URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Submission: On December 09 via api from IN — Scanned from IT

Summary

This website contacted 20 IPs in 6 countries across 14 domains to perform 43 HTTP transactions. The main IP is 35.152.104.113, located in Milan, Italy and belongs to AMAZON-02, US. The main domain is www.cleafy.com.
TLS certificate: Issued by R10 on November 16th 2024. Valid for: 3 months.
This is the only time www.cleafy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 35.152.104.113 16509 (AMAZON-02)
8 104.18.160.117 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.18.141.119 13335 (CLOUDFLAR...)
1 18.244.20.134 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
5 142.250.185.67 15169 (GOOGLE)
3 104.18.80.204 13335 (CLOUDFLAR...)
5 2400:52e0:1e0... 200325 (BunnyCDN ...)
1 142.250.185.66 15169 (GOOGLE)
1 172.67.72.56 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
3 142.250.185.228 15169 (GOOGLE)
2 2001:bc8:1210... 12876 (AS12876 S...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2400:52e0:1a0... 200325 (BunnyCDN ...)
1 2400:52e0:1e0... 60068 (CDN77 Dat...)
1 172.217.18.8 15169 (GOOGLE)
43 20
Apex Domain
Subdomains
Transfer
8 website-files.com
cdn.prod.website-files.com — Cisco Umbrella Rank: 6218
225 KB
7 iubenda.com
cdn.iubenda.com — Cisco Umbrella Rank: 16026
cs.iubenda.com — Cisco Umbrella Rank: 17999
idb.iubenda.com — Cisco Umbrella Rank: 19082
162 KB
6 gstatic.com
fonts.gstatic.com
www.gstatic.com
316 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
346 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
1 KB
3 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4839
forms-na1.hsforms.com — Cisco Umbrella Rank: 7269
5 KB
3 cleafy.com
www.cleafy.com
sgtm.cleafy.com
23 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
fonts.googleapis.com — Cisco Umbrella Rank: 29
7 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3353
1 stapecdn.com
stapecdn.com — Cisco Umbrella Rank: 35652
8 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
1 cloudfront.net
d3e54v103j8qbb.cloudfront.net
32 KB
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 6979
156 KB
0 addthis.com Failed
s7.addthis.com Failed
43 14
Domain Requested by
8 cdn.prod.website-files.com www.cleafy.com
cdn.prod.website-files.com
5 cdn.iubenda.com www.googletagmanager.com
cdn.iubenda.com
5 fonts.gstatic.com fonts.googleapis.com
5 www.googletagmanager.com www.cleafy.com
www.googletagmanager.com
3 www.google.com js.hsforms.net
www.gstatic.com
2 sgtm.cleafy.com www.googletagmanager.com
stapecdn.com
2 forms-na1.hsforms.com www.cleafy.com
1 idb.iubenda.com cdn.iubenda.com
1 cs.iubenda.com cdn.iubenda.com
1 www.gstatic.com www.google.com
1 region1.google-analytics.com www.googletagmanager.com
1 stapecdn.com www.googletagmanager.com
1 pagead2.googlesyndication.com www.googletagmanager.com
1 forms.hsforms.com js.hsforms.net
1 fonts.googleapis.com ajax.googleapis.com
1 d3e54v103j8qbb.cloudfront.net www.cleafy.com
1 js.hsforms.net www.cleafy.com
1 ajax.googleapis.com www.cleafy.com
1 www.cleafy.com
0 s7.addthis.com Failed www.cleafy.com
43 20
Subject Issuer Validity Valid
www.cleafy.com
R10
2024-11-16 -
2025-02-14
3 months crt.sh
prod.website-files.com
WE1
2024-10-21 -
2025-01-19
3 months crt.sh
upload.video.google.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
hsforms.net
WE1
2024-12-07 -
2025-03-07
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2024-07-30 -
2025-07-03
a year crt.sh
*.google-analytics.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
*.gstatic.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
hsforms.com
WE1
2024-12-08 -
2025-03-08
3 months crt.sh
*.iubenda.com
Sectigo RSA Domain Validation Secure Server CA
2024-02-01 -
2025-03-03
a year crt.sh
*.g.doubleclick.net
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
stapecdn.com
WE1
2024-10-15 -
2025-01-13
3 months crt.sh
*.google.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
sgtm.cleafy.com
R10
2024-11-02 -
2025-01-31
3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Frame ID: 4E85E0F85989246F88C23AC1A18F64FC
Requests: 40 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.cleafy.com
Frame ID: 9E1B409B4E9FED48E991FDE8294E88BC
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuY2xlYWZ5LmNvbTo0NDM.&hl=en&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&badge=inline&cb=ch5jui7wl6qk
Frame ID: 74A3018A6C2B608C931E67BA1E76CA8D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=pPK749sccDmVW_9DSeTMVvh2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 7DF9A6F24FBF68673AE72A965E3302B1
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • iubenda\.com/cookie-solution/confs/js/

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

43
Requests

98 %
HTTPS

47 %
IPv6

14
Domains

20
Subdomains

20
IPs

6
Countries

1281 kB
Transfer

4439 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request droidbot-insights-from-a-new-turkish-maas-fraud-operation
www.cleafy.com/cleafy-labs/
80 KB
22 KB
Document
General
Full URL
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.152.104.113 Milan, Italy, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-152-104-113.eu-south-1.compute.amazonaws.com
Software
/
Resource Hash
419e32040c8b72405dd8b96828163c61287f94ddc6a072c92dbf9776bdc2209f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
384462
alt-svc
h3=":443"; ma=86400
cf-cache-status
HIT
cf-ray
8ef1f12e4ce0525b-MXP
content-encoding
gzip
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Mon, 09 Dec 2024 03:34:54 GMT
last-modified
Wed, 04 Dec 2024 16:43:08 GMT
strict-transport-security
max-age=31536000
surrogate-control
max-age=432000
surrogate-key
www.cleafy.com 6020129a813fe0c8f1e8053e pageId:609e4249b3778b39524cad9a 609e4249b3778b409b4cad98 60b40d39bb78e385c23d23fc 60bb55baee151591e306b7c8
vary
Accept-Encoding
x-cluster-name
eu-south-1-prod-hosting-red
x-frame-options
SAMEORIGIN
x-lambda-id
89641410-d754-402c-85ae-555fc88b18e5
cleafy.a2edda149.min.css
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/css/
167 KB
34 KB
Stylesheet
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a2edda149.min.css
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f49ab73e550e059edc0a27c33a64ff1de20e5615de346a5c38af867df2c87893

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"828e9af547b5fc80a69a72734e5e34c0"
x-amz-version-id
ttqWlSRdpp1_2xSOH5dyZswha633qxpo
age
1687
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
text/css
last-modified
Wed, 04 Dec 2024 16:43:03 GMT
vary
Accept-Encoding
priority
u=0,i=?0
x-amz-id-2
BTF9zeTMBBggVX7EQY+HbL3BLIdXa2syXkDW/sdrwv9sUPHZFqrRXniudSb61loiAr3yH2+dlFY=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
TQFKJ2D9F5WXZ9AW
cf-ray
8ef1f12f1d46367f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
34227
server
cloudflare
x-amz-server-side-encryption
AES256
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/
13 KB
6 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
gzip
age
239225
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Sat, 06 Dec 2025 09:07:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 06 Dec 2024 09:07:49 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
5437
x-xss-protection
0
server
sffe
v2.js
js.hsforms.net/forms/
484 KB
156 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

x-request-id
9a7521d1-0c7e-4efc-a831-2062cf9b352f
content-encoding
gzip
cf-cache-status
HIT
etag
W/"53fa063fb1734ce6bb187c96e7665972"
x-amz-version-id
kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
age
373
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TPuHIQKhVQdNT2DeSVM0W0AO70yzX1XsOlcevZinbkTazRXoTUrQJLrFBuJowTeGO7EYc5qNrirTNq2W4Jq03Xvf8uPR%2FugqDiGYW7a%2BBAKFBjDC5rSJh%2BIcGGu4D5LM"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
G6pQHKDrA-47WAjwbfl04aRYFAdoETtitu1OhdgpJJbIA3r1OKWSvg==
x-hubspot-correlation-id
9a7521d1-0c7e-4efc-a831-2062cf9b352f
content-type
application/javascript; charset=utf-8
last-modified
Thu, 21 Nov 2024 17:07:16 UTC
priority
u=1,i=?0
server-timing
cfExtPri
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-856d8787d5-2w2nl
x-envoy-upstream-service-time
2
x-hs-target-asset
forms-embed/static-1.6227/bundles/project-v2.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
x-hs-cache-status
HIT
date
Mon, 09 Dec 2024 03:34:54 GMT
vary
accept-encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8ed8d337194065ac-FRA
via
1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
cf-ray
8ef1f12f1da565c5-FRA
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
addthis_widget.js
s7.addthis.com/js/300/
0
0

jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/
87 KB
32 KB
Script
General
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6020129a813fe0c8f1e8053e
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.20.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-20-134.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://www.cleafy.com/

Response headers

access-control-max-age
3000
content-encoding
br
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age
26484
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
5Nrp4q8B0l_3rjCt8QmH0YOf6ZagOJYz6bPzHKMUUQrkqo4A3zWQPg==
date
Sun, 08 Dec 2024 20:13:31 GMT
content-type
application/javascript
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
vary
accept-encoding
cache-control
max-age=84600, must-revalidate
via
1.1 553c17cdbfc8c5ba81390077b0e5d2d4.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P11
server
AmazonS3
cleafy.65d67f643.js
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/js/
726 KB
182 KB
Script
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/js/cleafy.65d67f643.js
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b1509ae895b8bdd9b4e93f80a7a76a66c74844c8ae977e2bfa1b0a617388b59

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"ca664d636f21f428341cad5d971870c2"
x-amz-version-id
gl9luqDtQ7q7ILJDxh5Qh8pBo7N12Ye8
age
1687
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
text/javascript
last-modified
Wed, 04 Dec 2024 16:43:03 GMT
vary
Accept-Encoding
priority
u=1,i=?0
x-amz-id-2
73rQVWYTMcr4wtzMBboiZ/yhwgPpFQj3qb8T0QLbFszob3IAxb8gRzyB8F1wZkrEeh4SqgmIGuM=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
TQFPJNAZ5XG3493G
cf-ray
8ef1f12f1d45367f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
185125
server
cloudflare
x-amz-server-side-encryption
AES256
css
fonts.googleapis.com/
11 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular%7CRoboto:300,regular,700
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5b3daff7dc05dfc7febc3603c086fdf84daabcb2c58d91c1db173079b22964c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 09 Dec 2024 03:34:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 09 Dec 2024 03:34:54 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
gtm.js
www.googletagmanager.com/
364 KB
117 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5ca07d00154866f70731ce963621cd2e8acae6c33f2030f5cd531374d4c497ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 09 Dec 2024 03:34:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 09 Dec 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
119041
x-xss-protection
0
server
Google Tag Manager
6059fd81ed4a6c1673c8f579_CleafyIcon.ttf
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/
2 KB
3 KB
Font
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/6059fd81ed4a6c1673c8f579_CleafyIcon.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a2edda149.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
982ec121721fb8c8ec7de5fdc9b4880110192ec150fcfda12484537fac62498b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a2edda149.min.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"fe780be1587854651c5451b56860fee3"
x-amz-version-id
yyXB.LeBb3pAPhefeXi3e_lcW9drRqON
age
1634
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Tue, 23 Mar 2021 14:38:58 GMT
x-amz-id-2
+V7CFTYPPhWM27h9gPdFrNWDNrclVmbSklQbewDJfolxZRCu2aPqZ4Bmok22iHoifs8BC5ELXZw=
priority
u=0,i=?0
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FFMWDCD8QSKWJ3T1
cf-ray
8ef1f12fe870dcc1-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2456
server
cloudflare
x-amz-server-side-encryption
AES256
6031121f255fb120fa9d4d05_Cleafy-logo.svg
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/
2 KB
1 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/6031121f255fb120fa9d4d05_Cleafy-logo.svg
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85f7c36d87c5f0e216ee9b938c315f417869080cc8409dd062e77fd080295cac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1c2ad9d008e16a57ebc4d3cdbc7b3d80"
x-amz-version-id
GPsQ7MyW.ryKlIuROZJKgbTPvowEWgx1
age
1634
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
image/svg+xml
last-modified
Sat, 20 Feb 2021 13:44:00 GMT
vary
Accept-Encoding
priority
u=3,i
x-amz-id-2
fcQM/lXrFKZ/42GNEviySWa5nkViLVdpK0t4L4SBe6unjYjEFhRaY5eU2MHOJJKGIYiRblxWfrw=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FFMJNJHXYNZGJCMW
cf-ray
8ef1f12fed8b367f-FRA
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
60b5585b6689a33061c9c75d_C_Labs_Octanium.svg
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/
2 KB
1 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/60b5585b6689a33061c9c75d_C_Labs_Octanium.svg
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abc5a0dfe4d07a6e3c5cf11e90abfdd994e3db90a27414568366f72ac50e84db

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"4a5f4548e1c5e1b08a80d9d969067453"
x-amz-version-id
QXh4bIsT_7qVfNe71wvJ2nfDf31fD5uT
age
1634
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
image/svg+xml
last-modified
Mon, 31 May 2021 21:42:52 GMT
vary
Accept-Encoding
priority
u=3,i
x-amz-id-2
TszwYU0KGzBL0l72egBG0tyuMG9vQMj0o7Alw4MLDZHkFBr+Ef+gt2NGIWS1SuwdODjlUAGvVHo=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FFMK709BK4M5CB43
cf-ray
8ef1f12fed8c367f-FRA
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
QlddNThLqRwH-OJ1UHjlKENVzkWGVkL3GZQmAwLyya15.woff2
fonts.gstatic.com/s/inconsolata/v32/
33 KB
33 KB
Font
General
Full URL
https://fonts.gstatic.com/s/inconsolata/v32/QlddNThLqRwH-OJ1UHjlKENVzkWGVkL3GZQmAwLyya15.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular%7CRoboto:300,regular,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
3f3cd898943b026a13346c3259ebd91bf02fe245d5ccd152ce7f544257986865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://fonts.googleapis.com/

Response headers

age
426303
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 04 Dec 2025 05:09:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 05:09:51 GMT
last-modified
Thu, 14 Sep 2023 00:46:10 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
34104
x-xss-protection
0
server
sffe
L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
fonts.gstatic.com/s/robotomono/v23/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular%7CRoboto:300,regular,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
32c8a74ac0816253d69a7cc68a60986d91c77c80fb17101058527bffa45a13ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://fonts.googleapis.com/

Response headers

age
526691
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 01:16:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 01:16:43 GMT
last-modified
Thu, 14 Sep 2023 01:16:46 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
12764
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular%7CRoboto:300,regular,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://fonts.googleapis.com/

Response headers

age
331365
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 05 Dec 2025 07:32:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 05 Dec 2024 07:32:09 GMT
last-modified
Thu, 01 Aug 2024 20:41:19 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18492
x-xss-protection
0
server
sffe
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular%7CRoboto:300,regular,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://fonts.googleapis.com/

Response headers

age
483372
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 13:18:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 13:18:42 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular%7CRoboto:300,regular,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://fonts.googleapis.com/

Response headers

age
525129
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 01:42:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 01:42:45 GMT
last-modified
Thu, 01 Aug 2024 20:41:21 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18596
x-xss-protection
0
server
sffe
json
forms.hsforms.com/embed/v3/form/3993512/937dd5e4-6dad-4102-b348-22607dfad29f/
7 KB
3 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/3993512/937dd5e4-6dad-4102-b348-22607dfad29f/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
952ae4ecbcb693beb161507c322240007522aabb22095fea766e6104bbb9911a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://www.cleafy.com/

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
df006790-69ab-43d4-95bf-b15d53ccf9c7
access-control-expose-headers
X-Origin-Hublet
content-encoding
gzip
cf-cache-status
DYNAMIC
x-origin-hublet
na1
access-control-allow-methods
OPTIONS, GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:55 GMT
x-hubspot-correlation-id
df006790-69ab-43d4-95bf-b15d53ccf9c7
content-type
application/json;charset=utf-8
vary
origin
priority
u=1,i
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-b967ccf5d-f68sx
x-envoy-upstream-service-time
17
access-control-allow-credentials
false
cf-ray
8ef1f1312b4a9743-FRA
access-control-allow-origin
https://www.cleafy.com
x-evy-trace-route-configuration
listener_https/all
content-length
2318
server
cloudflare
x-evy-trace-virtual-host
all
662d3a39ac9bfbdb07311663_Footer-Texture.svg
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/
1 KB
874 B
Image
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/662d3a39ac9bfbdb07311663_Footer-Texture.svg
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a2edda149.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
271242211f6907c22619947ff7295571acb712efa840b80bc6ec324ded8ebd82

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a2edda149.min.css

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"5f403b5b541961239f59c5c91dd558f9"
x-amz-version-id
qWSyI8NmzwytZ5P8PfvHwAIl_FTglRxq
age
1634
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:47:38 GMT
vary
Accept-Encoding
priority
u=3,i
x-amz-id-2
JCS+MfMwjiKTRxR+fi6RAhAPdiuucQNRdSNIrymftMBHG/WEvcUFR2+Ms1f9YUfw0hDwHsGsMGE=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FFMZVDZVNBXMBA74
cf-ray
8ef1f1310e07367f-FRA
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
6036dd61d4e1d1975520d3b6_menuV2.json
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/
3 KB
1 KB
XHR
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/6036dd61d4e1d1975520d3b6_menuV2.json
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/js/cleafy.65d67f643.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45328a0fad361667f47be17f6b66f2c9a5d5c507f18301c94d1b9f59372ade36

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

access-control-max-age
3000
content-encoding
br
cf-cache-status
HIT
etag
W/"b61af8e755e948c52629faa62f8f9856"
x-amz-version-id
t2WUFsdV7vL_rId7fZpTXCbHjAgpuNes
age
1634
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
application/json
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
priority
u=1,i
x-amz-id-2
dXq8vvLWJq+8tTLU9/PbM7T2riXhu2mWi/8IT+IriAlnSMPyi9vY7kegbAiSofGoWX4WYwdb51E=
last-modified
Wed, 24 Feb 2021 23:12:34 GMT
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FFMR531SWJJDA693
cf-ray
8ef1f131299bdcc1-FRA
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
iubenda_cs.js
cdn.iubenda.com/cs/
2 KB
1 KB
Script
General
Full URL
https://cdn.iubenda.com/cs/iubenda_cs.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e07::1161:1 , Belgium, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-BE1-1161 /
Resource Hash
c1298025e88c2999e70ae41ed8b0316faf947046b7121efb1444bc2214350f9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cdn-status
200
content-encoding
br
etag
"6752afb2-2c4"
expires
Sat, 07 Dec 2024 18:51:43 GMT
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
date
Mon, 09 Dec 2024 03:34:55 GMT
last-modified
Fri, 06 Dec 2024 08:02:58 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains
cdn-cachedat
12/07/2024 17:51:43
cache-control
public, must-revalidate, proxy-revalidate, max-age=3600
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
cdn-requestid
1c8c17b32a60d198a2a1388488fbe60d
cdn-pullzone
954456
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
1161
server
BunnyCDN-BE1-1161
cdn-requestcountrycode
IT
js
www.googletagmanager.com/gtag/
391 KB
128 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XXDJEBQ2SP&l=dataLayer&cx=c&gtm=45He4c40v842765148za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
062b03575e43b485b9e014c26e56b3ad5b89883b747f696a08bc26456290d2ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 09 Dec 2024 03:34:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 09 Dec 2024 03:34:54 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
131115
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
296 KB
101 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QT32G62CZ9&l=dataLayer&cx=c&gtm=45He4c40v842765148za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
eb4147d8a47749b1e61375c37257c53d41d9c9559f3392641496131058eb1961
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 09 Dec 2024 03:34:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 09 Dec 2024 03:34:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
103186
x-xss-protection
0
server
Google Tag Manager
collect
pagead2.googlesyndication.com/ccm/
0
0
Ping
General
Full URL
https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.cleafy.com%2Fcleafy-labs%2Fdroidbot-insights-from-a-new-turkish-maas-fraud-operation&scrsrc=www.googletagmanager.com&frm=0&rnd=610241995.1733715295&npa=1&gtm=45He4c40v842765148za200&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485&tft=1733715294944&tfd=709&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

v8.js
stapecdn.com/dtag/
19 KB
8 KB
Script
General
Full URL
https://stapecdn.com/dtag/v8.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.72.56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99f2d8044a24b9817bc31c4e3f6c34c24ff4e05557ca70dcd2631f790785d8a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=3FX0EQ==, md5=Q2N3pg683cW38pmbAJQgGQ==
cf-cache-status
HIT
etag
W/"436377a60ebcddc5b7f2999b00942019"
age
243749
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BsxOIa5tt%2Frfvb5mvE16eh6S6zpOInQlkFYqK5iotm%2F%2BgEHwbja7t7YZJp4GdOGhMeaub3%2FCHaH56GUZPa2nUpoftiwnpv6WKkYUELPPTVh623lpLwcZUsIbjOE2mw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-goog-stored-content-encoding
identity
expires
Fri, 06 Dec 2024 08:52:26 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
18978
server-timing
cfL4;desc="?proto=QUIC&rtt=34343&min_rtt=34198&rtt_var=12928&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4271&recv_bytes=4231&delivery_rate=93107&cwnd=12000&unsent_bytes=0&cid=f34cdc07e7c26716&ts=56&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 03:34:55 GMT
content-type
text/javascript
last-modified
Tue, 09 Apr 2024 12:29:35 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AHmUCY2EVvKXXe9sI1ek0Yrf5phKtuxWmo6iBWY2abk32aMWlNFBgPZO5BfRZulLxEFkkNcGQQ
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
STANDARD
referrer-policy
same-origin
cf-ray
8ef1f131de5c5d41-FRA
x-goog-generation
1712665775294960
x-xss-protection
1; mode=block
server
cloudflare
sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame 9E1B
0
0
Document
General
Full URL
https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.cleafy.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
408612
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 10:04:43 GMT
expires
Thu, 04 Dec 2025 10:04:43 GMT
last-modified
Tue, 03 Dec 2024 10:18:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-XXDJEBQ2SP&gtm=45je4c40v877794303z8842765148za200zb842765148&_p=1733715294677&gcs=G100&gcd=13p3pPp2p7l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485&cid=274184915.1733715295&ul=it-it&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&ngs=1&_s=1&sid=1733715295&sct=1&seg=0&dl=https%3A%2F%2Fwww.cleafy.com%2Fcleafy-labs%2Fdroidbot-insights-from-a-new-turkish-maas-fraud-operation&dt=DroidBot%3A%20Insights%20from%20a%20new%20Turkish%20MaaS%20fraud%20operation%20%7C%20Cleafy%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allow_interest_groups=false&ep.gtm_page_path=%2Fcleafy-labs%2Fdroidbot-insights-from-a-new-turkish-maas-fraud-operation&ep.gtm_container_info=GTM-WF5KQ9M%7C26%7C&ep.gtm_hit_timestamp=2024-12-09T04%3A34%3A54.944%2B01%3A00&epn.gtm_date_now=1733715294945&ep.gtm_utm_source=&ep.gtm_utm_medium=&ep.gtm_utm_campaign=&ep.gtm_utm_content=&ep.gtm_utm_term=&ep.ga_session_consent_mode=%7C%7C&ep.request_type=client&ep.event_generation_type=gtm&ep.gtm_referrer=&ep.gtm_gclid=&ep.local_timezone_date=20241209&ep.local_timezone_hour=04%3A34&epn.pageview_action_times=0.27&up.user_possible_bot=normal%20user&tfd=832
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XXDJEBQ2SP&l=dataLayer&cx=c&gtm=45He4c40v842765148za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cleafy.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 09 Dec 2024 03:34:55 GMT
content-type
text/plain
server
Golfe2
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
914 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

x-robots-tag
none
x-request-id
ade3abee-4763-4607-b88b-4491a3bb3dd9
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:55 GMT
x-hubspot-correlation-id
ade3abee-4763-4607-b88b-4491a3bb3dd9
content-type
image/gif
vary
origin
priority
u=3,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-b967ccf5d-b9zv5
x-envoy-upstream-service-time
2
access-control-allow-credentials
false
cf-ray
8ef1f132ce23194b-FRA
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
enterprise.js
www.google.com/recaptcha/
2 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_9a56eee5_b4ac_4b10_93ad_69dc504b1ec5&render=explicit&hl=en
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
ESF /
Resource Hash
db6ad6338eeef1a3ae10b22ce1037d80fe5dbbde142003f934be7745cc9c8cfb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 09 Dec 2024 03:34:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 09 Dec 2024 03:34:55 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
collect
sgtm.cleafy.com/g/
0
0
Fetch
General
Full URL
https://sgtm.cleafy.com/g/collect?v=2&tid=G-QT32G62CZ9&gtm=45je4c40v9199135146z8842765148za200zb842765148&_p=1733715294677&gcs=G100&gcd=13p3p3p2p7l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485&cid=274184915.1733715295&ul=it-it&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&ngs=1&_s=1&sid=1733715295&sct=1&seg=0&dl=https%3A%2F%2Fwww.cleafy.com%2Fcleafy-labs%2Fdroidbot-insights-from-a-new-turkish-maas-fraud-operation&dt=DroidBot%3A%20Insights%20from%20a%20new%20Turkish%20MaaS%20fraud%20operation%20%7C%20Cleafy%20Labs&en=page_view&_fv=1&_ss=1&ep.allow_interest_groups=false&ep.event_id=1733715294677_1_gtm.js&ep.gtm_page_path=%2Fcleafy-labs%2Fdroidbot-insights-from-a-new-turkish-maas-fraud-operation&ep.gtm_container_info=GTM-WF5KQ9M%7C26%7C&ep.gtm_hit_timestamp=2024-12-09T04%3A34%3A54.945%2B01%3A00&epn.gtm_date_now=1733715294945&ep.gtm_utm_source=&ep.gtm_utm_medium=&ep.gtm_utm_campaign=&ep.gtm_utm_content=&ep.gtm_utm_term=&ep.ga_session_consent_mode=%7C%7C&ep.request_type=server&ep.event_generation_type=gtm&ep.gtm_referrer=&ep.gtm_gclid=&ep.local_timezone_date=20241209&ep.local_timezone_hour=04%3A34&epn.pageview_action_times=0.27&up.user_possible_bot=normal%20user&tfd=892
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QT32G62CZ9&l=dataLayer&cx=c&gtm=45He4c40v842765148za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:bc8:1210:6c:: , France, ASN12876 (AS12876 SCALEWAY S.A.S., FR),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

x-robots-tag
noindex, nofollow
content-length
0
date
Mon, 09 Dec 2024 03:34:55 GMT
trace-id
8c7231c1-801b-4d81-8bbf-c39d239bb30b
core-en.js
cdn.iubenda.com/cookie_solution/iubenda_cs/1.70.0/
345 KB
68 KB
Script
General
Full URL
https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.70.0/core-en.js
Requested by
Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cs/iubenda_cs.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e07::1161:1 , Belgium, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-BE1-1161 /
Resource Hash
379ef066604a519d28e30104ed26325d937f7482f5ae17fe9cf11c2f9e529724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cdn-status
200
content-encoding
br
etag
"6752afb1-10cd7"
expires
Sat, 06 Dec 2025 08:29:21 GMT
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
date
Mon, 09 Dec 2024 03:34:55 GMT
last-modified
Fri, 06 Dec 2024 08:02:57 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains
cdn-cachedat
12/06/2024 08:29:21
cache-control
public, must-revalidate, proxy-revalidate, max-age=31536000
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
cdn-requestid
fc01c9b904a27630bacef278df5d2240
cdn-pullzone
954456
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
1161
server
BunnyCDN-BE1-1161
cdn-requestcountrycode
IT
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
878 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

x-robots-tag
none
x-request-id
c34110ea-2cd8-4b3a-b4f0-703cf1fc665d
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:55 GMT
x-hubspot-correlation-id
c34110ea-2cd8-4b3a-b4f0-703cf1fc665d
content-type
image/gif
vary
origin
priority
u=3,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9cthp
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8ef1f132ce24194b-FRA
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
data
sgtm.cleafy.com/
68 B
459 B
XHR
General
Full URL
https://sgtm.cleafy.com/data?v=2&event_name=page_view
Requested by
Host: stapecdn.com
URL: https://stapecdn.com/dtag/v8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:bc8:1210:6c:: , France, ASN12876 (AS12876 SCALEWAY S.A.S., FR),
Reverse DNS
Software
/
Resource Hash
f45dab8bcee19f81702845bb2845cdeb28b955b05eedb82fa6aa19911d56b2f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
text/plain
Referer
https://www.cleafy.com/

Response headers

x-robots-tag
noindex, nofollow
access-control-max-age
600
trace-id
57efc4e8-4686-45c1-90c9-d152fd20c631
access-control-allow-credentials
true
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin
https://www.cleafy.com
content-length
68
date
Mon, 09 Dec 2024 03:34:55 GMT
content-type
application/json
access-control-allow-headers
content-type,set-cookie,x-robots-tag,x-gtm-server-preview,x-stape-preview
recaptcha__en.js
www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/
547 KB
216 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_9a56eee5_b4ac_4b10_93ad_69dc504b1ec5&render=explicit&hl=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.cleafy.com
Referer
https://www.cleafy.com/

Response headers

content-encoding
gzip
age
21592
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Mon, 08 Dec 2025 21:35:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 08 Dec 2024 21:35:03 GMT
last-modified
Mon, 11 Nov 2024 05:00:22 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220753
x-xss-protection
0
server
sffe
31282315.js
cs.iubenda.com/cookie-solution/confs/js/
251 B
774 B
Script
General
Full URL
https://cs.iubenda.com/cookie-solution/confs/js/31282315.js
Requested by
Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.70.0/core-en.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1a00::1206:2 Chicago, United States, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-IL1-1206 /
Resource Hash
86b96efd3989e90aa30c56f5ad7442a2e76b79bb5b5ac741cc070193073970f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cdn-status
200
content-encoding
br
etag
"673b5cc8-fb"
expires
Mon, 18 Nov 2024 18:21:45 GMT
date
Mon, 09 Dec 2024 03:34:55 GMT
last-modified
Mon, 18 Nov 2024 15:27:04 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains
cdn-cachedat
11/18/2024 17:21:45
cache-control
public, max-age=3600
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
cdn-requestid
449cd8a6794dc9ca9b9741afbefdba1f
access-control-allow-credentials
true
cdn-pullzone
1019485
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
1206
server
BunnyCDN-IL1-1206
cdn-requestcountrycode
IT
anchor
www.google.com/recaptcha/enterprise/ Frame 74A3
0
0
Document
General
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuY2xlYWZ5LmNvbTo0NDM.&hl=en&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&badge=inline&cb=ch5jui7wl6qk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-HQjIIRzfX_jhRXuKuOwBdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cleafy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-HQjIIRzfX_jhRXuKuOwBdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 09 Dec 2024 03:34:55 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
tcf-v2-0.27.3.js
cdn.iubenda.com/cs/tcf/versions/
119 KB
24 KB
Script
General
Full URL
https://cdn.iubenda.com/cs/tcf/versions/tcf-v2-0.27.3.js
Requested by
Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.70.0/core-en.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e07::1161:1 , Belgium, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-BE1-1161 /
Resource Hash
4a17046d6b7352731033f95c978991ba168ec7ccefc240ac4c55044f2bb6469c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cdn-status
200
content-encoding
br
etag
"6752afb2-5de1"
expires
Sat, 06 Dec 2025 08:29:12 GMT
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
date
Mon, 09 Dec 2024 03:34:55 GMT
last-modified
Fri, 06 Dec 2024 08:02:58 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains
cdn-cachedat
12/06/2024 08:29:12
cache-control
public, must-revalidate, proxy-revalidate, max-age=31536000
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
cdn-requestid
d5ae2ea7d866d80bfda539283da318c4
cdn-pullzone
954456
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
1161
server
BunnyCDN-BE1-1161
cdn-requestcountrycode
IT
vendorlist.83.json
cdn.iubenda.com/cs/tcf/v3-versioned/
610 KB
55 KB
XHR
General
Full URL
https://cdn.iubenda.com/cs/tcf/v3-versioned/vendorlist.83.json
Requested by
Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cs/tcf/versions/tcf-v2-0.27.3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e07::1161:1 , Belgium, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-BE1-1161 /
Resource Hash
ebf9979781ac6f999b45cda33b6d5e216167216de4ca9d994e5f5bf898845e9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cdn-status
200
content-encoding
br
etag
"6752afb2-d7fa"
expires
Sat, 07 Dec 2024 08:29:13 GMT
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
date
Mon, 09 Dec 2024 03:34:55 GMT
last-modified
Fri, 06 Dec 2024 08:02:58 GMT
content-type
application/json
vary
Accept-Encoding
cdn-cache
HIT
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains
cdn-cachedat
12/06/2024 08:29:13
cache-control
public, must-revalidate, proxy-revalidate, max-age=86400
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
cdn-requestid
a747c11927b83c85c53c5ccc71230401
cdn-pullzone
954456
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
1161
server
BunnyCDN-BE1-1161
cdn-requestcountrycode
IT
gac-vendors.json
cdn.iubenda.com/cs/tcf/
56 KB
13 KB
XHR
General
Full URL
https://cdn.iubenda.com/cs/tcf/gac-vendors.json
Requested by
Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cs/tcf/versions/tcf-v2-0.27.3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e07::1161:1 , Belgium, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-BE1-1161 /
Resource Hash
6f7de1629872d8e979f21bf9fd681433697a1e081dc9e4c0aa81d5c2aa46a0ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cdn-status
200
content-encoding
br
etag
"6752afb2-2f82"
expires
Sat, 07 Dec 2024 08:29:13 GMT
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
date
Mon, 09 Dec 2024 03:34:55 GMT
last-modified
Fri, 06 Dec 2024 08:02:58 GMT
content-type
application/json
vary
Accept-Encoding
cdn-cache
HIT
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains
cdn-cachedat
12/06/2024 08:29:13
cache-control
public, must-revalidate, proxy-revalidate, max-age=86400
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
cdn-requestid
b69b96195f5e12db57d8531ccd5c9f62
cdn-pullzone
954456
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
1161
server
BunnyCDN-BE1-1161
cdn-requestcountrycode
IT
csdata
idb.iubenda.com/
0
607 B
XHR
General
Full URL
https://idb.iubenda.com/csdata?db=hits1
Requested by
Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.70.0/core-en.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.cleafy.com/

Response headers

access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
date
Mon, 09 Dec 2024 03:34:55 GMT
cdn-cachedat
12/09/2024 03:34:55
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
cdn-requestpullcode
204
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=0
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
a7bd0c3f-43db-400a-80e2-073f933f3c99
x-influxdb-build
OSS
access-control-allow-credentials
true
cdn-pullzone
967785
cdn-proxyver
1.06
cdn-requestid
c1efd92284e1c0505fbc4dbbbf295abc
access-control-allow-origin
*
x-influxdb-version
v2.7.5
cdn-edgestorageid
1081
server
BunnyCDN-DE1-1081
cdn-requestcountrycode
IT
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?v=3&t=l&pid=714917980&rv=4c40&tag_exp=101925629~102067555~102067808~102081485&u=AAAAAIAIAAAAACAo&ut=Ag&h=Ag&gtm=45je4c40v877794303za200zb842765148&ccid=77794303&cid=G-XXDJEBQ2SP&l=L441.S30.B22.E985.I646.EC6.TC17.HTC0~gtm.init.S0.V0.E56.TS5ogtcrossdomain.TI106.TE0.TS5ogt1pdatav2.TI110.TE0.TS5ccdgalast.TI111.TE0.TS5ccdgaadslink.TI112.TE0.TS5ccdautoredact.TI113.TE0.TS5ccdconversionmarking.TI114.TE0.TS5ccdemsitesearch.TI115.TE0.TS5ccdemscroll.TI116.TE0.TS5ccdempageview.TI117.TE0.TS5ccdemoutboundclick.TI118.TE0.TS5ccdemdownload.TI119.TE0.TS5ccdgaregscope.TI120.TE0.TS5ogtgooglesignals.TI121.TE0.TS5setproductsettings.TI122.TE0.TS5ccdgafirst.TI123.TE0~gtm.js.S0.V0.E51.TS5gct.TI103.TE2~*.S0.V0.E16~gtm.dom.S0.V0.E15~gtm.load.S0.V0.E1~gtm.init_consent.S1.V1.E58.TS5ogtdma.TI108.TE0~GA391
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.8 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Mon, 09 Dec 2024 03:34:56 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
603d13d936ee41fe7a568f18_Crypto%20-%2032.png
cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/
685 B
1 KB
Other
General
Full URL
https://cdn.prod.website-files.com/6020129a813fe0c8f1e8053e/603d13d936ee41fe7a568f18_Crypto%20-%2032.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac629c8e2f072a296ec88668e3571991fbadb346b7a9b0813cdac0f004c7207b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.cleafy.com/

Response headers

cf-cache-status
HIT
etag
"cba564c7fd9b7a57ba1917e8d68bfd78"
x-amz-version-id
I2Q6H10UxkZMMoCQwzld3sgAzsORcR_D
age
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 09 Dec 2024 03:34:56 GMT
content-type
image/png
last-modified
Mon, 01 Mar 2021 16:18:35 GMT
vary
Accept-Encoding
priority
u=1,i
x-amz-id-2
sANZi2znksM0JZCzvQDTKeMdJLTyclCOyqooaWZGQEh09ZgGi107QXjgwZ3qnRSn4WkUgCI5Lw0dHvOsWPpcECrSumRooh8DNtIeevlfRBE=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
J7G730ZWYN36G4E7
cf-ray
8ef1f13859ab367f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
685
server
cloudflare
x-amz-server-side-encryption
AES256
bframe
www.google.com/recaptcha/enterprise/ Frame 7DF9
0
0
Document
General
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=pPK749sccDmVW_9DSeTMVvh2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fpzL1agwikkSsA01NohmXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cleafy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-fpzL1agwikkSsA01NohmXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 09 Dec 2024 03:34:56 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/js/300/addthis_widget.js

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| WebFont object| dataLayer object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady function| $ function| jQuery function| tram object| Webflow object| google_tag_manager object| google_tag_data object| _iub object| gaGlobal object| _hsq function| hsRecaptchaLoaded_9a56eee5_b4ac_4b10_93ad_69dc504b1ec5 function| dataTagParseResponse function| dataTagSendData function| dataTagGetData function| dataTagMD5 function| dataTag256 function| dataTagJsSHA object| dataTagData object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| closure_lm_139412 function| __tcfapi function| __uspapi

6 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ANOXeZws3Ca0ZIJEVXxctrhJjrY0JcN5I47QhxCKCDezhjpgmsLV1tGh7o40QLRccX0-qNg3KrqWVbddWS77u-w
.hsforms.net/ Name: __cf_bm
Value: 25aBBAC3W827GVSVKAXonseF9zEGOsV1M79ogxBap8A-1733715294-1.0.1.1-.i5BFHgEKsdwiC8bikhFNrnB978HwFZEIZsPr4gCxNagWTjZuRuv4cdgxO57ehoLu0nZIwVKE14XVXZ83jp.Ng
.prod.website-files.com/ Name: __cf_bm
Value: RFGKk12dadd6Bz02QvaC_BQU.kovQuUU2dlLjU9m1uA-1733715294-1.0.1.1-6K2s8M_7dXPV_4rCUadQ_qQsUVbSg.ONoSwdGiZUUQptWg9SzOenVbKUoQYZDBb2G351.ekox_f9u3I_wNb5tQ
.hsforms.com/ Name: __cf_bm
Value: HCiqpaThhwemjxjG33t1WDmZI0MfWkGnpNH5TKnSL2I-1733715295-1.0.1.1-65NFO1Alayu0l1rlUbfkOug1SjVBJr.JiSUXtU1aFH95tFGbrxbxxQL0NwHrMjkr.nvA2SP99DGshfip8owexw
.hsforms.com/ Name: _cfuvid
Value: 7WIYNGhgPqo35kOFP7GyUdsUtoS_NTW4g5.jMxyLB7s-1733715295269-0.0.1.1-604800000
.cleafy.com/ Name: _dcid
Value: dcid.1.1733715295312.672149867

1 Console Messages

Source Level URL
Text
network error URL: https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-60ba4de6ccd96e1e
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.iubenda.com
cdn.prod.website-files.com
cs.iubenda.com
d3e54v103j8qbb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
idb.iubenda.com
js.hsforms.net
pagead2.googlesyndication.com
region1.google-analytics.com
s7.addthis.com
sgtm.cleafy.com
stapecdn.com
www.cleafy.com
www.google.com
www.googletagmanager.com
www.gstatic.com
s7.addthis.com
104.18.141.119
104.18.160.117
104.18.80.204
142.250.185.228
142.250.185.66
142.250.185.67
172.217.18.8
172.67.72.56
18.244.20.134
2001:4860:4802:32::36
2001:bc8:1210:6c::
2400:52e0:1a00::1206:2
2400:52e0:1e00::1081:1
2400:52e0:1e07::1161:1
2a00:1450:4001:809::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:812::200a
2a00:1450:4001:82f::200a
35.152.104.113
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
062b03575e43b485b9e014c26e56b3ad5b89883b747f696a08bc26456290d2ad
1b1509ae895b8bdd9b4e93f80a7a76a66c74844c8ae977e2bfa1b0a617388b59
271242211f6907c22619947ff7295571acb712efa840b80bc6ec324ded8ebd82
32c8a74ac0816253d69a7cc68a60986d91c77c80fb17101058527bffa45a13ba
379ef066604a519d28e30104ed26325d937f7482f5ae17fe9cf11c2f9e529724
3f3cd898943b026a13346c3259ebd91bf02fe245d5ccd152ce7f544257986865
419e32040c8b72405dd8b96828163c61287f94ddc6a072c92dbf9776bdc2209f
45328a0fad361667f47be17f6b66f2c9a5d5c507f18301c94d1b9f59372ade36
4a17046d6b7352731033f95c978991ba168ec7ccefc240ac4c55044f2bb6469c
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
5b3daff7dc05dfc7febc3603c086fdf84daabcb2c58d91c1db173079b22964c5
5ca07d00154866f70731ce963621cd2e8acae6c33f2030f5cd531374d4c497ed
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6f7de1629872d8e979f21bf9fd681433697a1e081dc9e4c0aa81d5c2aa46a0ea
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
85f7c36d87c5f0e216ee9b938c315f417869080cc8409dd062e77fd080295cac
86b96efd3989e90aa30c56f5ad7442a2e76b79bb5b5ac741cc070193073970f7
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
952ae4ecbcb693beb161507c322240007522aabb22095fea766e6104bbb9911a
982ec121721fb8c8ec7de5fdc9b4880110192ec150fcfda12484537fac62498b
99f2d8044a24b9817bc31c4e3f6c34c24ff4e05557ca70dcd2631f790785d8a9
abc5a0dfe4d07a6e3c5cf11e90abfdd994e3db90a27414568366f72ac50e84db
ac629c8e2f072a296ec88668e3571991fbadb346b7a9b0813cdac0f004c7207b
c1298025e88c2999e70ae41ed8b0316faf947046b7121efb1444bc2214350f9b
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
db6ad6338eeef1a3ae10b22ce1037d80fe5dbbde142003f934be7745cc9c8cfb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb4147d8a47749b1e61375c37257c53d41d9c9559f3392641496131058eb1961
ebf9979781ac6f999b45cda33b6d5e216167216de4ca9d994e5f5bf898845e9d
f45dab8bcee19f81702845bb2845cdeb28b955b05eedb82fa6aa19911d56b2f4
f49ab73e550e059edc0a27c33a64ff1de20e5615de346a5c38af867df2c87893
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d