101.1.229

200 OK

3240

URL HTTP/2

cdn.jsdelivr.net/npm/canvas-confetti@1.5.1/dist/confetti.browser.min.js?ver=6.1.1
IP

151.101.1.229:0
ASN

#54113 FASTLY

Magic

Unicode text, UTF-8 text, with very long lines (7300)

Size

3240
Hash

8c7bb3cd43546a1017cead21943bc570

99041d81fccb262f608e763f822ccfb0d8827d5a

5b7628255b5e0ebfad3f0a860e54b22aebfde9f38a052e702841c58b4adf1c53

HTTP Headers

                                        GET /npm/canvas-confetti@1.5.1/dist/confetti.browser.min.js?ver=6.1.1 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rallycu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.5.1
x-jsd-version-type: version
etag: W/"1de0-UIAA/uYa9lVGoI0bAGaN5RkevyY"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 09 Feb 2023 15:32:47 GMT
age: 6084643
x-served-by: cache-fra-eddf8230059-FRA, cache-bma1675-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3240
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (114)

#1 JS:Script (size: 386726)

#2 JS:Script (size: 5285)

#3 JS:Script (size: 779)

#4 JS:Script (size: 231250)

#5 JS:Script (size: 824771)

#6 JS:Script (size: 1239)

#7 JS:Script (size: 304)

#8 JS:Script (size: 1869)

#9 JS:Script (size: 5738)

#10 JS:Script (size: 9147)

#11 JS:Script (size: 10230)

#12 JS:Script (size: 4215)

#13 JS:Script (size: 54244)

#14 JS:Script (size: 837)

#15 JS:Script (size: 36756)

#16 JS:Script (size: 265)

#17 JS:Script (size: 3760)

#18 JS:Script (size: 33450)

#19 JS:Script (size: 3632)

#20 JS:Script (size: 2425)

#21 JS:Script (size: 1517)

#22 JS:Script (size: 26174)

#23 JS:Script (size: 21440)

#24 JS:Script (size: 42766)

#25 JS:Script (size: 699)

#26 JS:Script (size: 92)

#27 JS:Script (size: 145)

#28 JS:Script (size: 576)

#29 JS:Script (size: 50234)

#30 JS:Script (size: 13084)

#31 JS:Script (size: 18705)

#32 JS:Script (size: 160)

#33 JS:Script (size: 3577)

#34 JS:Script (size: 17338)

#35 JS:Script (size: 367)

#36 JS:Script (size: 6138)

#37 JS:Script (size: 317)

#38 JS:Script (size: 563)

#39 JS:Script (size: 16550)

#40 JS:Script (size: 11224)

#41 JS:Script (size: 11777)

#42 JS:Script (size: 3281)

#43 JS:Script (size: 8817)

#44 JS:Script (size: 812)

#45 JS:Script (size: 692)

#46 JS:Script (size: 20818)

#47 JS:Script (size: 392)

#48 JS:Script (size: 8833)

#49 JS:Script (size: 27759)

#50 JS:Script (size: 952)

#51 JS:Script (size: 2628)

#52 JS:Script (size: 7468)

#53 JS:Script (size: 18324)

#54 JS:Script (size: 334764)

#55 JS:Script (size: 3402)

#56 JS:Script (size: 51)