other.landerhd.com
Open in
urlscan Pro
188.240.52.20
Public Scan
Submitted URL: http://www.dexpredict.com/jump/next.php?r=3783451
Effective URL: https://other.landerhd.com/64b09458be620635c40e3e4e
Submission: On July 14 via manual from IN — Scanned from DE
Effective URL: https://other.landerhd.com/64b09458be620635c40e3e4e
Submission: On July 14 via manual from IN — Scanned from DE
Summary
This website contacted 8 IPs
in 3 countries
across 11 domains to perform 24 HTTP transactions.
The main IP is 188.240.52.20, located in
Netherlands and
belongs to TRANSIP-AS Amsterdam, the Netherlands, NL.
The main domain is other.landerhd.com.
TLS certificate: Issued by R3 on June 8th 2023. Valid for: 3 months.
This is the only time other.landerhd.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 8th 2023. Valid for: 3 months.
This is the only time other.landerhd.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 3 | 35.201.90.210 35.201.90.210 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 1 1 | 18.195.149.11 18.195.149.11 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 16 | 188.240.52.20 188.240.52.20 | 20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam) | |
| 2 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
| 1 | 2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
| 4 6 | 2a00:1450:400... 2a00:1450:4001:802::200d | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2620:100:6022... 2620:100:6022:18::a27d:4212 | 19679 (DROPBOX) (DROPBOX) | |
| 1 2 | 2600:1901:1:c... 2600:1901:1:c36:: | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 54.88.16.22 54.88.16.22 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 24 | 8 |
3
35.201.90.210
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 210.90.201.35.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 210.90.201.35.bc.googleusercontent.com
| www.dexpredict.com |
1
18.195.149.11
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-149-11.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-149-11.eu-central-1.compute.amazonaws.com
| dratingmaject.com |
16
188.240.52.20
(Netherlands)
ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 188-240-52-20.colo.transip.net
ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 188-240-52-20.colo.transip.net
| bf233.trknovi.com | |
| other.landerhd.com | |
| novidash.com |
1
2a03:2880:f176:84:face:b00c:0:25de
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
ASN32934 (FACEBOOK, US)
| www.facebook.com |
1
54.88.16.22
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-16-22.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-16-22.compute-1.amazonaws.com
| botd.fpapi.io |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
novidash.com
novidash.com |
14 KB |
| 6 |
google.com
4 redirects
accounts.google.com — Cisco Umbrella Rank: 67 |
3 KB |
| 5 |
landerhd.com
other.landerhd.com |
39 KB |
| 4 |
trknovi.com
1 redirects
bf233.trknovi.com |
14 KB |
| 3 |
dexpredict.com
2 redirects
www.dexpredict.com — Cisco Umbrella Rank: 673227 |
4 KB |
| 2 |
spotify.com
1 redirects
www.spotify.com — Cisco Umbrella Rank: 1469 accounts.spotify.com — Cisco Umbrella Rank: 8951 |
943 B |
| 2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 368 |
18 KB |
| 1 |
fpapi.io
botd.fpapi.io — Cisco Umbrella Rank: 406679 |
682 B |
| 1 |
dropbox.com
www.dropbox.com — Cisco Umbrella Rank: 2734 |
|
| 1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 100 |
|
| 1 |
dratingmaject.com
1 redirects
dratingmaject.com |
695 B |
| 24 | 11 |
| Domain | Requested by | |
|---|---|---|
| 7 | novidash.com |
www.dexpredict.com
|
| 6 | accounts.google.com |
4 redirects
other.landerhd.com
|
| 5 | other.landerhd.com |
bf233.trknovi.com
other.landerhd.com |
| 4 | bf233.trknovi.com |
1 redirects
www.dexpredict.com
bf233.trknovi.com |
| 3 | www.dexpredict.com | 2 redirects |
| 2 | cdn.jsdelivr.net |
other.landerhd.com
|
| 1 | botd.fpapi.io |
cdn.jsdelivr.net
|
| 1 | accounts.spotify.com |
other.landerhd.com
|
| 1 | www.spotify.com | 1 redirects |
| 1 | www.dropbox.com |
other.landerhd.com
|
| 1 | www.facebook.com |
other.landerhd.com
|
| 1 | dratingmaject.com | 1 redirects |
| 24 | 12 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| novidash.com |
| trknovi.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.landerhd.com R3 |
2023-06-08 - 2023-09-06 |
3 months | crt.sh |
| jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-04-22 - 2023-07-21 |
3 months | crt.sh |
| *.dropbox.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-10-14 - 2023-11-14 |
a year | crt.sh |
| cdn.novidash.com R3 |
2023-05-30 - 2023-08-28 |
3 months | crt.sh |
| botd.fpapi.io Amazon RSA 2048 M02 |
2023-02-14 - 2024-03-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://other.landerhd.com/64b09458be620635c40e3e4e
Frame ID: 14787EBEDD6325C96DB9E83BF6A8A46C
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Ihre AVIRA AntiVirus Lizenz ist abgelaufen!Page URL History Show full URLs
- http://www.dexpredict.com/jump/next.php?r=3783451 Page URL
-
https://www.dexpredict.com/jump/next.php?stamat=m%257C%252C4Y3I2dharB1dwP0dEdHP3xP.16c%252C2t5FkDDYpjxJ...
HTTP 302
https://www.dexpredict.com/script/i.php?t=1&stamat=m%257C%252C%252Cwiej9jIuoGU3Bk-GH0dEdHP3xP.21c%252Ca... HTTP 302
https://dratingmaject.com/932e3593-8acc-478b-ba74-1d35f2980891?campaign=347578620&ban=23669442&ssp=Adc... HTTP 302
https://bf233.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5NTg5OSIsImxhbmRl... Page URL
-
https://bf233.trknovi.com/smartlink?mongo_id=64b09458be620635c40e3e4e&mongo_grouped_id=64b09003691c902...
HTTP 302
https://other.landerhd.com/64b09458be620635c40e3e4e Page URL
Detected technologies
FingerprintJS
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /fingerprintjs@(\d)
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://novidash.com/click/64b09458be620635c40e3e4e?hp
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: http://trknovi.com/click/64b09458be620635c40e3e4e
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.dexpredict.com/jump/next.php?r=3783451 Page URL
-
https://www.dexpredict.com/jump/next.php?stamat=m%257C%252C4Y3I2dharB1dwP0dEdHP3xP.16c%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAVh18V0HmdRTnp7P4JrfSbI&cbpage=http://www.dexpredict.com/jump/next.php?r=3783451&cbur=0.5402968736014631&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=
HTTP 302
https://www.dexpredict.com/script/i.php?t=1&stamat=m%257C%252C%252Cwiej9jIuoGU3Bk-GH0dEdHP3xP.21c%252CaULJrwvP2RTaOzOWzXbqQlq8pJ9MTLo6SQUbxxfM6GbxkXcCy5Zt6bxOl2Az_44U76QFZ2EvZMGveszFQIUUzT-IFCcyWN4BhqUrCFUxc1CIUrhytk8zJI4cdak_6errRPj6Mff7TENX2iMC8-Uq-a8Ccjux3vOwUo0RHqrCj3rSyxUZf-hEPy3wBuXrwHSslCGR3pvWMFWO1oWc-DwVuwgcwzpU0u_8CC44e7tfUJi4o2UmqTPnr2i5iT2rWNU16VRSvLHoB5bzeq38uaRidwbP4LKJAaIyqUnVLKFJ1AKav5PeD4BWf3a83yqohAMxH-Xk3OwnIyIRT6tocvhaEqC4oPKNwczpwPHVB0d_c2i087rtJ7iKljJSKsgML4EX1Kw7s975zE2O2HrZV07TYMnK077ug6r8JqXUny7ow2V0147_BXzBtQw2m4fbTOBVuX2Stud6e33d-jOaNxGk1f2pMlDaPKxIlbDuNeV6XF03h1iErPyxcQvHPv_fxZrowAkvDGIkClchjwLoOera1tnwox54vqri3sD1BGIdLPQ%252C HTTP 302
https://dratingmaject.com/932e3593-8acc-478b-ba74-1d35f2980891?campaign=347578620&ban=23669442&ssp=Adcash&zone=3783451&advertiser=46784&country=DE&org=31173%20Services%20AB&platform=Windows%2010&ip=185.213.155.157&device_make=Unknown&redirection_cost=0.001&clickid=168929391210000TDETV431177839654V22 HTTP 302
https://bf233.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5NTg5OSIsImxhbmRlcl9pZCI6IjE0OSJ9&click_id=wtblgr012uqqug4qi5cok0ma&subid=63aeb5c6-0370-4fff-889d-a24fee20db64 Page URL
-
https://bf233.trknovi.com/smartlink?mongo_id=64b09458be620635c40e3e4e&mongo_grouped_id=64b09003691c902e4f5488d8&redirect_url=https%3A%2F%2Fother.landerhd.com%2F64b09458be620635c40e3e4e&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjEsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MywibWltZVR5cGVzIjo0LCJzY3JlZW5XaWR0aCI6MTYwMCwic2NyZWVuSGVpZ2h0IjoxMjAwLCJvdXRlcldpZHRoIjoxNjAwLCJvdXRlckhlaWdodCI6MTIwMCwidnciOjE2MDAsInZoIjoxMjAwLCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5Ijo4LCJoYXJkd2FyZUNvbmN1cnJlbmN5Ijo0LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IkV0Yy9Vbmtub3duIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiV2luMzIiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozMywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNC4wLjU3MzUuMTk4IFNhZmFyaS81MzcuMzYiLCJ3ZWJHTFZlbmRvciI6IkludGVsIEluYy4iLCJ3ZWJHTFJlbmRlcmVyIjoiSW50ZWwgSXJpcyBPcGVuR0wgRW5naW5lIiwicmVmbWF0Y2giOjAsIm92ZXJmbG93IjowLCJvdmVycmlkZSI6MCwiZHVyYXRpb24iOjIzfQ==&js=1
HTTP 302
https://other.landerhd.com/64b09458be620635c40e3e4e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.dexpredict.com/jump/next.php?stamat=m%257C%252C4Y3I2dharB1dwP0dEdHP3xP.16c%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAVh18V0HmdRTnp7P4JrfSbI&cbpage=http://www.dexpredict.com/jump/next.php?r=3783451&cbur=0.5402968736014631&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
- https://www.dexpredict.com/script/i.php?t=1&stamat=m%257C%252C%252Cwiej9jIuoGU3Bk-GH0dEdHP3xP.21c%252CaULJrwvP2RTaOzOWzXbqQlq8pJ9MTLo6SQUbxxfM6GbxkXcCy5Zt6bxOl2Az_44U76QFZ2EvZMGveszFQIUUzT-IFCcyWN4BhqUrCFUxc1CIUrhytk8zJI4cdak_6errRPj6Mff7TENX2iMC8-Uq-a8Ccjux3vOwUo0RHqrCj3rSyxUZf-hEPy3wBuXrwHSslCGR3pvWMFWO1oWc-DwVuwgcwzpU0u_8CC44e7tfUJi4o2UmqTPnr2i5iT2rWNU16VRSvLHoB5bzeq38uaRidwbP4LKJAaIyqUnVLKFJ1AKav5PeD4BWf3a83yqohAMxH-Xk3OwnIyIRT6tocvhaEqC4oPKNwczpwPHVB0d_c2i087rtJ7iKljJSKsgML4EX1Kw7s975zE2O2HrZV07TYMnK077ug6r8JqXUny7ow2V0147_BXzBtQw2m4fbTOBVuX2Stud6e33d-jOaNxGk1f2pMlDaPKxIlbDuNeV6XF03h1iErPyxcQvHPv_fxZrowAkvDGIkClchjwLoOera1tnwox54vqri3sD1BGIdLPQ%252C HTTP 302
- https://dratingmaject.com/932e3593-8acc-478b-ba74-1d35f2980891?campaign=347578620&ban=23669442&ssp=Adcash&zone=3783451&advertiser=46784&country=DE&org=31173%20Services%20AB&platform=Windows%2010&ip=185.213.155.157&device_make=Unknown&redirection_cost=0.001&clickid=168929391210000TDETV431177839654V22 HTTP 302
- https://bf233.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5NTg5OSIsImxhbmRlcl9pZCI6IjE0OSJ9&click_id=wtblgr012uqqug4qi5cok0ma&subid=63aeb5c6-0370-4fff-889d-a24fee20db64
- https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
- https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AeDOFXiHNnpSbsnulcMMwRzVh6M2UUvokufKTFsMRf9tFy6L1wD90JxXkY4D3aXukj3s-8_JKqhD HTTP 302
- https://accounts.google.com/v3/signin/identifier?dsh=S2114591641%3A1689293913370494&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXhr5YtaI8IHcyhXnqSMgqs1w14T9BrRqR24i5ojKoF7zMHEjuoLRA-J8Q3E0Ah-kaNnKLl15w&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
- https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
- https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeDOFXifTgyyHFrb_qE94hTBAiPe9pggXLCWv74kl8w6BjrW-W70DZoeWLAafy5tqDx2VFM8nW7zhg HTTP 302
- https://accounts.google.com/v3/signin/identifier?dsh=S-737591807%3A1689293913393615&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXgjpkS7oxrcXl0on7d5JizZmjO-mX2fIaW84Keb657apJ5X9a5X0FG_BGyGttVS7bvAwSEePA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
- https://www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 302
- https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
24 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
next.php
www.dexpredict.com/jump/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
smartlink
bf233.trknovi.com/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
bf233.trknovi.com/smartlink-css/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
bf233.trknovi.com/smartlink-css/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
64b09458be620635c40e3e4e
other.landerhd.com/ Redirect Chain
|
10 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
00013.png
other.landerhd.com/landingpages/avira-expired/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
00012.png
other.landerhd.com/landingpages/avira-expired/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fp.min.js
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ |
33 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
botd.min.js
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.php
www.facebook.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
identifier
accounts.google.com/v3/signin/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
identifier
accounts.google.com/v3/signin/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login
www.dropbox.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login
accounts.spotify.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
4 KB 5 KB |
XHR
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lg0034.png
other.landerhd.com/img/ |
6 KB 6 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
check009.gif
other.landerhd.com/img/ |
6 KB 6 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
detect
botd.fpapi.io/api/v1/ |
339 B 682 B |
Fetch
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
4 KB 5 KB |
XHR
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
0 956 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
0 954 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
0 958 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
0 953 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
64b09458be620635c40e3e4e
novidash.com/smartlink-css/ |
0 955 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| dayNames object| monthNames object| now string| back_url string| visit_id string| mongo_id string| domain function| activityWatcher function| leakSocialMediaAccounts function| displayResult undefined| mousePos undefined| previousPos object| mouseLog object| mouseClickLog number| mouseMovements number| mouseDistinctMovements number| mouseDistance number| mouseClicks number| mouseActive number| mouseActivePercentage number| mouseSpeed number| mouseSpeedTotal number| mouseTime number| secsOnPage number| pingInterval function| initFingerprintJS function| initBotd object| Botd object| FingerprintJS12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .dratingmaject.com/ | Name: 932e3593-8acc-478b-ba74-1d35f2980891-v4 Value: w0Q5-OQYtx1obhAFqF1pSAcnXiXCAeQFQTuXTdVlMws |
|
| .dratingmaject.com/ | Name: cc-v4 Value: 4Nef7IEG7A61FrYgv9cwpYz1x4PrAPWQW%2BcwxgUekJ6sOh%2Bsgf2EHmDg4NizSaFToXY8sOlSpUCKmADcHMrOxV1E8VqpT9qpR22us%2FY8ndUtfAiw%2FQ53VpdwEiYHm%2BkD9If5xU0tuZGW1lCigiRrcA%3D%3D |
|
| bf233.trknovi.com/ | Name: XSRF-TOKEN Value: eyJpdiI6ImRMWVlteGxKOXVIVHh3VWNncEJpc2c9PSIsInZhbHVlIjoiRC9oNDl3Z3VsR3M4K2lqdUZZdWVOelh4L2RjYnY0OGFzVjF4bkVsaXpYc25DVWpuSnRIY2ovWWQvN2JuY3F1OXR1enBrSDd1ZkNWcEhIY0pvODd4Qi9saWJ1Wjh5RjhPMTBnOTJhRHZUSmFXamFvUkFWSGs3YjFrZXNiV2Q0a0IiLCJtYWMiOiJhZTU2YmYwMDljMmM1ZDVkY2I5ZTY5MzRiZTcxOWYyNTZiNDg0YjIzZWQyMTNjY2RkZjRjN2NmMTE2ZTRmM2U0IiwidGFnIjoiIn0%3D |
|
| bf233.trknovi.com/ | Name: novidash_session Value: eyJpdiI6InllYnhHYUZYbDdMQjA3Z3E5OExQUFE9PSIsInZhbHVlIjoiY1pjU2VwWjVlQnFiVC9mMmlHNWIyVklVcW5aMEZoS1NXR3N2OXRBRzJRNXRZdktGL1NhWlZER2lITExCZ3loLzlVQVdUUGpFNnh0b2RsMjBBY2tCcGFpaUEvay9xUGw4bzhCdVdtWUdaaG1wZWNwUCs4TkFnT011OWN6emorWWEiLCJtYWMiOiI4M2Y4NDg0MGFhYWY4YWYzOGZlODUwNDYwZTNhNzVlMDgwOGM3MTg4MDIxOTUxOTFhZmU2MTI4ZmY4OTQ4MjAzIiwidGFnIjoiIn0%3D |
|
| other.landerhd.com/ | Name: XSRF-TOKEN Value: eyJpdiI6IlJXZlhEMDhxNkpEVmpDdGIveXhwckE9PSIsInZhbHVlIjoiWlpiVVVVbjlVSWM2MHozMlBvWGtQWEdqWFRnS0VtQ1VnZUNLL0hmZmd3ZFAzaHJtMzR3MWJWOGtsRk8zSFBsbUhnQVlvRDJEbE9YdjFiaTRoL1FReW16TUI3MDh3cDZ0VXl4OWxjajYvZVhoM294ZzZKd3BxMitVOHpkYTJ6L3ciLCJtYWMiOiIwOWYyNTlmYWFhNzFkMWRmOTVhYjNjMTE1ZjUyY2M2Njc0OWNiNzAwZGMwMWE0ZmE5MWFmYmNlMzM0ZjNjYTIyIiwidGFnIjoiIn0%3D |
|
| other.landerhd.com/ | Name: novidash_session Value: eyJpdiI6IkV2QkU1VFVlUUp4ekUyQWJVczdhdGc9PSIsInZhbHVlIjoiMUIvVkpBcm5paFBaVGhMQ1dzanEyTlYyVzNxdDZrN3k4aGtkRkpIcUMvMXNPUGM1S28wZmFNUFc1TCtyc3IvUHZFQkVlWFltTVk0T1hMRlZYNW1hZXo2RStBQis4bm44cDk5RkVYNUhJM1lETlVKNk42NlpFazVuQWt6cTdPU20iLCJtYWMiOiJkOGE1NzU0MjE4Mjg0YzY0MGM1NzQ1YzJlZTE3ZDYzYzQxNGFlMTc1YzFmODI3MDM2NzA5ZjRiMDE2ZDljZWI5IiwidGFnIjoiIn0%3D |
|
| .accounts.spotify.com/ | Name: __Secure-TPASESSION Value: AQBPALdzFsC7L2KxnCirtVXcwTcKcq3ZV6dFLCpWxO1c+noY7EOu8wUpc1zC9coat5g/TFP06duUkZu6bx4OYuD+oQudpIlGSFA= |
|
| other.landerhd.com/ | Name: botd-request-id Value: 01H58W6ZFP2JV93TKKFZMSN6YX |
|
| www.dropbox.com/ | Name: gvc Value: MTczMTQ4NzkwODM1MzIyOTcxNTkzOTkxODE5NDMzNjgzMDc3MzI5 |
|
| .dropbox.com/ | Name: t Value: yoxPVVwIgmAKaphZMwX9qRZ6 |
|
| www.dropbox.com/ | Name: __Host-js_csrf Value: yoxPVVwIgmAKaphZMwX9qRZ6 |
|
| .dropbox.com/ | Name: locale Value: de |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
accounts.spotify.com
bf233.trknovi.com
botd.fpapi.io
cdn.jsdelivr.net
dratingmaject.com
novidash.com
other.landerhd.com
www.dexpredict.com
www.dropbox.com
www.facebook.com
www.spotify.com
18.195.149.11
188.240.52.20
2600:1901:1:c36::
2620:100:6022:18::a27d:4212
2a00:1450:4001:802::200d
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:200::485
35.201.90.210
54.88.16.22
3efca6b842b368aa4a3dc79fe7b036bb5596f1b0683fa0ba2bae1080813cfb22
52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3
561d898ddc9255bc8d5c4e1eb41d5f4e30638f3e48d6a04b16c118327786c5e7
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
97cb949f76141490a12cd87226db38a62f9b8713980ffec83676f171d5be439b
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9b3af398b381f6d8468dd65166755d065b136fe48d13d9020488a5d5323e1ff2
e1c1197542245cad6f55ce91299dd16ebe69920245fa15dffff57591301c482f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb291b62714a46e5fbfb1a906a950493a0a922146fb65901af089014f814ec8d