antivirus.protectnowonline.com Open in urlscan Pro
188.240.52.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default
Effective URL:
https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Submission Tags: @phish_report
Submission: On August 18 via api (August 18th 2023, 2:47:19 pm UTC) from FI — Scanned from FI

Summary HTTP 23 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 11 domains to perform 23 HTTP transactions. The main IP is 188.240.52.20, located in Netherlands and belongs to TRANSIP-AS Amsterdam, the Netherlands, NL. The main domain is antivirus.protectnowonline.com.
TLS certificate: Issued by R3 on June 8th 2023. Valid for: 3 months.

This is the only time antivirus.protectnowonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	23.88.7.157 23.88.7.157	24940 (HETZNER-AS) (HETZNER-AS)
1	212.224.118.41 212.224.118.41	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1 13	188.240.52.20 188.240.52.20	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
2	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2a00:1450:400... 2a00:1450:4001:80f::200d	15169 (GOOGLE) (GOOGLE)
1	2620:100:6027... 2620:100:6027:18::a27d:4812	19679 (DROPBOX) (DROPBOX)
1 2	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
23	9

1 23.88.7.157 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.157.7.88.23.clients.your-server.de

abpsl23.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.224.118.41 (Muehlheim am Main, Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: dsde324.fornex.org

eu.travelhit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 188.240.52.20 (Netherlands) 1 redirects

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 188-240-52-20.colo.transip.net

642494.novitrk7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
antivirus.protectnowonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
novidash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::200d (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:6027:18::a27d:4812 (United States)

ASN19679 (DROPBOX, US)

www.dropbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:1:c36:: (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
accounts.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	google.com 4 redirects accounts.google.com — Cisco Umbrella Rank: 52	3 KB
5	protectnowonline.com antivirus.protectnowonline.com	66 KB
4	novidash.com novidash.com — Cisco Umbrella Rank: 962491	11 KB
4	novitrk7.com 1 redirects 642494.novitrk7.com	14 KB
2	spotify.com 1 redirects www.spotify.com — Cisco Umbrella Rank: 1476 accounts.spotify.com — Cisco Umbrella Rank: 8481	943 B
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	18 KB
1	dropbox.com www.dropbox.com — Cisco Umbrella Rank: 2876
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 109
1	travelhit.net eu.travelhit.net	959 B
1	abpsl23.com abpsl23.com — Cisco Umbrella Rank: 933063	770 B
0	fpapi.io Failed botd.fpapi.io Failed
23	11

	Domain	Requested by
6	accounts.google.com	4 redirects antivirus.protectnowonline.com
5	antivirus.protectnowonline.com	642494.novitrk7.com antivirus.protectnowonline.com
4	novidash.com	abpsl23.com
4	642494.novitrk7.com	1 redirects 642494.novitrk7.com
2	cdn.jsdelivr.net	antivirus.protectnowonline.com
1	accounts.spotify.com	antivirus.protectnowonline.com
1	www.spotify.com	1 redirects
1	www.dropbox.com	antivirus.protectnowonline.com
1	www.facebook.com	antivirus.protectnowonline.com
1	eu.travelhit.net
1	abpsl23.com
0	botd.fpapi.io Failed	cdn.jsdelivr.net
23	12

This site contains links to these domains. Also see Links.

Domain
novidash.com
trknovi.com

Subject Issuer	Validity	Valid
abdlnk.com R3	`2023-06-29` - `2023-09-27`	3 months	crt.sh
eu.travelhit.net R3	`2023-07-23` - `2023-10-21`	3 months	crt.sh
*.novitrk5.com R3	`2023-05-30` - `2023-08-28`	3 months	crt.sh
*.landerhd.com R3	`2023-06-08` - `2023-09-06`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-27` - `2023-08-25`	3 months	crt.sh
*.dropbox.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-14` - `2023-11-14`	a year	crt.sh
cdn.novidash.com R3	`2023-05-30` - `2023-08-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Frame ID: 263BB084042ACC911CDB2CC21C61EA01
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AVAST AntiVirus-lisenssisi on päättynyt!

Page URL History Show full URLs

https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default Page URL
https://eu.travelhit.net/view?payload=eyJzZXNzaW9uX3V1aWQiOiJiYTI2ZWY4ZC01YzFkLTQ4N2MtOWIyYi1hM2YyODN... Page URL
https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTks... Page URL
https://642494.novitrk7.com/smartlink?mongo_id=64df84736205646a9073fb26&mongo_grouped_id=64df84736205646... HTTP 302
https://antivirus.protectnowonline.com/64df84736205646a9073fb26 Page URL

Detected technologies

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

23
Requests

78 %
HTTPS

63 %
IPv6

11
Domains

12
Subdomains

9
IPs

3
Countries

110 kB
Transfer

136 kB
Size

9
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://novidash.com/click/64df84736205646a9073fb26?hp
Title: Continue

Search URL Search Domain Scan URL

URL: http://trknovi.com/click/64df84736205646a9073fb26

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default Page URL
https://eu.travelhit.net/view?payload=eyJzZXNzaW9uX3V1aWQiOiJiYTI2ZWY4ZC01YzFkLTQ4N2MtOWIyYi1hM2YyODNkODhlNjkiLCJ3b3JrZXJfaG9zdCI6IjIzLjg4LjcuMTU2IiwiZmVlZF9pZCI6OTU4LCJkYXRldGltZSI6IjA4LTE4IDE3OjQ3IiwidHRsIjo5MDB9 Page URL
https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.3N0IjowLjAwMjIyNTU0MjIzMDAwMDAwMDQsImNyZWF0!XZlX2lkIjoyOTU5MTksImRv.WFp.iI6Imh0dHBzJTNBJTJGJTJGdHJhdmVs!Gl0Lm5ldCIsImZlZWQiOiIxMDAxIiwi!XNf*nRiX2Nh.XBh!WduIjoxODA5Mywi.GFuZGVyX2lkIjoxNTYsIm1lZGlhX3R5*GUiOiJtYWlu*3RyZWFtIiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjE5My4xMzguNy4yMjAiLCJz!XRlX2lkIjoiMXVjMTM1YWU4Yi1iMjEyLTUxOTUtODJmNy00N2M4M2MwNGI0NWUxMyIsInNvdXJjZV90eXBlIjoi*G9wdW5kZXIiLCJzdXNw!WNp.3VzIjowLCJ0!W1lIjoxNjkyMz*wMDM0LCJ0*mFmZmljX3NvdXJjZSI6ImFk!2VsYSIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0= Page URL
https://642494.novitrk7.com/smartlink?mongo_id=64df84736205646a9073fb26&mongo_grouped_id=64df84736205646a9073fb27&redirect_url=https%3A%2F%2Fantivirus.protectnowonline.com%2F64df84736205646a9073fb26&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjEsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MywibWltZVR5cGVzIjo0LCJzY3JlZW5XaWR0aCI6MTYwMCwic2NyZWVuSGVpZ2h0IjoxMjAwLCJvdXRlcldpZHRoIjoxNjAwLCJvdXRlckhlaWdodCI6MTIwMCwidnciOjE2MDAsInZoIjoxMjAwLCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5Ijo4LCJoYXJkd2FyZUNvbmN1cnJlbmN5Ijo0LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IkV1cm9wZS9IZWxzaW5raSIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IldpbjMyIiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzMsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTYuMC41ODQ1Ljk2IFNhZmFyaS81MzcuMzYiLCJ3ZWJHTFZlbmRvciI6IkludGVsIEluYy4iLCJ3ZWJHTFJlbmRlcmVyIjoiSW50ZWwgSXJpcyBPcGVuR0wgRW5naW5lIiwicmVmbWF0Y2giOjAsIm92ZXJmbG93IjowLCJvdmVycmlkZSI6MCwiZHVyYXRpb24iOjQ5fQ==&js=1 HTTP 302
https://antivirus.protectnowonline.com/64df84736205646a9073fb26 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AXo7B7XD_DGa46VKHdOjoaqT4izZOpDl5DajZ6pYX3A2DcOL7WjZagql4RsCumqyrXfhg4MSO5EnNQ HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7VyMuD7aL3tQG-tnmnkArN6d-WoliodqZYrrbmwLfemE55__P89m9sUm1HuK-IPRnzY5j9Jtw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1611591521%3A1692370036669880

Request Chain 11

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AXo7B7X8VhDlcU_nVWCeK214-u_sWuGXrf9o_LzZgKa_VZlVPphmdGhmzma16oqRXEXdWS-zrbuNYQ HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7XPmSsxZyWnT0q_t4MqsdtFgvdAscd_1ckuD6Scm0SHkfeOb6cctnr0e-RbMMCSk69xhwhTcw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S369109175%3A1692370036702012

Request Chain 13

https://www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 302
https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK endpoint Show response
abpsl23.com/ 801 B
770 B 600ms
369ms Document
text/html 23.88.7.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.88.7.157 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.7.88.23.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8deebe367e699bd69e5d773c4b43774d899aadfae969dcf0670ea684bc03da0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 491
Content-Type: text/html
Date: Fri, 18 Aug 2023 14:47:14 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H/1.1 200
OK view Show response
eu.travelhit.net/ 1 KB
959 B 366ms
157ms Document
text/html 212.224.118.41
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to

Full URL: https://eu.travelhit.net/view?payload=eyJzZXNzaW9uX3V1aWQiOiJiYTI2ZWY4ZC01YzFkLTQ4N2MtOWIyYi1hM2YyODNkODhlNjkiLCJ3b3JrZXJfaG9zdCI6IjIzLjg4LjcuMTU2IiwiZmVlZF9pZCI6OTU4LCJkYXRldGltZSI6IjA4LTE4IDE3OjQ3IiwidHRsIjo5MDB9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.224.118.41 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS: dsde324.fornex.org
Software: openresty/1.19.9.1 /
Resource Hash: d945c946bb9ecf088046cb811cc9c7d32a8f3ff0f091b54efaeedbd44d1f0713

Request headers

Referer: https://abpsl23.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 781
Content-Type: text/html
Date: Fri, 18 Aug 2023 14:47:15 GMT
Server: openresty/1.19.9.1

GET
H2 200 smartlink Show response
642494.novitrk7.com/ 8 KB
3 KB 564ms
368ms Document
text/html 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.3N0IjowLjAwMjIyNTU0MjIzMDAwMDAwMDQsImNyZWF0!XZlX2lkIjoyOTU5MTksImRv.WFp.iI6Imh0dHBzJTNBJTJGJTJGdHJhdmVs!Gl0Lm5ldCIsImZlZWQiOiIxMDAxIiwi!XNf*nRiX2Nh.XBh!WduIjoxODA5Mywi.GFuZGVyX2lkIjoxNTYsIm1lZGlhX3R5*GUiOiJtYWlu*3RyZWFtIiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjE5My4xMzguNy4yMjAiLCJz!XRlX2lkIjoiMXVjMTM1YWU4Yi1iMjEyLTUxOTUtODJmNy00N2M4M2MwNGI0NWUxMyIsInNvdXJjZV90eXBlIjoi*G9wdW5kZXIiLCJzdXNw!WNp.3VzIjowLCJ0!W1lIjoxNjkyMz*wMDM0LCJ0*mFmZmljX3NvdXJjZSI6ImFk!2VsYSIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

6bd4e4a089ead7dcd94863c39e6e37cb4d2b84202e27e4ad92f7cc612a228b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eu.travelhit.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

cache-control: private, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 18 Aug 2023 14:47:15 GMT
expires: -1
pragma: no-cache
server: nginx/1.19.10
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 64df84736205646a9073fb26
642494.novitrk7.com/smartlink-css/ 4 KB
5 KB 91ms
90ms Stylesheet
text/css 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://642494.novitrk7.com/smartlink-css/64df84736205646a9073fb26

Requested by

Host: 642494.novitrk7.com
URL: https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.3N0IjowLjAwMjIyNTU0MjIzMDAwMDAwMDQsImNyZWF0!XZlX2lkIjoyOTU5MTksImRv.WFp.iI6Imh0dHBzJTNBJTJGJTJGdHJhdmVs!Gl0Lm5ldCIsImZlZWQiOiIxMDAxIiwi!XNf*nRiX2Nh.XBh!WduIjoxODA5Mywi.GFuZGVyX2lkIjoxNTYsIm1lZGlhX3R5*GUiOiJtYWlu*3RyZWFtIiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjE5My4xMzguNy4yMjAiLCJz!XRlX2lkIjoiMXVjMTM1YWU4Yi1iMjEyLTUxOTUtODJmNy00N2M4M2MwNGI0NWUxMyIsInNvdXJjZV90eXBlIjoi*G9wdW5kZXIiLCJzdXNw!WNp.3VzIjowLCJ0!W1lIjoxNjkyMz*wMDM0LCJ0*mFmZmljX3NvdXJjZSI6ImFk!2VsYSIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

9b3af398b381f6d8468dd65166755d065b136fe48d13d9020488a5d5323e1ff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.3N0IjowLjAwMjIyNTU0MjIzMDAwMDAwMDQsImNyZWF0!XZlX2lkIjoyOTU5MTksImRv.WFp.iI6Imh0dHBzJTNBJTJGJTJGdHJhdmVs!Gl0Lm5ldCIsImZlZWQiOiIxMDAxIiwi!XNf*nRiX2Nh.XBh!WduIjoxODA5Mywi.GFuZGVyX2lkIjoxNTYsIm1lZGlhX3R5*GUiOiJtYWlu*3RyZWFtIiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjE5My4xMzguNy4yMjAiLCJz!XRlX2lkIjoiMXVjMTM1YWU4Yi1iMjEyLTUxOTUtODJmNy00N2M4M2MwNGI0NWUxMyIsInNvdXJjZV90eXBlIjoi*G9wdW5kZXIiLCJzdXNw!WNp.3VzIjowLCJ0!W1lIjoxNjkyMz*wMDM0LCJ0*mFmZmljX3NvdXJjZSI6ImFk!2VsYSIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Aug 2023 14:47:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx/1.19.10
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
x-xss-protection: 1; mode=block
expires: -1

GET
H2 200 64df84736205646a9073fb26
642494.novitrk7.com/smartlink-css/ 4 KB
5 KB 91ms
91ms Stylesheet
text/css 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://642494.novitrk7.com/smartlink-css/64df84736205646a9073fb26?fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjEsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MywibWltZVR5cGVzIjo0LCJzY3JlZW5XaWR0aCI6MTYwMCwic2NyZWVuSGVpZ2h0IjoxMjAwLCJvdXRlcldpZHRoIjoxNjAwLCJvdXRlckhlaWdodCI6MTIwMCwidnciOjE2MDAsInZoIjoxMjAwLCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5Ijo4LCJoYXJkd2FyZUNvbmN1cnJlbmN5Ijo0LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IkV1cm9wZS9IZWxzaW5raSIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IldpbjMyIiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzMsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTYuMC41ODQ1Ljk2IFNhZmFyaS81MzcuMzYiLCJ3ZWJHTFZlbmRvciI6IkludGVsIEluYy4iLCJ3ZWJHTFJlbmRlcmVyIjoiSW50ZWwgSXJpcyBPcGVuR0wgRW5naW5lIiwicmVmbWF0Y2giOjAsIm92ZXJmbG93IjowLCJvdmVycmlkZSI6MCwiZHVyYXRpb24iOjQ5fQ==

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.3N0IjowLjAwMjIyNTU0MjIzMDAwMDAwMDQsImNyZWF0!XZlX2lkIjoyOTU5MTksImRv.WFp.iI6Imh0dHBzJTNBJTJGJTJGdHJhdmVs!Gl0Lm5ldCIsImZlZWQiOiIxMDAxIiwi!XNf*nRiX2Nh.XBh!WduIjoxODA5Mywi.GFuZGVyX2lkIjoxNTYsIm1lZGlhX3R5*GUiOiJtYWlu*3RyZWFtIiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjE5My4xMzguNy4yMjAiLCJz!XRlX2lkIjoiMXVjMTM1YWU4Yi1iMjEyLTUxOTUtODJmNy00N2M4M2MwNGI0NWUxMyIsInNvdXJjZV90eXBlIjoi*G9wdW5kZXIiLCJzdXNw!WNp.3VzIjowLCJ0!W1lIjoxNjkyMz*wMDM0LCJ0*mFmZmljX3NvdXJjZSI6ImFk!2VsYSIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Aug 2023 14:47:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx/1.19.10
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
x-xss-protection: 1; mode=block
expires: -1

GET
H2

200

Primary Request 64df84736205646a9073fb26 Show response
antivirus.protectnowonline.com/
Redirect Chain

https://642494.novitrk7.com/smartlink?mongo_id=64df84736205646a9073fb26&mongo_grouped_id=64df84736205646a9073fb27&redirect_url=https%3A%2F%2Fantivirus.protectnowonline.com%2F64df84736205646a9073fb2...
https://antivirus.protectnowonline.com/64df84736205646a9073fb26

10 KB
6 KB

307ms
111ms

Document
text/html

188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

ae9a960291f6273d9299efc9f4e4c62ec697fc9ad57fb14434833c3ef1980c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://642494.novitrk7.com/smartlink?track=eyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.3N0IjowLjAwMjIyNTU0MjIzMDAwMDAwMDQsImNyZWF0!XZlX2lkIjoyOTU5MTksImRv.WFp.iI6Imh0dHBzJTNBJTJGJTJGdHJhdmVs!Gl0Lm5ldCIsImZlZWQiOiIxMDAxIiwi!XNf*nRiX2Nh.XBh!WduIjoxODA5Mywi.GFuZGVyX2lkIjoxNTYsIm1lZGlhX3R5*GUiOiJtYWlu*3RyZWFtIiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjE5My4xMzguNy4yMjAiLCJz!XRlX2lkIjoiMXVjMTM1YWU4Yi1iMjEyLTUxOTUtODJmNy00N2M4M2MwNGI0NWUxMyIsInNvdXJjZV90eXBlIjoi*G9wdW5kZXIiLCJzdXNw!WNp.3VzIjowLCJ0!W1lIjoxNjkyMz*wMDM0LCJ0*mFmZmljX3NvdXJjZSI6ImFk!2VsYSIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

cache-control: private, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 18 Aug 2023 14:47:16 GMT
expires: -1
pragma: no-cache
server: nginx/1.19.10
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private, must-revalidate
content-type: text/html; charset=UTF-8
date: Fri, 18 Aug 2023 14:47:15 GMT
expires: -1
location: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
pragma: no-cache
server: nginx/1.19.10
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 avast-fi.jpeg
antivirus.protectnowonline.com/landingpages/avast-fi/ 24 KB
24 KB 89ms
88ms Image
image/jpeg 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://antivirus.protectnowonline.com/landingpages/avast-fi/avast-fi.jpeg

Requested by

Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

6ce04bf7c4f9cf117440c4e8176fddea4c28652382413d57ce3e4334524d0285

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 18 Aug 2023 08:49:27 GMT
server: nginx/1.19.10
etag: "64df3097-5f6e"
content-type: image/jpeg
accept-ranges: bytes
content-length: 24430
x-xss-protection: 1; mode=block

GET
H2 200 license-fi.jpg
antivirus.protectnowonline.com/landingpages/avast-fi/ 26 KB
27 KB 89ms
89ms Image
image/jpeg 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://antivirus.protectnowonline.com/landingpages/avast-fi/license-fi.jpg

Requested by

Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

ca174ec5df0bf5179830fa032f9ed15cecdec9d233bce2ded5d899edb0def4a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 18 Aug 2023 08:49:27 GMT
server: nginx/1.19.10
etag: "64df3097-6908"
content-type: image/jpeg
accept-ranges: bytes
content-length: 26888
x-xss-protection: 1; mode=block

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 212ms
75ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 23353
x-jsd-version: 3.4.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230025-FRA, cache-jnb7021-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XVokjhwOt3w9UtxF%2FvsppMNvrH3oRt2pG4oE1EQnG%2FBHxIGiSomEgucNd5uUtpgNjAFaiGAtNVifFh7cVVAptKxsnD5L%2FW3UYElSSrsk%2BSGnhHMEf7ixEQFR67HgYqdbcvGyvKJTtiuaMPl%2FzY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7f8af377b848069b-OSL

GET
H2 200 botd.min.js Show response
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/ 9 KB
3 KB 215ms
78ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js

Requested by

Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 34873
x-jsd-version: 0.1.20
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230126-FRA, cache-jnb7021-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0jtaMiTFYMmdul2OZi1CA9QgLAaT2kfjkEQwH8M7navKtsB1PXmrgkdLjs9CUtX%2B%2BEgabfdLlTYbO%2BMBL0tH9Mp8G7XTH96qrwej4HuvginwKcmCIPPQs3zKxAznY9anhRYYRdRKUhLFHei%2Bso%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7f8af377b84a069b-OSL

GET
H2 200 login.php
www.facebook.com/ 0
0 367ms
177ms Image
text/html 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AXo7B7XD_DGa46VKHdOjoaqT4izZOpDl5DajZ6pYX3A2DcOL7WjZagql4RsCumq...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7VyMuD7aL3tQG-tnmnkArN6d-WoliodqZYrrbmwLfemE55__P89m9sUm1HuK-IPRnzY5j9Jtw&passiv...

0
0

102ms
102ms

Image
text/html

2a00:1450:4001:80f::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7VyMuD7aL3tQG-tnmnkArN6d-WoliodqZYrrbmwLfemE55__P89m9sUm1HuK-IPRnzY5j9Jtw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1611591521%3A1692370036669880
Requested by: Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Protocol: H2
Server: 2a00:1450:4001:80f::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-R_UqLyvmTLczUVDRALWmEw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 395
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7VyMuD7aL3tQG-tnmnkArN6d-WoliodqZYrrbmwLfemE55__P89m9sUm1HuK-IPRnzY5j9Jtw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1611591521%3A1692370036669880
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AXo7B7X8VhDlcU_nVWCeK214-u_sWuGXrf9o_LzZgKa_VZlVPphmdGhmzma...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7XPmSsxZyWnT0q_t4MqsdtFgvdAscd_1ckuD6Scm0SHkfeOb6cctnr0e-RbMMCSk69xhwhTcw&passi...

0
0

101ms
101ms

Image
text/html

2a00:1450:4001:80f::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7XPmSsxZyWnT0q_t4MqsdtFgvdAscd_1ckuD6Scm0SHkfeOb6cctnr0e-RbMMCSk69xhwhTcw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S369109175%3A1692370036702012
Requested by: Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Protocol: H2
Server: 2a00:1450:4001:80f::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-2Zv_3iRmpMs0bFulqgEFMg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 395
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7XPmSsxZyWnT0q_t4MqsdtFgvdAscd_1ckuD6Scm0SHkfeOb6cctnr0e-RbMMCSk69xhwhTcw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S369109175%3A1692370036702012
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 login
www.dropbox.com/ 0
0 718ms
538ms Image
text/html 2620:100:6027:18::a27d:4812
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
Requested by: Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:100:6027:18::a27d:4812 , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2

200

https://www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE

0
0

116ms
109ms

Image
text/html

2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
Requested by: Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
Protocol: H2
Server: 2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

sp-trace-id: eb85d076730ffb7a
date: Fri, 18 Aug 2023 14:47:16 GMT
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
x-powered-by: Express
vary: Accept-Encoding
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-envoy-upstream-service-time: 29
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-join-the-band: https://www.spotify.com/jobs/

GET
H2 200 logo_css.png
antivirus.protectnowonline.com/landingpages/avast-fi/ 9 KB
9 KB 163ms
161ms Image
image/png 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://antivirus.protectnowonline.com/landingpages/avast-fi/logo_css.png

Requested by

Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

e7886b744ef4e5c70189c9f488bbc44da14d40f25e23d3a3ab12e64a2dd76220

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 18 Aug 2023 08:49:27 GMT
server: nginx/1.19.10
etag: "64df3097-24f1"
content-type: image/png
accept-ranges: bytes
content-length: 9457
x-xss-protection: 1; mode=block

GET
H2 200 check.gif
antivirus.protectnowonline.com/landingpages/avast-fi/ 107 B
324 B 163ms
162ms Image
image/gif 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://antivirus.protectnowonline.com/landingpages/avast-fi/check.gif

Requested by

Host: antivirus.protectnowonline.com
URL: https://antivirus.protectnowonline.com/64df84736205646a9073fb26

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

6b6b494b0e264b6d7e9210f4d548029b34be28ff6b7a074cc87f652c8cb81254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/64df84736205646a9073fb26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 18 Aug 2023 08:49:27 GMT
server: nginx/1.19.10
etag: "64df3097-6b"
content-type: image/gif
accept-ranges: bytes
content-length: 107
x-xss-protection: 1; mode=block

GET
H2 200 64df84736205646a9073fb26 Show response
novidash.com/smartlink-css/ 4 KB
5 KB 256ms
84ms XHR
text/css 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://novidash.com/smartlink-css/64df84736205646a9073fb26?battery_charging=true&battery_chargingTime=0&battery_dischargingTime=Infinity&battery_level=1

Requested by

Host: abpsl23.com
URL: https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

9b3af398b381f6d8468dd65166755d065b136fe48d13d9020488a5d5323e1ff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx/1.19.10
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
x-xss-protection: 1; mode=block
expires: -1

POST detect
botd.fpapi.io/api/v1/ 0
0

POST
H2 200 64df84736205646a9073fb26 Show response
novidash.com/smartlink-css/ 4 KB
5 KB 164ms
164ms XHR
text/css 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://novidash.com/smartlink-css/64df84736205646a9073fb26?fingerprintid=8e9f496d7b7909568a31865ef0f3aaac

Requested by

Host: abpsl23.com
URL: https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

9b3af398b381f6d8468dd65166755d065b136fe48d13d9020488a5d5323e1ff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://antivirus.protectnowonline.com/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 18 Aug 2023 14:47:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx/1.19.10
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
x-xss-protection: 1; mode=block
expires: -1

GET
H2 200 64df84736205646a9073fb26 Show response
novidash.com/smartlink-css/ 0
958 B 90ms
89ms XHR
text/html 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://novidash.com/smartlink-css/64df84736205646a9073fb26?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

Requested by

Host: abpsl23.com
URL: https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Aug 2023 14:47:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx/1.19.10
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
x-xss-protection: 1; mode=block
expires: -1

GET
H2 200 64df84736205646a9073fb26 Show response
novidash.com/smartlink-css/ 0
953 B 89ms
89ms XHR
text/html 188.240.52.20
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://novidash.com/smartlink-css/64df84736205646a9073fb26?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

Requested by

Host: abpsl23.com
URL: https://abpsl23.com/endpoint?endpoint_uuid=965a04d8-dcc7-44e7-bcad-5f8ebcd0cdee&subid=default

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.240.52.20 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

188-240-52-20.colo.transip.net

Software

nginx/1.19.10 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://antivirus.protectnowonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Aug 2023 14:47:18 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx/1.19.10
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate
x-xss-protection: 1; mode=block
expires: -1

GET 64df84736205646a9073fb26
novidash.com/smartlink-css/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: botd.fpapi.io
URL: https://botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20

Domain: novidash.com
URL: https://novidash.com/smartlink-css/64df84736205646a9073fb26?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
642494.novitrk7.com/	1970-01-20 14:06:17	Name: XSRF-TOKEN Value: eyJpdiI6ImdxVmhwdHNINThCOXljZjVCSVIrSFE9PSIsInZhbHVlIjoiRWZtMzAwa0djdTV0T1lXc2hFdDhKVWd5M2NYZnJnQ2tuYkIrQlU0YTh6d091Rm94VlRZQU1wRmFXQis0SEo3anBzUkdyQnk3bXlZcW9OQWk1dkxjbkIzbTlmV2s4dzc1aHBMUnBqTVhnNmpzZ3lteEJUTGdzQ2xKS0lncms3eXEiLCJtYWMiOiIyMWE5YzJiN2Y2Y2ZiYmZkMTE0YjBlYjdlOWVmZGFhYmY2YmJiYWZiMTFiYjExZjdmYTkyZDhjNzJhM2Y0ZDQ3IiwidGFnIjoiIn0%3D
642494.novitrk7.com/	1970-01-20 14:06:17	Name: novidash_session Value: eyJpdiI6Ild1a3hlSDFxYXIrYlFPUGlDbFF3Unc9PSIsInZhbHVlIjoiWjZUeWsyaXd3UU9DNUtpTkVaS1FlNkpkeEw1cmUwalFOOEQwZGxQUUVvZ0VweFRtQVBUMEh6dzBRQms4ZVZ3OEx1djJ5ZUo3Q1JMcXpYTE5FMFUzdmNJY1dzdVc0MXc2K2pUVGpKbnovaUQ0Z1dyWUlaMkFKMVRuTTFiU3lOaXQiLCJtYWMiOiI1YjMzZTJhMmZjZTU2NDk2ZmI1NDBkNzU0NTVkMjE2NmFhZjZkOGYxYjI2ZjlkYjJmZWRhODcwMjM2NzkwM2JlIiwidGFnIjoiIn0%3D
antivirus.protectnowonline.com/	1970-01-20 14:06:17	Name: XSRF-TOKEN Value: eyJpdiI6IlFYREk3QVBYVjlKV0hickRGaXFIQ3c9PSIsInZhbHVlIjoiY1dsa0s5M0JmUkhsMk1nTmZ1UkxMMXpEQXlQbXd2a1ExK3R3N0hZTkc5VXZ4RzNaeERDTnphd3R5aWZMMW1HZ0lMSDk4UmF6TVRZbHU0ZGRwQUhHaHk4bkozUFZ3cXpYQThYRXFrVzZXZ1ByaHQxelpxRForQ0VFYTFWS2xhNHYiLCJtYWMiOiJlNTA4ZDUwMDk4OTBhYzFjNDc5OTdjNGE4MjhiZjczMWE1NDQwNWVkYWE3ZTQ0ZTc5YjU5YTFmNWI0ZjUwYTAyIiwidGFnIjoiIn0%3D
antivirus.protectnowonline.com/	1970-01-20 14:06:17	Name: novidash_session Value: eyJpdiI6InpGRVppWEljbGd0OCtjaGJjQzdEREE9PSIsInZhbHVlIjoiNGl2NDFId2RTbWRvdTR0UXdFMGxRNHlTQS9uMk1HQUx4TnlnTFZjeVFSZEtNZTl2bkR0RVJMbFJUdjVXZzhoVzVLMm10aldkcjcvR1JqZUNIZ0x2NTdublZ2dTc0ZVp1SmpPaE8wOVI5TW8yU0hQSkgwZTBUNWFFczh2anU0WVQiLCJtYWMiOiI1ZmQ4NDNmYjBiNDI5OWM4OTEyOTU2OWIzNTBlZDFmMmI2OGE2YWVkYzUzZjU2MzQxYjQ5YmZhODZkNWNkMTg5IiwidGFnIjoiIn0%3D
.accounts.spotify.com/	1969-12-31 23:59:59	Name: __Secure-TPASESSION Value: AQAbhAF9Db0EQF6j+94+T8ZVD6DausNy0nTt1ZDKzal0s5BPRNzgQln4pE0l1Km2WNIBp36BkHDUgMmmiBd3jbfwMoSDMs9zjHI=
www.dropbox.com/	1970-01-20 23:42:10	Name: gvc Value: MTc0MzgwNTc4NjQ0NTExMzU0OTI4NDIxMDQ5ODU1Mzk0NDA5MjIy
.dropbox.com/	1970-01-20 23:42:10	Name: t Value: aE-UH0SsI7ZWNDxnWbT0HiTw
www.dropbox.com/	1970-01-20 23:42:10	Name: __Host-js_csrf Value: aE-UH0SsI7ZWNDxnWbT0HiTw
.dropbox.com/	1970-01-20 23:42:10	Name: locale Value: en

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7VyMuD7aL3tQG-tnmnkArN6d-WoliodqZYrrbmwLfemE55__P89m9sUm1HuK-IPRnzY5j9Jtw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1611591521%3A1692370036669880 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AXo7B7XPmSsxZyWnT0q_t4MqsdtFgvdAscd_1ckuD6Scm0SHkfeOb6cctnr0e-RbMMCSk69xhwhTcw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S369109175%3A1692370036702012 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

642494.novitrk7.com
abpsl23.com
accounts.google.com
accounts.spotify.com
antivirus.protectnowonline.com
botd.fpapi.io
cdn.jsdelivr.net
eu.travelhit.net
novidash.com
www.dropbox.com
www.facebook.com
www.spotify.com
botd.fpapi.io
novidash.com
188.240.52.20
212.224.118.41
23.88.7.157
2600:1901:1:c36::
2606:4700::6810:5714
2620:100:6027:18::a27d:4812
2a00:1450:4001:80f::200d
2a03:2880:f176:84:face:b00c:0:25de
52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3
6b6b494b0e264b6d7e9210f4d548029b34be28ff6b7a074cc87f652c8cb81254
6bd4e4a089ead7dcd94863c39e6e37cb4d2b84202e27e4ad92f7cc612a228b5a
6ce04bf7c4f9cf117440c4e8176fddea4c28652382413d57ce3e4334524d0285
8deebe367e699bd69e5d773c4b43774d899aadfae969dcf0670ea684bc03da0e
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9b3af398b381f6d8468dd65166755d065b136fe48d13d9020488a5d5323e1ff2
ae9a960291f6273d9299efc9f4e4c62ec697fc9ad57fb14434833c3ef1980c10
ca174ec5df0bf5179830fa032f9ed15cecdec9d233bce2ded5d899edb0def4a5
d945c946bb9ecf088046cb811cc9c7d32a8f3ff0f091b54efaeedbd44d1f0713
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7886b744ef4e5c70189c9f488bbc44da14d40f25e23d3a3ab12e64a2dd76220

antivirus.protectnowonline.com Open in urlscan Pro 188.240.52.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

78 %HTTPS

63 %IPv6

11 Domains

12 Subdomains

9 IPs

3 Countries

110 kBTransfer

136 kBSize

9 Cookies

2 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

9 Cookies

3 Console Messages

Indicators

antivirus.protectnowonline.com Open in urlscan Pro
188.240.52.20 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

78 %
HTTPS

63 %
IPv6

11
Domains

12
Subdomains

9
IPs

3
Countries

110 kB
Transfer

136 kB
Size

9
Cookies

23 HTTP transactions
0 data transactions