lo.usherpa.com Open in urlscan Pro
13.66.38.99 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://emlink.usherpa.net/ls/click?upn=pZ4qlEXTabSjrvUJkQaaX2RXWGaO4ZDwf3c8fW1Tlf9MOcv5mZ0B8Qj9ezaN5nC8xRle2sfcDSIdSYSmzby...
Effective URL:
https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=154...
Submission: On January 23 via api (January 23rd 2023, 2:46:27 pm UTC) from IE — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 16 HTTP transactions. The main IP is 13.66.38.99, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is lo.usherpa.com. The Cisco Umbrella rank of the primary domain is 987720.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 22nd 2022. Valid for: a year.

This is the only time lo.usherpa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.120 167.89.115.120	11377 (SENDGRID) (SENDGRID)
9	13.66.38.99 13.66.38.99	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
1	13.69.106.215 13.69.106.215	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
16	6

1 167.89.115.120 (Herndon, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x120.outbound-mail.sendgrid.net

emlink.usherpa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.66.38.99 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

lo.usherpa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.69.106.215 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	usherpa.com lo.usherpa.com — Cisco Umbrella Rank: 987720	1 MB
2	gstatic.com fonts.gstatic.com	62 KB
1	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 755
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 2017	22 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	usherpa.net 1 redirects emlink.usherpa.net	336 B
16	6

	Domain	Requested by
9	lo.usherpa.com	lo.usherpa.com
2	fonts.gstatic.com	fonts.googleapis.com
1	dc.services.visualstudio.com	az416426.vo.msecnd.net
1	az416426.vo.msecnd.net	lo.usherpa.com
1	fonts.googleapis.com	lo.usherpa.com
1	emlink.usherpa.net	1 redirects
16	6

This site contains no links.

Subject Issuer	Validity	Valid
usherpa.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-22` - `2023-04-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2022-07-11` - `2023-07-11`	a year	crt.sh
in.applicationinsights.azure.com Microsoft Azure TLS Issuing CA 06	`2022-11-21` - `2023-11-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Frame ID: 2DB926F203064BD428293679F49F2C17
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Email Opt-Out

Page URL History Show full URLs

http://emlink.usherpa.net/ls/click?upn=pZ4qlEXTabSjrvUJkQaaX2RXWGaO4ZDwf3c8fW1Tlf9MOcv5mZ0B8Qj9ezaN5nC... HTTP 302
https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetr... Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

16
Requests

88 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

1520 kB
Transfer

3399 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://emlink.usherpa.net/ls/click?upn=pZ4qlEXTabSjrvUJkQaaX2RXWGaO4ZDwf3c8fW1Tlf9MOcv5mZ0B8Qj9ezaN5nC8xRle2sfcDSIdSYSmzbyLwsmoj6H9G6bdnFF2k44rmTjsFjCYEUhQ0jf2HZ8zCZ30okwdjHF07WLpnGamDJsxGRUyoZYBnDLe0bHMI56iyF1BOdlEPYa4qNyf5wdvqlMdv3qy_0ujZrnHxNsgxW-2Fk2gJr-2FkqY4DLaHmmXO71ODjKekmALGxN-2FlQlLLTBut2x-2F9LzAqf7mJ8Wm0Qcic1zRem5f-2FT1fuAOl6amAT2rIkGrwdycvkStf1sFyvn1DHPWGJffR2ggsS6f14908uJlRu2WCmnDxt3wQ-2FumDKZ-2B9usDYk-2BNmM-2FUS-2B0xDlo4-2BCI5KiyyXcmqzpKpGAl-2FC-2BW-2BgNECvdhlMG1f2QnswFPmakSWlTqppZowUPOOITFsmBO4xMru3B8oSGQU4Z7XZ7HIm3XrkbWEA5Yo7ENsHEoO-2BtttCbaeNqBK2AogZkOfHxS8q1HwKVEd46p7igcGvY9KHKGMnc-2FaTh3M65M-2FFwkP34Myirnus-3D HTTP 302
https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request 74a079ea-ed72-42b9-bb9f-7bf6b28b862b Show response
lo.usherpa.com/optout/
Redirect Chain

http://emlink.usherpa.net/ls/click?upn=pZ4qlEXTabSjrvUJkQaaX2RXWGaO4ZDwf3c8fW1Tlf9MOcv5mZ0B8Qj9ezaN5nC8xRle2sfcDSIdSYSmzbyLwsmoj6H9G6bdnFF2k44rmTjsFjCYEUhQ0jf2HZ8zCZ30okwdjHF07WLpnGamDJsxGRUyoZYBnD...
https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All

9 KB
14 KB

1848ms
1508ms

Document
text/html

13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 110f74a099a60dd2e7a2310a7d820934f09aba0b3e5ea5b0cf32f315450160b8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Content-Length: 3280
Content-Type: text/html; charset=utf-8
Date: Mon, 23 Jan 2023 14:46:22 GMT
Expires: -1
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Pragma: no-cache
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 163
Content-Type: text/html; charset=utf-8
Date: Mon, 23 Jan 2023 14:46:20 GMT
Location: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Server: nginx
X-Robots-Tag: noindex, nofollow

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 85ms
31ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97d876b0796d55e1a4d9dec67f958fd62674617e5417b92e4584c0397974e9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 23 Jan 2023 14:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 13:49:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 23 Jan 2023 14:46:22 GMT

GET
H/1.1 200
OK site-css
lo.usherpa.com/content/ 189 KB
41 KB 176ms
175ms Stylesheet
text/css 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/content/site-css?v=HuTJssmJAioCb0T7IyOslxmWZbP8OOEYI5daYbipjxg1
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3d8ef7ee2e28ce8a06b5606a6951c5c15be2ac02cd2410cfd4ec7a35f22df5d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:22 GMT
Vary: User-Agent,Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: public,public
Access-Control-Allow-Headers: Content-Type
Content-Length: 41362
Expires: Tue, 23 Jan 2024 14:46:22 GMT

GET
H/1.1 200
OK site-scss
lo.usherpa.com/content/ 986 KB
176 KB 505ms
174ms Stylesheet
text/css 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/content/site-scss?v=eYvCV5DLfrWDOIGcRXKGdXn3kwHDF1jHaMqR8bLY1RA1
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 67171d59b57d2a4f862df1a6394b6dd17335b40d3a0d0ca315cf17418c1ec35d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:23 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: public,public
Vary: User-Agent,Accept-Encoding
Access-Control-Allow-Headers: Content-Type
Expires: Tue, 23 Jan 2024 14:46:23 GMT

GET
H/1.1 200
OK jquery-js Show response
lo.usherpa.com/bundles/ 102 KB
46 KB 515ms
184ms Script
text/javascript 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/bundles/jquery-js?v=1MMtobEaBI0JH7SrsjX3Q1wS7CzPH7zBp-pWIqU1Pwk1
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 64111cee208d92f55c9e4ce32f310be952d43fcfd41fbaa78120c976b14deb1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:23 GMT
Vary: User-Agent,Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: public
Access-Control-Allow-Headers: Content-Type
Content-Length: 46969
Expires: Tue, 23 Jan 2024 14:46:23 GMT

GET
H/1.1 200
OK jquery-validate-js Show response
lo.usherpa.com/bundles/ 57 KB
22 KB 555ms
219ms Script
text/javascript 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/bundles/jquery-validate-js?v=4jTdyXIBrM7k1JMU6YONFT1ynC3CiNosyBybUjN-xK01
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c6e1cfb527537059d73352cb9f89169fccf9155d18448799b0202918544965f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:23 GMT
Vary: User-Agent,Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: public
Access-Control-Allow-Headers: Content-Type
Content-Length: 21595
Expires: Tue, 23 Jan 2024 14:46:23 GMT

GET
H/1.1 200
OK general-js Show response
lo.usherpa.com/bundles/ 16 KB
7 KB 534ms
194ms Script
text/javascript 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/bundles/general-js?v=kVdz1XgVbndX8dH5qNB_waYgB_kc1pqHXfz4QL7VLPQ1
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: a084ab344bb838bfa8fc41ea8767df7073219ceff7be17fca12504cda8ed4350

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:23 GMT
Vary: User-Agent,Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: public
Access-Control-Allow-Headers: Content-Type
Content-Length: 6743
Expires: Tue, 23 Jan 2024 14:46:23 GMT

GET
H/1.1 200
OK site-js Show response
lo.usherpa.com/bundles/ 1 MB
441 KB 525ms
178ms Script
text/javascript 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/bundles/site-js?v=nTxNsUJcgv7uwuEBXgyjpmi4UmIRDExgjHW8Q_L2cNs1
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 152382435e6ccd345713cf0882182e06eb1225984587aac106773552ecdb8461

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:23 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: public
Vary: User-Agent,Accept-Encoding
Access-Control-Allow-Headers: Content-Type
Expires: Tue, 23 Jan 2024 14:46:23 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 74ms
22ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lo.usherpa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 22 Jan 2023 14:23:49 GMT
x-content-type-options: nosniff
age: 87754
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jan 2024 14:23:49 GMT

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v34/ 17 KB
18 KB 96ms
45ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lo.usherpa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 18:56:35 GMT
x-content-type-options: nosniff
age: 589788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17820
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 18:56:35 GMT

GET
H/1.1 200
OK icomoon.ttf
lo.usherpa.com/content/fonts/ 679 KB
679 KB 166ms
166ms Font
application/octet-stream 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/content/fonts/icomoon.ttf?crt57v
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/content/site-css?v=HuTJssmJAioCb0T7IyOslxmWZbP8OOEYI5daYbipjxg1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f816bc9cb5691011ff71d42a2713de817c0ce5d060f883352300fe0842fa2f49

Request headers

Referer: https://lo.usherpa.com/content/site-css?v=HuTJssmJAioCb0T7IyOslxmWZbP8OOEYI5daYbipjxg1
Origin: https://lo.usherpa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:23 GMT
Last-Modified: Thu, 12 Jan 2023 00:23:44 GMT
ETag: "06813211c26d91:0"
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: max-age=31536000,public
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Content-Length: 694936

GET
BLOB 200
OK 9bafe0a3-37ee-42ad-9f7e-a521a05169c8
https://lo.usherpa.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://lo.usherpa.com/9bafe0a3-37ee-42ad-9f7e-a521a05169c8
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2437ddf45aa84303d14cc4569941c1ae58e8accca92216349c1332794015c6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK getrequestinfo Show response
lo.usherpa.com/ 234 B
7 KB 917ms
917ms XHR
application/json 13.66.38.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.usherpa.com/getrequestinfo
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/bundles/jquery-js?v=1MMtobEaBI0JH7SrsjX3Q1wS7CzPH7zBp-pWIqU1Pwk1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.66.38.99 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5cf33163c91ae603253f58b37fab3327b434db921594a8bfd52ff7bedeabc0a3

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://lo.usherpa.com/optout/74a079ea-ed72-42b9-bb9f-7bf6b28b862b?email=john.morrison%40laredopetro.com&campaignId=1541257&type=All
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 23 Jan 2023 14:46:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 14:46:23 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
P3P: policyref="https://lo.usherpa.com/content/w3c/p3p.xml",CP="CAO PSA CONi OUR DEM ONL"
Cache-Control: private, max-age=86400
Access-Control-Allow-Headers: Content-Type
Content-Length: 277
Expires: Tue, 24 Jan 2023 14:46:23 GMT

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 106ms
23ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: lo.usherpa.com
URL: https://lo.usherpa.com/bundles/site-js?v=nTxNsUJcgv7uwuEBXgyjpmi4UmIRDExgjHW8Q_L2cNs1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD6) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lo.usherpa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 23 Jan 2023 14:46:24 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 947
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (frc/4CD6)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: de69a030-b01e-0059-0e37-2f88ab000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Mon, 23 Jan 2023 15:16:24 GMT

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ 0
0 179ms
32ms Preflight 13.69.106.215
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sdk-context
Access-Control-Request-Method: POST
Origin: https://lo.usherpa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Mon, 23 Jan 2023 14:46:25 GMT
x-content-type-options: nosniff

POST track
dc.services.visualstudio.com/v2/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dc.services.visualstudio.com
URL: https://dc.services.visualstudio.com/v2/track

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lo.usherpa.com/	1969-12-31 23:59:59	Name: UsherpaLOAnonymousId Value: "cf888c9f-cc93-474d-b7ff-69ffb1180681"
lo.usherpa.com/	1969-12-31 23:59:59	Name: browser-dimensions Value: "1600x1200"
lo.usherpa.com/	1969-12-31 23:59:59	Name: device-dimensions Value: "1600x1200"
.lo.usherpa.com/	1969-12-31 23:59:59	Name: UsherpaLOUserRequest Value: {"IP":"84.19.175.165","Browser":"Chrome (109.0)","Platform":"Windows 10.","Device":"desktop","FormFactor":"Desktop","IsCrawler":false,"IsCookies":true,"IsJavaScript":true,"BrowserDimensions":"1600x1200","DeviceDimensions":"1600x1200"}
lo.usherpa.com/	1970-01-20 17:53:41	Name: ai_user Value: JlQwc\|2023-01-23T14:46:24.985Z
lo.usherpa.com/	1970-01-20 09:08:06	Name: ai_session Value: H3lcI\|1674485185088.7\|1674485185088.7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az416426.vo.msecnd.net
dc.services.visualstudio.com
emlink.usherpa.net
fonts.googleapis.com
fonts.gstatic.com
lo.usherpa.com
dc.services.visualstudio.com
13.66.38.99
13.69.106.215
167.89.115.120
2606:2800:133:206e:1315:22a5:2006:24fd
2a00:1450:4001:808::2003
2a00:1450:4001:810::200a
110f74a099a60dd2e7a2310a7d820934f09aba0b3e5ea5b0cf32f315450160b8
152382435e6ccd345713cf0882182e06eb1225984587aac106773552ecdb8461
3d8ef7ee2e28ce8a06b5606a6951c5c15be2ac02cd2410cfd4ec7a35f22df5d1
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
5cf33163c91ae603253f58b37fab3327b434db921594a8bfd52ff7bedeabc0a3
64111cee208d92f55c9e4ce32f310be952d43fcfd41fbaa78120c976b14deb1a
67171d59b57d2a4f862df1a6394b6dd17335b40d3a0d0ca315cf17418c1ec35d
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
97d876b0796d55e1a4d9dec67f958fd62674617e5417b92e4584c0397974e9d9
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
a084ab344bb838bfa8fc41ea8767df7073219ceff7be17fca12504cda8ed4350
c6e1cfb527537059d73352cb9f89169fccf9155d18448799b0202918544965f8
d2437ddf45aa84303d14cc4569941c1ae58e8accca92216349c1332794015c6f
f816bc9cb5691011ff71d42a2713de817c0ce5d060f883352300fe0842fa2f49

lo.usherpa.com Open in urlscan Pro 13.66.38.99 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

88 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

6 IPs

3 Countries

1520 kBTransfer

3399 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

6 Cookies

Indicators

lo.usherpa.com Open in urlscan Pro
13.66.38.99 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

88 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

1520 kB
Transfer

3399 kB
Size

6
Cookies

16 HTTP transactions
1 data transactions