utua.com Open in urlscan Pro
2606:4700:20::681a:d7c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://1ctr.io/track/c?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoiZW1haWwiLCJpZCI6IjkxZjIzNDc2LWRmY...
Effective URL:
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-em...
Submission: On November 22 via manual (November 22nd 2024, 7:45:39 pm UTC) from US — Scanned from DE

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 12 domains to perform 32 HTTP transactions. The main IP is 2606:4700:20::681a:d7c, located in United States and belongs to CLOUDFLARENET, US. The main domain is utua.com.
TLS certificate: Issued by E5 on October 28th 2024. Valid for: 3 months.

This is the only time utua.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:4573	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 10	2606:4700:20:... 2606:4700:20::681a:d7c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:451	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:480b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:32::35	15169 (GOOGLE) (GOOGLE)
32	13

1 2606:4700:20::ac43:4573 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

1ctr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:20::681a:d7c (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

utua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.cloneswordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:451 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.begrowth.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:480b (United States)

ASN13335 (CLOUDFLARENET, US)

location.begrowth.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::35 (United States)

ASN15169 (GOOGLE, US)

growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	utua.com 2 redirects utua.com	33 KB
5	google.com www.google.com — Cisco Umbrella Rank: 3 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 695	127 KB
4	cloneswordpress.com assets.cloneswordpress.com	13 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	201 KB
2	run.app growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app — Cisco Umbrella Rank: 663027	76 B
2	gstatic.com fonts.gstatic.com	61 KB
2	begrowth.com.br assets.begrowth.com.br — Cisco Umbrella Rank: 578149 location.begrowth.com.br — Cisco Umbrella Rank: 657848	20 KB
2	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218	185 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	7 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3353
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 617	7 KB
1	1ctr.io 1 redirects 1ctr.io — Cisco Umbrella Rank: 788918	989 B
32	12

	Domain	Requested by
10	utua.com	2 redirects utua.com static.cloudflareinsights.com
4	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
4	assets.cloneswordpress.com	utua.com
3	www.googletagmanager.com	utua.com www.googletagmanager.com
2	growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app	assets.begrowth.com.br
2	fonts.gstatic.com	fonts.googleapis.com utua.com
2	securepubads.g.doubleclick.net	utua.com securepubads.g.doubleclick.net
2	fonts.googleapis.com	utua.com
1	location.begrowth.com.br	assets.begrowth.com.br
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.com	www.googletagmanager.com
1	assets.begrowth.com.br	utua.com
1	static.cloudflareinsights.com	utua.com
1	1ctr.io	1 redirects
32	14

This site contains no links.

Subject Issuer	Validity	Valid
utua.com E5	`2024-10-28` - `2025-01-26`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
cloneswordpress.com WE1	`2024-11-11` - `2025-02-09`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-11-01` - `2025-01-30`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
begrowth.com.br WE1	`2024-10-29` - `2025-01-27`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.a.run.app WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
Frame ID: B9EB639D62B68EEE875616608F46597F
Requests: 30 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Futua.com
Frame ID: 3CC1AC6DBBB3D01D492D3C864BEED4BA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ervaar de voordelen van de ABN AMRO Creditcard | UTUA

Page URL History Show full URLs

https://1ctr.io/track/c?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoiZW1haWwiLCJpZ... HTTP 302
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_ca... Page URL
https://utua.com/cdn-cgi/phish-bypass?atok=Mx7.f0hPoS6o6PAT.S.A2986EQArHazd7wh.uLd2x7A-173230... HTTP 301
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_ca... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

32
Requests

97 %
HTTPS

100 %
IPv6

12
Domains

14
Subdomains

13
IPs

2
Countries

653 kB
Transfer

2190 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://1ctr.io/track/c?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoiZW1haWwiLCJpZCI6IjkxZjIzNDc2LWRmYzctNDY5Yi1iM2I0LTA1OGYwNGU5ZTRkZCIsIm5hbWUiOiJbTkxdIENDIC0gUDIgMDAiLCJvcmdhbml6YXRpb25JZCI6IjNiOTk5YWZjLWYzNjMtNDExYS1hMDMzLTdjNmJhNzI1OTQ3YiIsInByb2plY3RJZCI6ImNkMzg3NGQzLThhNjktNDlhNy1hYzlmLWE3ZDlmMDQ4NzJmNyIsInNlbnRUZW1wbGF0ZUlkIjoiMmVhNTE3NmEtZmYyNi00NzgyLThmNDEtYjRjMTViMDBlOWJlIiwic3ViSWQiOiI5MWYyMzQ3Ni1kZmM3LTQ2OWItYjNiNC0wNThmMDRlOWU0ZGQiLCJ0cmFja0lkIjoiNzhkNDY1MjYtYzk4OS00MzU3LWE2NzctZjNkZTFlOGZiMTllXzkxZjIzNDc2LWRmYzctNDY5Yi1iM2I0LTA1OGYwNGU5ZTRkZCIsInRyaWdnZXIiOiJsaXZlLWJlaGF2aW91ciIsInR5cGUiOiJjYW1wYWlnbiIsInVybCI6Imh0dHBzOi8vdXR1YS5jb20vbmwtY2MtYWJuLWFtcm8tY3JlZGl0LWNhcmQtcDEvP3V0bV9zb3VyY2U9b25lY29udHJvbFx1MDAyNnV0bV9tZWRpdW09ZW1haWxcdTAwMjZ1dG1fY2FtcGFpZ249bmwtdXR1YS1vYy1lbWFpbC1jY1x1MDAyNnV0bV9jb250ZW50PW5sLXV0dWEtb2MtZW1haWwtY2MtcDItYXF1aVx1MDAyNnV0bV90ZXJtPW5sLXV0dWEtb2MtZW1haWwtY2MtcDItYXF1aS0wMCIsInVzZXJJZCI6ImNkMzg3NGQzLThhNjktNDlhNy1hYzlmLWE3ZDlmMDQ4NzJmNy42Y2Q4NmUwZC05YjllLTRjYTMtYmE1Yy0wNjgzYTJkODc1MDgifQ.i5M5jtSMyug7w6zgWjV3n4Q_G3aEhbAq4sPdRcByXvs HTTP 302
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00 Page URL
https://utua.com/cdn-cgi/phish-bypass?atok=Mx7.f0hPoS6o6PAT.S.A2986EQArHazd7wh.uLd2x7A-1732304731-0.0.1.1-%2Fnl-cc-abn-amro-credit-card-p1%2F%3Futm_source%3Donecontrol%26utm_medium%3Demail%26utm_campaign%3Dnl-utua-oc-email-cc%26utm_content%3Dnl-utua-oc-email-cc-p2-aqui%26utm_term%3Dnl-utua-oc-email-cc-p2-aqui-00 HTTP 301
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://1ctr.io/track/c?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoiZW1haWwiLCJpZCI6IjkxZjIzNDc2LWRmYzctNDY5Yi1iM2I0LTA1OGYwNGU5ZTRkZCIsIm5hbWUiOiJbTkxdIENDIC0gUDIgMDAiLCJvcmdhbml6YXRpb25JZCI6IjNiOTk5YWZjLWYzNjMtNDExYS1hMDMzLTdjNmJhNzI1OTQ3YiIsInByb2plY3RJZCI6ImNkMzg3NGQzLThhNjktNDlhNy1hYzlmLWE3ZDlmMDQ4NzJmNyIsInNlbnRUZW1wbGF0ZUlkIjoiMmVhNTE3NmEtZmYyNi00NzgyLThmNDEtYjRjMTViMDBlOWJlIiwic3ViSWQiOiI5MWYyMzQ3Ni1kZmM3LTQ2OWItYjNiNC0wNThmMDRlOWU0ZGQiLCJ0cmFja0lkIjoiNzhkNDY1MjYtYzk4OS00MzU3LWE2NzctZjNkZTFlOGZiMTllXzkxZjIzNDc2LWRmYzctNDY5Yi1iM2I0LTA1OGYwNGU5ZTRkZCIsInRyaWdnZXIiOiJsaXZlLWJlaGF2aW91ciIsInR5cGUiOiJjYW1wYWlnbiIsInVybCI6Imh0dHBzOi8vdXR1YS5jb20vbmwtY2MtYWJuLWFtcm8tY3JlZGl0LWNhcmQtcDEvP3V0bV9zb3VyY2U9b25lY29udHJvbFx1MDAyNnV0bV9tZWRpdW09ZW1haWxcdTAwMjZ1dG1fY2FtcGFpZ249bmwtdXR1YS1vYy1lbWFpbC1jY1x1MDAyNnV0bV9jb250ZW50PW5sLXV0dWEtb2MtZW1haWwtY2MtcDItYXF1aVx1MDAyNnV0bV90ZXJtPW5sLXV0dWEtb2MtZW1haWwtY2MtcDItYXF1aS0wMCIsInVzZXJJZCI6ImNkMzg3NGQzLThhNjktNDlhNy1hYzlmLWE3ZDlmMDQ4NzJmNy42Y2Q4NmUwZC05YjllLTRjYTMtYmE1Yy0wNjgzYTJkODc1MDgifQ.i5M5jtSMyug7w6zgWjV3n4Q_G3aEhbAq4sPdRcByXvs HTTP 302
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Request Chain 3

https://utua.com/favicon.ico HTTP 302
https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/cropped-a5c666ac-favicon2-32x32.webp

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

403

/ Show response
utua.com/nl-cc-abn-amro-credit-card-p1/
Redirect Chain

https://1ctr.io/track/c?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoiZW1haWwiLCJpZCI6IjkxZjIzNDc2LWRmYzctNDY5Yi1iM2I0LTA1OGYwNGU5ZTRkZCIsIm5hbWUiOiJbTkxdIENDIC0gUDIgMDAiLCJvcmdhbml6YXRpb2...
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

5 KB
2 KB

65ms
12ms

Document
text/html

2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3abcca4835f4b62081c03f3a26d2e357c486bc8e04018f5d2020a7bc160b384

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 8e6b6b990ea9dcac-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 22 Nov 2024 19:45:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c9fqdx%2BhJvhSEIRH7qBZj0CrgQmWpwCRUfu%2BtFpHmvSLxx480PLHVC8iy3aSVOLAnOpX5GRtLEv88MamPSy8tW6B4R4GREROhk80RcgE8KT78fURhS0GhCN9h0FnbRuG9zh2qS5Y"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8e6b6b97b942d296-FRA
content-type: text/html; charset=utf-8
date: Fri, 22 Nov 2024 19:45:30 GMT
location: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zBzsdXG%2BGfuKIM3zAIZvvkJVtdn14hDHzmJxsFoObdbvZCChoRtyVNNGUnC%2B5H7XpcblqzXdEZopzxRgQYpY7Zq8hRDxYYriWSAmn%2B8Sg7CeK1DmmBiSl%2FiY4psqPQx0XHOBuqg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=5973&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3932&recv_bytes=3242&delivery_rate=673200&cwnd=253&unsent_bytes=0&cid=3fd7b38eba91efe9&ts=159&x=0"
via: 1.1 google

GET
H3 200 cf.errors.css
utua.com/cdn-cgi/styles/ 23 KB
5 KB 10ms
9ms Stylesheet
text/css 2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://utua.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: utua.com
URL: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"673dd3b7-5df3"
x-content-type-options: nosniff
cf-ray: 8e6b6b992f22dcac-FRA
expires: Fri, 22 Nov 2024 21:45:31 GMT
date: Fri, 22 Nov 2024 19:45:31 GMT
content-type: text/css
last-modified: Wed, 20 Nov 2024 12:19:03 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
utua.com/cdn-cgi/images/ 452 B
635 B 10ms
10ms Image
image/png 2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://utua.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: utua.com
URL: https://utua.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "673dd3b7-1c4"
x-content-type-options: nosniff
cf-ray: 8e6b6b994f76dcac-FRA
expires: Fri, 22 Nov 2024 21:45:31 GMT
accept-ranges: bytes
content-length: 452
date: Fri, 22 Nov 2024 19:45:31 GMT
content-type: image/png
last-modified: Wed, 20 Nov 2024 12:19:03 GMT
server: cloudflare
x-frame-options: DENY

GET
H2

200

cropped-a5c666ac-favicon2-32x32.webp
assets.cloneswordpress.com/sites/utua.com/img/2024/07/
Redirect Chain

https://utua.com/favicon.ico
https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/cropped-a5c666ac-favicon2-32x32.webp

770 B
2 KB

103ms
24ms

Other
image/webp

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/cropped-a5c666ac-favicon2-32x32.webp
Protocol: H2
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0facc4f07ca5ea04bc408298fdf80edff632d66b60d08cd5d318cb28a28240a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

x-goog-metageneration: 2
x-goog-hash: crc32c=aX0xDg==, md5=RuKhJtJ0xIgg+BYneKjMVw==
cf-cache-status: HIT
etag: "46e2a126d274c48820f8162778a8cc57"
age: 30644
x-goog-meta-file-hash: d41d8cd98f00b204e9800998ecf8427e
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0Dv5BgUvbvYSjtuTh1QTIym4zoNvEE0ZkF%2BBxHj9AQR8SVvKV5%2BmYOPjPL0ZA1u9djzEhuLbwjmCwws1R%2BDfWBaXvUlDdE9Mk2OVu8YTvji3ulHa1vXXlp3PKXIlxgdjNKBbXr1yn8%2BO18E23L1hVydzj3S5DmACw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
x-goog-meta-height: 32
x-goog-meta-size: site_icon-32
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 770
server-timing: cfL4;desc="?proto=TCP&rtt=6078&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3993&recv_bytes=2307&delivery_rate=656775&cwnd=253&unsent_bytes=0&cid=6cf2ea0b62a6853c&ts=71&x=0"
date: Fri, 22 Nov 2024 19:45:31 GMT
content-type: image/webp
last-modified: Tue, 09 Jul 2024 22:16:18 GMT
vary: Origin, Accept-Encoding
x-guploader-uploadid: AD-8ljv-7p0lLKyaiFQEqdWMFRDNBRpaz8HxjA2PkDTcVJXqHB2bpa7xTs1XVQ_4UeJzwWRZWWG8pBoojg
x-goog-meta-child-of: 46
cache-control: public, max-age=7200, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: STANDARD
x-goog-meta-width: 32
via: 1.1 google
cf-ray: 8e6b6b9cdd31d350-FRA
accept-ranges: bytes
x-goog-generation: 1720563378328822
content-length: 770
server: cloudflare

Redirect headers

cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jvc3Egmqlwl3FF70z8mvseD%2Fob2bQa2BbCdzPfzCtV8ICfod%2FDM9B1qw5Z5kbYhnyPLQDn9X0KP5xCOCNBlOlCCIoYXVHo38jB360gXhBou6QH6msH8mvBYmQXMMaIosGY2aSlme"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6852&sent=23&recv=16&lost=0&retrans=0&sent_bytes=12172&recv_bytes=5957&delivery_rate=20320&cwnd=12000&unsent_bytes=0&cid=ddc77d1aae93a2a2&ts=535&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 22 Nov 2024 19:45:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cloud-trace-context: 41bd6bf2563c4ff5c03f7d33ea4f6994
priority: u=1,i
x-redirect-by: WordPress
link: <https://utua.com/wp-json/>; rel="https://api.w.org/"
cache-control: max-age=300
location: https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/cropped-a5c666ac-favicon2-32x32.webp
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
cf-ray: 8e6b6b997ffddcac-FRA
content-length: 0
x-powered-by: PHP/8.2.26
server: cloudflare

GET
H3

200

Primary Request / Show response
utua.com/nl-cc-abn-amro-credit-card-p1/
Redirect Chain

https://utua.com/cdn-cgi/phish-bypass?atok=Mx7.f0hPoS6o6PAT.S.A2986EQArHazd7wh.uLd2x7A-1732304731-0.0.1.1-%2Fnl-cc-abn-amro-credit-card-p1%2F%3Futm_source%3Donecontrol%26utm_medium%3Demail%26utm_ca...
https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

53 KB
14 KB

25ms
24ms

Document
text/html

2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.2.26

Resource Hash

853fed70609a5b590a87635446e4827610c4f3e698c365aada178a6789a0cfff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 14660
alt-svc: h3=":443"; ma=86400
cache-control: max-age=7200
cf-cache-status: HIT
cf-ray: 8e6b6bafdbe0dcac-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 22 Nov 2024 19:45:34 GMT
last-modified: Fri, 22 Nov 2024 15:41:14 GMT
link: <https://utua.com/wp-json/>; rel="https://api.w.org/" <https://utua.com/wp-json/wp/v2/posts/292>; rel="alternate"; type="application/json" <https://utua.com/?p=292>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmMKuXJ0kdcT%2BLHwyilfn%2Bb79NCKsuLhScB3Qzdrvb%2FvMmIsGz5g9oa7ww1lLIk5%2Bx9shhIX78uz1j7rVvaxs8CxZ6ltVwlZi0u%2BkIAMj73wak9MyN2yobPMjho3thOvGucvWDvO"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfCacheStatus;desc="HIT" cfL4;desc="?proto=QUIC&rtt=7239&sent=28&recv=20&lost=0&retrans=0&sent_bytes=13801&recv_bytes=7613&delivery_rate=61594&cwnd=12000&unsent_bytes=0&cid=ddc77d1aae93a2a2&ts=3682&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
via: 1.1 google
x-cloud-trace-context: a80a45f1df743e28633bca441b40076d
x-content-type-options: nosniff
x-powered-by: PHP/8.2.26

Redirect headers

cache-control: private, no-cache
cf-ray: 8e6b6bafcbb4dcac-FRA
content-length: 167
content-type: text/html
date: Fri, 22 Nov 2024 19:45:34 GMT
location: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 css2
fonts.googleapis.com/ 905 B
884 B 42ms
18ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9dd5e3656c0a0622e7eee8b077f2f20376e75314924af32e612092dd9b91a4d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 22 Nov 2024 19:45:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 22 Nov 2024 18:22:18 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 107 KB
33 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fd05391669f54ad9e839d447b72348a1a0bd9c95578e88e48a9873140fb4d61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: br
etag: 759 / 20049 / m202411180101 / config-hash: 79477889192541496
x-content-type-options: nosniff
expires: Fri, 22 Nov 2024 19:45:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33348
x-xss-protection: 0
server: cafe

GET
H3 200 classic-themes.min.css
utua.com/wp-includes/css/ 291 B
962 B 19ms
18ms Stylesheet
text/css 2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://utua.com/wp-includes/css/classic-themes.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "123-6277a1cec3740-gzip"
age: 42981
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TjYZSvuAySzAe3c4r0GH%2Bz3F0igMp9ZzHTAFPsu3%2FygH02QAl50zyreIp5HwZxhQft67CAUQcyF7zBP4cKxor%2F0gpRefJwVFjAf94vDO9ysbFp8A42tTEAIPt1x9a7xCEvC3hKA6"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6607&sent=42&recv=29&lost=0&retrans=0&sent_bytes=28318&recv_bytes=9190&delivery_rate=152279&cwnd=22800&unsent_bytes=0&cid=ddc77d1aae93a2a2&ts=3705&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 06:01:25 GMT
vary: Accept-Encoding
x-cloud-trace-context: b98bdd1892805dafbeb07868085ca072
priority: u=0,i=?0
cache-control: max-age=300
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
cf-ray: 8e6b6bb00c74dcac-FRA
accept-ranges: bytes
content-length: 210
server: cloudflare

GET
H3 200 style.post.css
utua.com/wp-content/themes/clean-n-beauty-theme/css/ 30 KB
7 KB 19ms
18ms Stylesheet
text/css 2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://utua.com/wp-content/themes/clean-n-beauty-theme/css/style.post.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a585f06c1c94fe43d7f49e66e34a475ddd3248b2a021280b5804db5d186db1a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "7763-6277a1cec3740-gzip"
age: 42981
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BlnPjvuHnsNcKs97MfPsMq0ml7xfVpycVmGrO%2FSoco8UQjDu4c25xPSjcBRZn%2B9GyGnx11%2FlIIpFMo1JW7HNMVGY%2BknkoPwpDTZncRjv8dR%2Fob8qZ4KmZluCkCY%2BbO5wKuGJl5L3"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6607&sent=43&recv=29&lost=0&retrans=0&sent_bytes=29303&recv_bytes=9190&delivery_rate=152279&cwnd=22800&unsent_bytes=0&cid=ddc77d1aae93a2a2&ts=3706&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 06:01:25 GMT
vary: Accept-Encoding
x-cloud-trace-context: 32866f9f5be93eff9ff2a2b666484b69
priority: u=0,i=?0
cache-control: max-age=300
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
cf-ray: 8e6b6bb00c77dcac-FRA
accept-ranges: bytes
content-length: 6631
server: cloudflare

GET
H2 200 ABN-AMRO-Credit-Card.jpg
assets.cloneswordpress.com/sites/utua.com/img/2024/07/ 7 KB
8 KB 17ms
16ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/ABN-AMRO-Credit-Card.jpg
Requested by: Host: utua.com
URL: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b1384257bc03aac9247eb8f79dc1948cc75147371a4b48366cf31c5a410f28

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

x-goog-metageneration: 2
x-goog-hash: crc32c=HTZJFQ==, md5=AmA2eZB7k7MXkCG4kkeoIA==
cf-cache-status: HIT
etag: "02603679907b93b3179021b89247a820"
age: 444
x-goog-meta-file-hash: d41d8cd98f00b204e9800998ecf8427e
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liwrRncl4bDPgm36jKVMba%2BdEg3x6V%2F7j8rHZ%2BmdJhX32Pm5RuiAKT0P0Rz%2Bl5J1aPOXp8fz7lWOwa97PgqI9LlFcSSq%2FNLzCDpP99NHQFaaHIs07Tqls4SR%2BIG8LE046EkoCGrAXDoSl1DVb3Yg8M6dpIHRGajIXA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
x-goog-meta-height: 180
x-goog-meta-size: __full
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 7131
server-timing: cfL4;desc="?proto=TCP&rtt=6075&sent=10&recv=15&lost=0&retrans=0&sent_bytes=5914&recv_bytes=2482&delivery_rate=656775&cwnd=255&unsent_bytes=0&cid=6cf2ea0b62a6853c&ts=3137&x=0"
date: Fri, 22 Nov 2024 19:45:34 GMT
x-goog-meta-source-id: dc0d2b73d21f15ae811489e6d0d42bac
content-type: image/jpeg
last-modified: Thu, 18 Jul 2024 20:52:22 GMT
x-goog-meta-object-id: 293
vary: Origin, Accept-Encoding
x-guploader-uploadid: AHmUCY2iP02et1mv-x-0yceHO1VvmTVBah9BLfNC9ZPeiZ0ON6sg7PVTdG2_J44ZThjD7PjjKwg
cache-control: public, max-age=7200, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: STANDARD
x-goog-meta-width: 281
via: 1.1 google
cf-ray: 8e6b6bb00df2d350-FRA
accept-ranges: bytes
x-goog-generation: 1721335942809650
content-length: 7131
server: cloudflare

GET
H2 200 logo_utua.svg
assets.cloneswordpress.com/sites/utua.com/img/2024/07/ 4 KB
2 KB 20ms
19ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/logo_utua.svg
Requested by: Host: utua.com
URL: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec73a3da5d0a8cdcf07531fe91716f7d1cd3e3718f678d08526ab34a73151f08

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

x-goog-metageneration: 2
x-goog-hash: crc32c=bsDY7w==, md5=n4+yYX8bs7UsIN325NS4iw==
cf-cache-status: HIT
age: 26303
x-goog-meta-file-hash: 4c58fbb3fe77acb95b41aff2e24ee66a
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5LYK%2Bvt%2FngU5zeDXW81EulL9ha99iMpEt%2B8VR1VPekSiUASzu%2FYtCV%2FpRdKoolBCVfl6al9XJ0aSHkg9QeWNiYp269AXRyfj1DHeVRKIWVGhvz648mxhpkdYw3sIx%2B6NpU1%2BcmoiAY%2FUEIbiAarh0JKeBUno%2FPJKnA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
x-goog-meta-size: __full
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 4063
server-timing: cfL4;desc="?proto=TCP&rtt=6075&sent=22&recv=15&lost=0&retrans=0&sent_bytes=13955&recv_bytes=2482&delivery_rate=656775&cwnd=255&unsent_bytes=0&cid=6cf2ea0b62a6853c&ts=3139&x=0"
date: Fri, 22 Nov 2024 19:45:34 GMT
x-goog-meta-source-id: 8503df102050390bbf4822ae14df7b8d
content-type: image/svg+xml
vary: Origin, Accept-Encoding
x-goog-meta-object-id: 7
last-modified: Tue, 09 Jul 2024 20:51:25 GMT
x-guploader-uploadid: AHmUCY3m7I9ok741-dZdCpRrDSCUSox4YkxeXkziH2nquWetWSgl2MZPB2mheMxjca0d3gsIYg
cache-control: public, max-age=7200, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: STANDARD
via: 1.1 google
cf-ray: 8e6b6bb00df0d350-FRA
x-goog-generation: 1720558285948813
server: cloudflare

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 36ms
18ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: utua.com
URL: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://utua.com
Referer: https://utua.com/

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 8e6b6bb04d72d386-FRA
access-control-allow-origin: *
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 304 KB
102 KB 58ms
32ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5PW5333V

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a3374666e26b92f4c3bcfeac3c3d15b0ed794e8ff961200c4d3fc9c0d27f172

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 22 Nov 2024 19:45:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 22 Nov 2024 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 103836
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 growthcontrol-lite-ltv.build.js Show response
assets.begrowth.com.br/growthcontrol/ 72 KB
19 KB 422ms
22ms Script
text/javascript 2606:4700:20::681a:451
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Requested by: Host: utua.com
URL: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 598a4c74199f7a21b803ea99b45d3e8b566f81f8d1f68778976a6a8492020fcb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=9rO1/w==, md5=3KcnjJsqygVl1ti4aWE55Q==
cf-cache-status: HIT
etag: W/"dca7278c9b2aca0565d6d8b8696139e5"
age: 1713
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SLh3giO8Z48FunH%2FfEqd5oTCb04m2IkHKmxXNNbTRBezfPdy2Mfizu0J8RV9c%2FkLcR2N1YvNC4C33OeF%2F5DyCMgOosHzZo32PGR%2BWTr4J9Xb%2FyX7EG74E2YkHpJF1SJiccNvcPcfZbXK0vgT7AyTUHlxazM%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
expires: Fri, 22 Nov 2024 19:18:02 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=5836&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3997&recv_bytes=2197&delivery_rate=680560&cwnd=253&unsent_bytes=0&cid=dfd4259a73220fd1&ts=30&x=0"
x-goog-stored-content-length: 74073
date: Fri, 22 Nov 2024 19:45:35 GMT
content-type: text/javascript
last-modified: Wed, 02 Oct 2024 18:19:22 GMT
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY1V-Q2R0olCBpBz7T7KyyXTUbPzuP8NhzrinxncTd3_KoMMJbvhPvIVgNxTdLVNjeuVA425HgHdIg
cache-control: public, max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: STANDARD
cf-ray: 8e6b6bb2b8271979-FRA
access-control-allow-origin: *
x-goog-generation: 1727893162762864
server: cloudflare

GET
H3 200 spritesheet.png
utua.com/wp-content/themes/clean-n-beauty-theme/images/ 1 KB
2 KB 16ms
16ms Image
image/webp 2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://utua.com/wp-content/themes/clean-n-beauty-theme/images/spritesheet.png

Requested by

Host: utua.com
URL: https://utua.com/wp-content/themes/clean-n-beauty-theme/css/style.post.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

729fdd056968891a9b7a1eb8fa6365f58a7da10fd953e837feec3bea6501b585

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/wp-content/themes/clean-n-beauty-theme/css/style.post.css

Response headers

cf-bgj: imgq:85,h2pri
etag: "def-6277a1cec3740"
age: 42981
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7D0v1LH3NGMCg5cq5jquamY8y9BByqtlJHqrDhY6Dz68Dxacwwgw52jnp%2BHM0RaDtqgFCw%2BYrH%2BLdSxSl1atNNuYDDGLXmeIR5zKAUyW49IC1gCzMWlniqo4wTrHsUFmXzd5HWIx"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=3567
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6836&sent=51&recv=34&lost=0&retrans=0&sent_bytes=36886&recv_bytes=9950&delivery_rate=533686&cwnd=22800&unsent_bytes=0&cid=ddc77d1aae93a2a2&ts=3735&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 22 Nov 2024 19:45:34 GMT
x-cloud-trace-context: 6532943fc436918aa91cd38180939c08
content-type: image/webp
vary: Accept
content-disposition: inline; filename="spritesheet.webp"
priority: u=3,i
last-modified: Fri, 22 Nov 2024 06:01:25 GMT
cache-control: max-age=300
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
cf-ray: 8e6b6bb03d06dcac-FRA
accept-ranges: bytes
content-length: 1366
server: cloudflare

GET
H3 200 rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32.woff2
fonts.gstatic.com/s/dmsans/v15/ 14 KB
14 KB 22ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v15/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a71e519e44faaa2a518544f31c899590cd80076d09814d015b69e64dd9202128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://utua.com
Referer: https://fonts.googleapis.com/

Response headers

age: 352139
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 17:56:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 17:56:35 GMT
last-modified: Thu, 21 Mar 2024 23:59:13 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14116
x-xss-protection: 0
server: sffe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/ 492 KB
152 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: br
etag: 1421939719645060458
age: 20127
x-content-type-options: nosniff
expires: Sat, 22 Nov 2025 14:10:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 22 Nov 2024 14:10:07 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155913
x-xss-protection: 0
server: cafe

POST
H3 200 collect
www.google.com/ccm/ 0
0 38ms
22ms Ping
text/plain 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dr=utua.com&dl=https%3A%2F%2Futua.com%2Fnl-cc-abn-amro-credit-card-p1%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=2039449460.1732304735&auid=703345124.1732304735&npa=1&gtm=45He4bk0v9191604198za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732304734853&tfd=176&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5PW5333V
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
99 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TH9PJVB4CX&l=dataLayer&cx=c&gtm=45He4bk0v9191604198za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5PW5333V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a85e3a7c3b4c6886151cfaf5bea4d3b399f5094890b9582b56e3bf8146e39c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 22 Nov 2024 19:45:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 101142
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 21862753527 Show response
fundingchoicesmessages.google.com/i/ 196 KB
65 KB 55ms
33ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/21862753527?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6a727b4409d576093515d71396a2b859dbdc008c6f7b0cf39aa2a00353ae2d72

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-yFsQdTY48GtG9g8bN_vbVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmLw0ZBiOHHrNtMFIJb4-pJJDYid0mewBgBx681zrJOB2GjteVYHIE76d561AIgNFS6x2gOxY9ElVk8gVu25xGoMxPfXXWJ9DsQzzl9mXQDERRJXWBuA-HbTFdbHQMzw9QorBxAL8XDc29e8i01gwrJ3O5iVNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTAwNDS31DAzjCwwAvbZKdw"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-yFsQdTY48GtG9g8bN_vbVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame 3CC1 0
0 24ms
6ms Document
text/html 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Futua.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5PW5333V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 255922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Nov 2024 20:40:12 GMT
expires: Wed, 19 Nov 2025 20:40:12 GMT
last-modified: Tue, 19 Nov 2024 10:38:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 48ms
15ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-TH9PJVB4CX&gtm=45je4bk0v9191609247z89191604198za200zb9191604198&_p=1732304734748&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1252201226.1732304735&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732304734&sct=1&seg=0&dl=https%3A%2F%2Futua.com%2Fnl-cc-abn-amro-credit-card-p1%2F%3Futm_source%3Donecontrol%26utm_medium%3Demail%26utm_campaign%3Dnl-utua-oc-email-cc%26utm_content%3Dnl-utua-oc-email-cc-p2-aqui%26utm_term%3Dnl-utua-oc-email-cc-p2-aqui-00&dr=https%3A%2F%2Futua.com%2Fnl-cc-abn-amro-credit-card-p1%2F%3Futm_source%3Donecontrol%26utm_medium%3Demail%26utm_campaign%3Dnl-utua-oc-email-cc%26utm_content%3Dnl-utua-oc-email-cc-p2-aqui%26utm_term%3Dnl-utua-oc-email-cc-p2-aqui-00&dt=Ervaar%20de%20voordelen%20van%20de%20ABN%20AMRO%20Creditcard%20%7C%20UTUA&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=252
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TH9PJVB4CX&l=dataLayer&cx=c&gtm=45He4bk0v9191604198za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://utua.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:34 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 AGSKWxXlpkTjz-gqpmCgSNX5buXhctkAqxloRbzU9GrviA6eHzgUW82KSi5WVuitkDaRxjFPNkWWekxD98mIjzkt-dchUuRGYI_mlwkww2r3l9cQMa3ELT_GKOweC9uiMiWaEsdVcPJmkw== Show response
fundingchoicesmessages.google.com/f/ 412 KB
62 KB 53ms
53ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXlpkTjz-gqpmCgSNX5buXhctkAqxloRbzU9GrviA6eHzgUW82KSi5WVuitkDaRxjFPNkWWekxD98mIjzkt-dchUuRGYI_mlwkww2r3l9cQMa3ELT_GKOweC9uiMiWaEsdVcPJmkw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMyMzA0NzM0LDk3MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly91dHVhLmNvbS9ubC1jYy1hYm4tYW1yby1jcmVkaXQtY2FyZC1wMS8iLG51bGwsW1s4LCI5ejVrZGR0S2ZVbyJdLFs5LCJkZSJdLFsxOSwiMSJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.9z5kddtKfUo.es5.O/am=DgY/d=1/rs=AJlcJMzkBJsxAS-0H2Lb7ZgEnnlVKdGwnA/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f2b38dff298d279949941465d09c466e27473eea1479e76463f40902803dfa5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-XU9lSq2d7qpVEOBm0XS10g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:35 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw15BikPj6kkkNiJ3SZ7AGAHHrzXOsk4HYaO15VgcgTvp3nrUAiA0VLrHaA7Fj0SVWTyBW7bnEagzE99ddYn0OxDPOX2ZdAMRFEldYG4D4dtMV1sdAzPD1CisHEAtxc9zf17yLTaDh_BJ2JY2k_ML45Py8kqLMpNKS_KK05LTU4tSistSieCMDIxNDQ0NLPQPD-AIDABTVRIc"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-XU9lSq2d7qpVEOBm0XS10g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 114 KB
6 KB 22ms
21ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.9z5kddtKfUo.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMwoTkmuAYzSfsxE5qTRUdN2LGVksA/m=web_iab_tcf_v2_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41fd5a9efea51b6c6345afd1c34a99c4ad7f2f0407171bdf4de08e10a050355f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 22 Nov 2024 19:45:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:35 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 22 Nov 2024 19:45:35 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://utua.com
Referer: https://utua.com/

Response headers

age: 253645
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 19 Nov 2025 21:18:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 21:18:10 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

POST
H3 204 AGSKWxVMhTASAeZa_9L0fhiPzEePHfTUUwOLWsq_t305n157OlfW_9U3-0EmwoHl_piR2LTEYdQaBilgDa08sXvkALatxFZaHIUDym73iBtd_Jt-rBbjiCCgomshCUVPphxNBaiTLU1M8Q== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
21ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVMhTASAeZa_9L0fhiPzEePHfTUUwOLWsq_t305n157OlfW_9U3-0EmwoHl_piR2LTEYdQaBilgDa08sXvkALatxFZaHIUDym73iBtd_Jt-rBbjiCCgomshCUVPphxNBaiTLU1M8Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-evzAncN36Ezjx0fiENgC0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://utua.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:35 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0ZBicEqfwRoCxAxfr7ByALEQN8f9fc272AR-HD9kqOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDA0NLfUMTOMLDAAJvyYn"
content-security-policy: script-src 'report-sample' 'nonce-evzAncN36Ezjx0fiENgC0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://utua.com
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxVMhTASAeZa_9L0fhiPzEePHfTUUwOLWsq_t305n157OlfW_9U3-0EmwoHl_piR2LTEYdQaBilgDa08sXvkALatxFZaHIUDym73iBtd_Jt-rBbjiCCgomshCUVPphxNBaiTLU1M8Q== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 36ms
21ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVMhTASAeZa_9L0fhiPzEePHfTUUwOLWsq_t305n157OlfW_9U3-0EmwoHl_piR2LTEYdQaBilgDa08sXvkALatxFZaHIUDym73iBtd_Jt-rBbjiCCgomshCUVPphxNBaiTLU1M8Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-I9Ux_zyyn-ItwqDLSBRxAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://utua.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 Nov 2024 19:45:35 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII1JBicEqfwRoCxAxfr7ByALEQN8f9fc272AQu3PxhqOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDA0NLfUMTOMLDAAUhCZM"
content-security-policy: script-src 'report-sample' 'nonce-I9Ux_zyyn-ItwqDLSBRxAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://utua.com
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 / Show response
location.begrowth.com.br/ 179 B
735 B 247ms
25ms Fetch
application/json 2606:4700:20::ac43:480b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://location.begrowth.com.br/
Requested by: Host: assets.begrowth.com.br
URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:480b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a4103d605654affe513d99d1754f9b3c7cae058370f2b1b3813fcb278823b2b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2BQA8G%2FGB6bqfzmVnWHHo9YqYkGQJDEuUeMBoaIkxtbu%2B2gNSWhouxOontlGv0VzFBNaSVrBT5%2F0a0qnpMvLDfZ4ZQwTIY3RR8U6yVHSRl3e5aQqpXe8RYxyw8s2XXhr6plnALIe89mzs%2Fk9DJ%2BDDWulwy1VcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET,POST
cf-ray: 8e6b6bb45c559208-FRA
access-control-allow-origin: *
server-timing: cfL4;desc="?proto=TCP&rtt=6046&sent=6&recv=11&lost=0&retrans=0&sent_bytes=4019&recv_bytes=2262&delivery_rate=649494&cwnd=253&unsent_bytes=0&cid=9ff2a5ab77341020&ts=32&x=0"
date: Fri, 22 Nov 2024 19:45:35 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare

POST
H3 204 rum Show response
utua.com/cdn-cgi/ 0
136 B 13ms
12ms XHR
text/plain 2606:4700:20::681a:d7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://utua.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d7c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
x-content-type-options: nosniff
cf-ray: 8e6b6bb2fcc6dcac-FRA
access-control-allow-origin: https://utua.com
date: Fri, 22 Nov 2024 19:45:35 GMT
vary: Origin
server: cloudflare
x-frame-options: DENY

GET
H2 200 cropped-a5c666ac-favicon2-32x32.webp
assets.cloneswordpress.com/sites/utua.com/img/2024/07/ 770 B
1 KB 29ms
29ms Other
image/webp 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.cloneswordpress.com/sites/utua.com/img/2024/07/cropped-a5c666ac-favicon2-32x32.webp
Protocol: H2
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0facc4f07ca5ea04bc408298fdf80edff632d66b60d08cd5d318cb28a28240a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://utua.com/

Response headers

x-goog-metageneration: 2
x-goog-hash: crc32c=aX0xDg==, md5=RuKhJtJ0xIgg+BYneKjMVw==
cf-cache-status: HIT
etag: "46e2a126d274c48820f8162778a8cc57"
age: 30648
x-goog-meta-file-hash: d41d8cd98f00b204e9800998ecf8427e
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQUj1msXgJ%2FzCIIJdfO9%2B20j0UAUoY%2F7KlfhkzmUNb1CfqGCZ8JBJp7tgyVrKSS8zSzycIvetZeIkMc7Je5uWjKCHBJ4I4mxYJJIEy%2Ff4xmDWniu4ymunNcoKtQ3vn4Yem7K9Uv9D6jNn8luRogdomiz0BeTIVSYiw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
x-goog-meta-height: 32
x-goog-meta-size: site_icon-32
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 770
server-timing: cfL4;desc="?proto=QUIC&rtt=6625&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4298&recv_bytes=4528&delivery_rate=885&cwnd=12000&unsent_bytes=0&cid=fc5bb48d16cd71da&ts=496&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 22 Nov 2024 19:45:35 GMT
last-modified: Tue, 09 Jul 2024 22:16:18 GMT
vary: Origin, Accept-Encoding
priority: u=1,i
x-guploader-uploadid: AD-8ljv-7p0lLKyaiFQEqdWMFRDNBRpaz8HxjA2PkDTcVJXqHB2bpa7xTs1XVQ_4UeJzwWRZWWG8pBoojg
x-goog-meta-child-of: 46
content-type: image/webp
cache-control: public, max-age=7200, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: STANDARD
x-goog-meta-width: 32
via: 1.1 google
cf-ray: 8e6b6bb30f43972c-FRA
accept-ranges: bytes
x-goog-generation: 1720563378328822
content-length: 770
server: cloudflare

OPTIONS
H2 200 /
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/ Frame 0
0 481ms
414ms Preflight
text/html 2001:4860:4802:32::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://utua.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 22 Nov 2024 19:45:35 GMT
server: Google Frontend
x-cloud-trace-context: ff0dd5793bd2e0b76e0000936e7d75b6

POST
H2 200 / Show response
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/ 0
76 B 282ms
280ms XHR
text/html 2001:4860:4802:32::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/
Requested by: Host: assets.begrowth.com.br
URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: https://utua.com/

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 22 Nov 2024 19:45:36 GMT
x-cloud-trace-context: 99c043253f6914efb45ff602350feda9
content-type: text/html
server: Google Frontend
access-control-allow-headers: Content-Type

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.utua.com/	1970-01-21 01:13:11	Name: __cf_mw_byp Value: Mx7.f0hPoS6o6PAT.S.A2986EQArHazd7wh.uLd2x7A-1732304731-0.0.1.1-/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00
.utua.com/	1970-01-21 03:21:20	Name: _gcl_au Value: 1.1.703345124.1732304735
.utua.com/	1970-01-21 10:47:44	Name: _ga_TH9PJVB4CX Value: GS1.1.1732304734.1.0.1732304734.0.0.0
.utua.com/	1970-01-21 10:47:44	Name: _ga Value: GA1.1.1252201226.1732304735
.utua.com/	1970-01-21 08:23:44	Name: bg_anonymousId Value: 01ec0b80-8656-4e1a-a268-68e26aa1258f
.utua.com/	1970-01-21 01:13:11	Name: bg_location Value: %7B%22location%22%3A%7B%22country%22%3A%22DE%22%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22continent%22%3A%22EU%22%2C%22region%22%3A%22Hesse%22%2C%22regionCode%22%3A%22HE%22%2C%22timezone%22%3A%22Europe%2FBerlin%22%2C%22latitude%22%3A%2250.10490%22%2C%22longitude%22%3A%228.62950%22%7D%7D
.utua.com/	1970-01-21 01:11:46	Name: bg_sessionId Value: da908323-bb0f-4d28-8714-6b60678a84a8

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://utua.com/nl-cc-abn-amro-credit-card-p1/?utm_source=onecontrol&utm_medium=email&utm_campaign=nl-utua-oc-email-cc&utm_content=nl-utua-oc-email-cc-p2-aqui&utm_term=nl-utua-oc-email-cc-p2-aqui-00 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ctr.io
assets.begrowth.com.br
assets.cloneswordpress.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app
location.begrowth.com.br
region1.google-analytics.com
securepubads.g.doubleclick.net
static.cloudflareinsights.com
utua.com
www.google.com
www.googletagmanager.com
2001:4860:4802:32::35
2001:4860:4802:32::36
2606:4700:20::681a:451
2606:4700:20::681a:d7c
2606:4700:20::ac43:4573
2606:4700:20::ac43:480b
2606:4700::6810:5049
2a00:1450:4001:800::200a
2a00:1450:4001:801::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2008
2a06:98c1:3121::3
0facc4f07ca5ea04bc408298fdf80edff632d66b60d08cd5d318cb28a28240a1
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
41fd5a9efea51b6c6345afd1c34a99c4ad7f2f0407171bdf4de08e10a050355f
598a4c74199f7a21b803ea99b45d3e8b566f81f8d1f68778976a6a8492020fcb
6a727b4409d576093515d71396a2b859dbdc008c6f7b0cf39aa2a00353ae2d72
729fdd056968891a9b7a1eb8fa6365f58a7da10fd953e837feec3bea6501b585
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
853fed70609a5b590a87635446e4827610c4f3e698c365aada178a6789a0cfff
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8a3374666e26b92f4c3bcfeac3c3d15b0ed794e8ff961200c4d3fc9c0d27f172
8a4103d605654affe513d99d1754f9b3c7cae058370f2b1b3813fcb278823b2b
8a85e3a7c3b4c6886151cfaf5bea4d3b399f5094890b9582b56e3bf8146e39c4
8f2b38dff298d279949941465d09c466e27473eea1479e76463f40902803dfa5
8fd05391669f54ad9e839d447b72348a1a0bd9c95578e88e48a9873140fb4d61
90b1384257bc03aac9247eb8f79dc1948cc75147371a4b48366cf31c5a410f28
9dd5e3656c0a0622e7eee8b077f2f20376e75314924af32e612092dd9b91a4d4
a585f06c1c94fe43d7f49e66e34a475ddd3248b2a021280b5804db5d186db1a3
a71e519e44faaa2a518544f31c899590cd80076d09814d015b69e64dd9202128
b3abcca4835f4b62081c03f3a26d2e357c486bc8e04018f5d2020a7bc160b384
b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec73a3da5d0a8cdcf07531fe91716f7d1cd3e3718f678d08526ab34a73151f08
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

utua.com Open in urlscan Pro 2606:4700:20::681a:d7c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

97 %HTTPS

100 %IPv6

12 Domains

14 Subdomains

13 IPs

2 Countries

653 kBTransfer

2190 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

utua.com Open in urlscan Pro
2606:4700:20::681a:d7c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

97 %
HTTPS

100 %
IPv6

12
Domains

14
Subdomains

13
IPs

2
Countries

653 kB
Transfer

2190 kB
Size

7
Cookies

32 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!