www.cleafy.com Open in urlscan Pro
34.253.101.190 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Submission: On October 05 via api (October 5th 2022, 2:10:24 am UTC) from MY — Scanned from DE

Summary HTTP 68 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 14 domains to perform 68 HTTP transactions. The main IP is 34.253.101.190, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.cleafy.com.
TLS certificate: Issued by R3 on September 27th 2022. Valid for: 3 months.

This is the only time www.cleafy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	34.253.101.190 34.253.101.190	16509 (AMAZON-02) (AMAZON-02)
16	2600:9000:205... 2600:9000:2057:3200:11:3b84:d200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:b849	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	99.86.1.78 99.86.1.78	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80e::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2.19.37.157 2.19.37.157	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.18.169.149 2.18.169.149	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:400d:807::2003	15169 (GOOGLE) (GOOGLE)
2	192.81.221.184 192.81.221.184	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2606:4700::68... 2606:4700::6810:5705	13335 (CLOUDFLAR...) (CLOUDFLARENET)
68	18

1 34.253.101.190 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-101-190.eu-west-1.compute.amazonaws.com

www.cleafy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2600:9000:2057:3200:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b849 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.1.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-1-78.fra6.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.19.37.157 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-37-157.deploy.static.akamaitechnologies.com

cdn.iubenda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.iubenda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.169.149 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-169-149.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:400d:807::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.81.221.184 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

hits-i.iubenda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5705 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	gstatic.com fonts.gstatic.com www.gstatic.com	652 KB
16	website-files.com assets.website-files.com — Cisco Umbrella Rank: 20206	10 MB
10	iubenda.com cdn.iubenda.com — Cisco Umbrella Rank: 16094 www.iubenda.com — Cisco Umbrella Rank: 19539 hits-i.iubenda.com — Cisco Umbrella Rank: 18275	133 KB
6	google.com www.google.com — Cisco Umbrella Rank: 19	90 KB
5	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2293 m.addthis.com — Cisco Umbrella Rank: 2326 api-public.addthis.com — Cisco Umbrella Rank: 5190	217 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 8144 perf.hsforms.com — Cisco Umbrella Rank: 20192	3 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 129	133 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 485 fonts.googleapis.com — Cisco Umbrella Rank: 118	7 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 2710	785 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2144	347 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 620	1 KB
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	30 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 12611	147 KB
1	cleafy.com www.cleafy.com	12 KB
68	14

	Domain	Requested by
16	assets.website-files.com	www.cleafy.com assets.website-files.com
10	www.gstatic.com	www.google.com www.gstatic.com
7	cdn.iubenda.com	www.googletagmanager.com cdn.iubenda.com
7	fonts.gstatic.com	fonts.googleapis.com www.google.com
6	www.google.com	js.hsforms.net www.gstatic.com www.google.com
3	s7.addthis.com	www.cleafy.com s7.addthis.com
2	hits-i.iubenda.com	cdn.iubenda.com
2	forms.hsforms.com	js.hsforms.net
2	www.googletagmanager.com	www.cleafy.com www.googletagmanager.com
1	perf.hsforms.com	www.cleafy.com
1	api-public.addthis.com	s7.addthis.com
1	www.iubenda.com	cdn.iubenda.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	region1.google-analytics.com	www.googletagmanager.com
1	z.moatads.com	s7.addthis.com
1	fonts.googleapis.com	ajax.googleapis.com
1	d3e54v103j8qbb.cloudfront.net	www.cleafy.com
1	js.hsforms.net	www.cleafy.com
1	ajax.googleapis.com	www.cleafy.com
1	www.cleafy.com
68	21

This site contains links to these domains. Also see Links.

Domain
www.iubenda.com
twitter.com
www.linkedin.com
iunocreative.com

Subject Issuer	Validity	Valid
www.cleafy.com R3	`2022-09-27` - `2022-12-26`	3 months	crt.sh
*.website-files.com Amazon	`2021-11-12` - `2022-12-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.iubenda.com DigiCert SHA2 Secure Server CA	`2022-01-31` - `2023-01-31`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.iubenda.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-14` - `2023-02-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Frame ID: 780249CB943B184EC14A2095DD64F614
Requests: 45 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 2D37C27538EFEE3897B6092A0C35F371
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 399ED0C1D859230C3572901CF82040D7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuY2xlYWZ5LmNvbTo0NDM.&hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&size=invisible&badge=inline&cb=o6xaoafw0h53
Frame ID: DBB2B50DBA4A7B76CF87D09EA22E7791
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: F94D92FD464511EDF4D05B6A45341F8B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SOVA malware is back and is evolving rapidly | Cleafy LabsLinkedInFacebookTwitter

Detected technologies

AddThis (Widgets) Expand

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Iubenda (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

iubenda\.com/cookie-solution/confs/js/

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

68
Requests

99 %
HTTPS

65 %
IPv6

14
Domains

21
Subdomains

18
IPs

5
Countries

11223 kB
Transfer

14595 kB
Size

7
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.iubenda.com/privacy-policy/31282315
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://twitter.com/cleafy

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cleafy/

Search URL Search Domain Scan URL

URL: https://www.iubenda.com/privacy-policy/31282315/cookie-policy
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: http://iunocreative.com/
Title: Design by IUNO

Search URL Search Domain Scan URL

URL: https://www.iubenda.com/privacy-policy/31282315/cookie-policy?an=no&s_ck=false&newmarkup=yes
Title: cookie policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

68 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sova-malware-is-back-and-is-evolving-rapidly Show response
www.cleafy.com/cleafy-labs/ 38 KB
12 KB 211ms
82ms Document
text/html 34.253.101.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.253.101.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-101-190.eu-west-1.compute.amazonaws.com

Software

openresty /

Resource Hash

7347d2a17d111cc9430673c9a2562311cb10c537573e5d35fe43b85dc3334cd3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 53516
content-encoding: gzip
content-length: 11775
content-security-policy: frame-ancestors 'self'
content-type: text/html
date: Wed, 05 Oct 2022 02:10:18 GMT
server: openresty
vary: x-wf-forwarded-proto, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 4, 1
x-cluster-name: eu-west-1-prod-edge-blue
x-frame-options: SAMEORIGIN
x-lambda-id: 49c2897f-4a30-44c9-8114-689104e18788
x-served-by: cache-iad-kjyo7100149-IAD, cache-dub4345-DUB
x-timer: S1664935818.054086,VS0,VE1

GET
H2 200 cleafy.a3fd12c5b.css
assets.website-files.com/6020129a813fe0c8f1e8053e/css/ 191 KB
28 KB 221ms
101ms Stylesheet
text/css 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 14331ec85ea77c3a2fa6012876323a5762d6ad11aca18803dc8f4d728c0f4ff3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: LO7VTVzwjJiOrrWi2qFBS6y5LmNbxVPp
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
date: Wed, 05 Oct 2022 02:10:18 GMT
age: 79507
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 27883
last-modified: Wed, 28 Sep 2022 10:20:40 GMT
server: AmazonS3
etag: "29c133532644130648ba5e53920b8b70"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: qRsfT5ExCRJWc02alxWd0zARDY-NR9_pZFxKJvDHr-6Eh5ZwfpYeZw==

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 13 KB
6 KB 128ms
34ms Script
text/javascript 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 22:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 22:33:04 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 585 KB
147 KB 294ms
235ms Script
application/javascript 2606:4700::6811:b849
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b849 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d046e4d678e786ce2b1b678831d922df3a4bbc9f09b3d62e86e4a4e59d2c1edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:18 GMT
x-amz-version-id: uMshbzZrXXg0lQJUXLSuqS6CmMiCACqg
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
cache-tag: staticjsapp-FormsNext-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 04 Oct 2022 08:44:35 UTC
server: cloudflare
etag: W/"dbfa791df9cd31037aab20a93b3d7562"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=USkJVezFSwaDhmrKYWO%2FPsGDG6pVm4zB33tIG9mgeQynK6gM3UMZiSpIWxGEl%2F%2FnGwNy340TBgS9uWFSRDzCISVfFZNJ%2F13Dyu4YCuNKy74YAvIzaB%2FKLTnB2%2FZoXB0y4lwgvpUL9ryVHLsi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
cf-ray: 75529ebfadbe9bc2-FRA
x-amz-cf-id: o-CBRMhV8xulhdTGgeuZII2HF7fSh9_nNi1AuUH_-B4_ZZCJt34Ryg==
x-hs-target-asset: FormsNext/static-5.539/bundles/project_with_deps.js

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 472ms
22ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Wed, 05 Oct 2022 02:10:18 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
x-host: s7.addthis.com
content-length: 116440

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
30 KB 73ms
23ms Script
application/javascript 99.86.1.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6020129a813fe0c8f1e8053e
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.1.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-1-78.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://www.cleafy.com/
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 05:04:09 GMT
content-encoding: br
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
age: 76006
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: PXQ3AsyjFZFcXgSkuLjMcnofw5G_fxJkYJ3_kbgOYvAoxYPsDKDb_g==

GET
H2 200 cleafy.89773f999.js Show response
assets.website-files.com/6020129a813fe0c8f1e8053e/js/ 644 KB
149 KB 243ms
125ms Script
text/javascript 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/js/cleafy.89773f999.js
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7ef1a7d84061ccedd441b7eb0ccdf1f7ceaadd0b63bc164344a797c90bf1542c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: XiCU0fTHgR.w1quk43TkTzGh6Kt7kXHR
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
date: Wed, 05 Oct 2022 02:10:18 GMT
age: 21346
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 152073
last-modified: Wed, 28 Sep 2022 10:20:40 GMT
server: AmazonS3
etag: "2c2470e4d5eec0097a953b4995a99b9f"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: wvQ31JKxwU6Tv9vyQpCkvEtnXL3ZfzJS-4UtDMGjsoCIzj9mVa_cjg==

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 75ms
29ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b0954ee834fe0437011e04648fda6aeee8f6566a4d1dfc641df2a77d108739c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 02:10:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 02:10:18 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 162 KB
60 KB 149ms
63ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M

Requested by

Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da1ce2a65e85ed424f9dd532945b577c6fb284b3a6d30872583b74c3996a681b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60862
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Oct 2022 02:10:18 GMT

GET
H2 200 603117052cc81e528c4fd72f_GTEestiProDisplay-Light.woff2
assets.website-files.com/6020129a813fe0c8f1e8053e/ 41 KB
42 KB 62ms
24ms Font
application/octet-stream 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/603117052cc81e528c4fd72f_GTEestiProDisplay-Light.woff2
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 94fb2ae6928aefdec5405cc1bca32a34347239bd7fe3418e3904e4f98f0ba3a5

Request headers

Referer: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 22:57:58 GMT
x-amz-version-id: pk_YZGXum6L6ZkTNlCsEQQn8zhioTJzw
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
age: 3208341
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 41940
last-modified: Sat, 20 Feb 2021 14:04:54 GMT
server: AmazonS3
etag: "96e02965bacb4ba8b044af36e3bc94a8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: AhobteVrxMFCX1luc9VOZ7gm5iP8tcBLtQTRFrpHpAiYpshTLYufJg==

GET
H2 200 6059fd81ed4a6c1673c8f579_CleafyIcon.ttf
assets.website-files.com/6020129a813fe0c8f1e8053e/ 2 KB
2 KB 59ms
21ms Font
application/x-font-ttf 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/6059fd81ed4a6c1673c8f579_CleafyIcon.ttf
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 982ec121721fb8c8ec7de5fdc9b4880110192ec150fcfda12484537fac62498b

Request headers

Referer: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 07:10:43 GMT
x-amz-version-id: yyXB.LeBb3pAPhefeXi3e_lcW9drRqON
content-encoding: br
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
age: 3092376
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 23 Mar 2021 14:38:58 GMT
server: AmazonS3
etag: W/"fe780be1587854651c5451b56860fee3"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: XehPPsmsdqg9CBngJqNL98VIQ2YaDUyXOb8knh1G-nUn4KcL8gCLiA==

GET
H2 200 603117053286abe3054b54d2_GTEestiProDisplay-Medium.woff2
assets.website-files.com/6020129a813fe0c8f1e8053e/ 46 KB
47 KB 81ms
43ms Font
application/octet-stream 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/603117053286abe3054b54d2_GTEestiProDisplay-Medium.woff2
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f72fc7b86c86a7d8d3cae046fd215c4361da587a14f349d9c3988493b4b4a6c

Request headers

Referer: https://assets.website-files.com/6020129a813fe0c8f1e8053e/css/cleafy.a3fd12c5b.css
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 06:38:22 GMT
x-amz-version-id: u_Ron.YChjepndS.tcvKiYIzP_F4HT.0
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
age: 502317
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47336
last-modified: Sat, 20 Feb 2021 14:04:55 GMT
server: AmazonS3
etag: "87aa36bb9e19fe40ca9db1275a570d0f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: CwTXQhwbssNP7okfvuKR-77U056X6ApVihKOM6bVz_ez-3Y7OgD34A==

GET
H2 200 6031121f73c6a32184bd3db3_Cleafy-white-logo.svg
assets.website-files.com/6020129a813fe0c8f1e8053e/ 2 KB
1 KB 44ms
43ms Image
image/svg+xml 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/6031121f73c6a32184bd3db3_Cleafy-white-logo.svg
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ddc34e46b62ef6dbb9c1c98933525325d5d36a828d1eabe7e7a6b28549fc4c98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 00:32:16 GMT
x-amz-version-id: .lpfcksy.mCvYWiviUxP39HvGdnoiccO
content-encoding: br
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 2338683
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 20 Feb 2021 13:44:00 GMT
server: AmazonS3
etag: W/"fe0b41338df6fb8abbc09edc5619307b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: kMohmec2JQrN-qwMgT43bSCIIyqI9GXOz2wsSAz3AL3d8ReZ1foLIw==

GET
H2 200 60b5585b6689a33061c9c75d_C_Labs_Octanium.svg
assets.website-files.com/6020129a813fe0c8f1e8053e/ 2 KB
1 KB 37ms
36ms Image
image/svg+xml 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/60b5585b6689a33061c9c75d_C_Labs_Octanium.svg
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: abc5a0dfe4d07a6e3c5cf11e90abfdd994e3db90a27414568366f72ac50e84db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 02:29:07 GMT
x-amz-version-id: QXh4bIsT_7qVfNe71wvJ2nfDf31fD5uT
content-encoding: br
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 2331672
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 31 May 2021 21:42:52 GMT
server: AmazonS3
etag: W/"4a5f4548e1c5e1b08a80d9d969067453"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: 5FYknnFhFs8aCxarMxXHZQrxYp7Kx3gZEOIW6r4AmJ8T7j1Ixin7SA==

GET
H2 200 QlddNThLqRwH-OJ1UHjlKENVzkWGVkL3GZQmAwLyya15.woff2
fonts.gstatic.com/s/inconsolata/v31/ 31 KB
32 KB 65ms
19ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inconsolata/v31/QlddNThLqRwH-OJ1UHjlKENVzkWGVkL3GZQmAwLyya15.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d5476afa39f08490e9c4e1844eb25fd5c1fd71169e360b44e1398ee5ecece40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 07:54:05 GMT
x-content-type-options: nosniff
age: 65773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31760
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:59:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 07:54:05 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
fonts.gstatic.com/s/robotomono/v22/ 12 KB
12 KB 85ms
39ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v22/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inconsolata:400,700%7CRoboto+Mono:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7295944e0067d71c5d5276d397dc0299afb519f277ba644aec0b96343e4185d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 02 Oct 2022 21:56:21 GMT
x-content-type-options: nosniff
age: 188037
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12312
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:56:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 02 Oct 2023 21:56:21 GMT

OPTIONS
H2 200 json
forms.hsforms.com/embed/v3/form/3993512/49715d06-021d-41f7-b4fa-d8074b24ac74/ Frame 0
0 192ms
134ms Preflight
text/plain 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/3993512/49715d06-021d-41f7-b4fa-d8074b24ac74/json?hutk=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: GET
Origin: https://www.cleafy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: x-requested-with
access-control-allow-methods: OPTIONS, GET
access-control-allow-origin: https://www.cleafy.com
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 75529ec20e0b9118-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Wed, 05 Oct 2022 02:10:18 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-hubspot-correlation-id: f31375a1-b421-4aa8-8b67-7ece0ef9c6ea
x-robots-tag: none
x-trace: 2B39DA85933F3DEEAC820F7D0DAF1861E5FB387D8F000000000000000000

GET
H2 200 json Show response
forms.hsforms.com/embed/v3/form/3993512/49715d06-021d-41f7-b4fa-d8074b24ac74/ 7 KB
2 KB 369ms
369ms XHR
application/json 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/3993512/49715d06-021d-41f7-b4fa-d8074b24ac74/json?hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1e192f72c5d5910b1e70d5b0876edd4c8efba3e843533f3c6aade6ad6c8743b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript
Referer: https://www.cleafy.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-origin-hublet: na1
date: Wed, 05 Oct 2022 02:10:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 04a99f4c-2a7e-41bd-9222-62f2748dc25d
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2B63875A6280327D63BF80BB2F7E8A0D58F7997DC5000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cleafy.com
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 75529ec44f7f9118-FRA

GET
H2 200 62f3a9c94737ca2d9aa7d029_1.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 846 KB
847 KB 24ms
22ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3a9c94737ca2d9aa7d029_1.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1503658367127cc4c649f705228aa8d85807391d3944e9fd268f698d3e81230b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 05:54:27 GMT
x-amz-version-id: rXK2bulX3yRQGz8J68PwiOL0YGsv_X1L
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 1023352
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 866020
last-modified: Wed, 10 Aug 2022 12:51:23 GMT
server: AmazonS3
etag: "4fd8afc1af3adbdcd86497b8eb1f1e8d"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: OjHRH4f9N5SipxU4ElUlBv-MxTZV-AQiPfQXSrHi5v4jijirrpgzxA==

GET
H2 200 62f3a9f00425f75dbbd3f8fa_2.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 1 MB
1 MB 46ms
44ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3a9f00425f75dbbd3f8fa_2.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b33ec8541d497fa4e6fba96d81cdb28efd2229a64bec6a0ba44ccccaee7bb27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 06:11:03 GMT
x-amz-version-id: gtcfCwWPMI0ALm7Zpe3i1YD1eVb7ZXEX
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 1627156
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1145064
last-modified: Wed, 10 Aug 2022 12:52:02 GMT
server: AmazonS3
etag: "2c010571cd45f961725d2379f78ab4b6"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -a--zvSaa_Rfq7XJDY8jvjZ9io-foYmqo65eXmaJf6iU3AfT-KVBrw==

GET
H2 200 62f3aa157a81191e8bf7ba8d_3.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 639 KB
640 KB 35ms
34ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3aa157a81191e8bf7ba8d_3.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 26b893dd303325a2e525941dd75c1d0fa37be2f53853667c552a34356a380163

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 03 Sep 2022 06:29:39 GMT
x-amz-version-id: ynLbB_imF_D06TXj.z.7y3gVkoNlN53s
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 2749240
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 654152
last-modified: Wed, 10 Aug 2022 12:52:38 GMT
server: AmazonS3
etag: "ed8119fdcb946233a32f124b25ac258b"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: qk0_zc5DIvw02ofMERmt1Rjal5G6M_Raz4CEC_vXVJAYpWp7bitj7A==

GET
H2 200 62f3aa457a81196faaf7d952_4.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 3 MB
3 MB 76ms
74ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3aa457a81196faaf7d952_4.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0f7a639dc16e6009207fca29c8bf4c0c534dd6af37638fbabf497a1f5d77db8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 06:44:14 GMT
x-amz-version-id: 4h4j7OT_mGt4iMEWHbA7PTb_laCIFJFK
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 3525965
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2750926
last-modified: Wed, 10 Aug 2022 12:53:26 GMT
server: AmazonS3
etag: "82cf10de919facce3b43ce47d30dd1a7"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -bPx-6Cv4Cuc6xmOYSZajppO8OpErNa_fN0Wqr-Ur9wv7ZnvOxwt2g==

GET
H2 200 62f3aa31149a0911b664a8e4_5.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 727 KB
728 KB 63ms
62ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3aa31149a0911b664a8e4_5.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54a4c9772d4cd5ec4be769e3db588a4a9e0ab90d0157bfacf8ddf5542defd808

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 06:11:10 GMT
x-amz-version-id: G8B2gIjD_g2TnBwFy4zR8RdtF9Q9Z9ij
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 1627149
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 744140
last-modified: Wed, 10 Aug 2022 12:54:30 GMT
server: AmazonS3
etag: "601cdddbcd7ee233b8a9bd82497cedc9"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: n-DnBHTbmYDRylAQLKGoIIlSKIPavHW_yIXuASZGLOb30wLxWehQ2A==

GET
H2 200 62f3aa9e7505752ce71f534e_6.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 805 KB
807 KB 65ms
64ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3aa9e7505752ce71f534e_6.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e14b85fcfc743aee53464dc0908a44dba858a1292903a4e3e803d8bcff63bf58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 06:44:15 GMT
x-amz-version-id: rQG4pLQV4K5s24cDasOYP0WP6Bis7CMm
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 3525964
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 824695
last-modified: Wed, 10 Aug 2022 12:55:55 GMT
server: AmazonS3
etag: "66abd4e50a1a8f381a7e620727e78d1c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: svEHp_R6IAFFZOD2Idze-NSQuGPkAAJ71ymlmrg67Nu64McbhlRgtA==

GET
H2 200 62f3aafb56dac93a716fac43_7.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 2 MB
2 MB 72ms
71ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3aafb56dac93a716fac43_7.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 696ca750acc5eb583152a7de113eac009bf5551a8a7ca286ed4c2ac7b60e260d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 10:30:00 GMT
x-amz-version-id: W3W8Hp.CXrwvhvLe0.wl1Hr8RPgTSKku
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 2389218
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2156104
last-modified: Wed, 10 Aug 2022 12:56:28 GMT
server: AmazonS3
etag: "e3b508b9205f132dbd62048b41349899"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: t_KDRLXm25J4YFL7DUjiJ6NOI-ZfDARvs9X4wnczicgr1_hfGcloGw==

GET
H2 200 62f3ab284d783d7c0bc7fefc_8.png
assets.website-files.com/60201cc2b6249b0358f70f8a/ 580 KB
581 KB 68ms
67ms Image
image/png 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/60201cc2b6249b0358f70f8a/62f3ab284d783d7c0bc7fefc_8.png
Requested by: Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b9cf0bb20a1cef757918df5638a0130f3823ec42206246ae006aa227005f9196

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 10:30:00 GMT
x-amz-version-id: zMwEgNRrt__AKkYTQ4Krdd9ZCpOqguh8
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
age: 2389219
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 593944
last-modified: Wed, 10 Aug 2022 12:57:13 GMT
server: AmazonS3
etag: "c46ac295844e2c5abc73c83790bdfd32"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: lI8zB3-EafTjRTg0cmF1eh_3dvElkqsMKKOvJGRD6MdB2xXTu4Vwcw==

GET
H2 200 stub-v2.js Show response
cdn.iubenda.com/cs/tcf/ 2 KB
1 KB 182ms
64ms Script
application/javascript 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cs/tcf/stub-v2.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ab0bd19ed5ad90fb72819af221441e8a88091304b4d41b247b0dced128798935

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-3b1"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, must-revalidate, proxy-revalidate, max-age=10800
content-length: 945
expires: Wed, 05 Oct 2022 05:10:18 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 209 KB
73 KB 69ms
68ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XXDJEBQ2SP&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d95582899fa2f256da7500086e7fad1592906a0858f82c168997e344d2f27924

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75119
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 05 Oct 2022 02:10:18 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 155ms
38ms Script
application/x-javascript 2.18.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.169.149 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-169-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 90E4C649EC2791A2
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=37858
accept-ranges: bytes
content-length: 948
x-amz-id-2: s7P8vL41/fxK7Z72sSr+w+fWeUkRU9GZNSJffmlYyUipZflCfArs3wFqFR5Ovb9H68B2kWSlazs=

POST
H2 204 collect
region1.google-analytics.com/g/ 0
347 B 74ms
26ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XXDJEBQ2SP&gtm=2oea30&_p=671285725&cid=312391302.1664935819&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=1&sid=1664935818&sct=1&seg=0&dl=https%3A%2F%2Fwww.cleafy.com%2Fcleafy-labs%2Fsova-malware-is-back-and-is-evolving-rapidly&dt=SOVA%20malware%20is%20back%20and%20is%20evolving%20rapidly%20%7C%20Cleafy%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XXDJEBQ2SP&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 02:10:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cleafy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-60ba4de6ccd96e1e/ 2 KB
785 B 245ms
232ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-60ba4de6ccd96e1e/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7cc5d218479e076d814547e2c5d5309e6b7d9e019a6256b1ae1ecd0dd08c9c2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: gzip
etag: 2018696574--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 609

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 455ms
157ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=633ce78ad3d6c407&bkl=0&bl=1&pdt=217&sid=633ce78ad3d6c407&pub=ra-60ba4de6ccd96e1e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.cleafy.com&fp=cleafy-labs%2Fsova-malware-is-back-and-is-evolving-rapidly&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1664935818818&jsl=1&uvs=633ce78a7809b81a000&skipb=1&callback=addthis.cbs.jsonp__77318262400409640
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 910a62f751b890279d0c9776da5ec248e270518edbdaf28e7ef1f9192b5f7da4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 02:10:19 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 2D37 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 399E 71 KB
26 KB 24ms
23ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.cleafy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Wed, 05 Oct 2022 02:10:18 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 61001195712379681c733bde_lf30_editor_vybrwrxp.json Show response
assets.website-files.com/6020129a813fe0c8f1e8053e/ 3 KB
1 KB 20ms
20ms XHR
application/json 2600:9000:2057:3200:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/61001195712379681c733bde_lf30_editor_vybrwrxp.json
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/6020129a813fe0c8f1e8053e/js/cleafy.89773f999.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 02dbd6b05946a22b670a3677b968a9e8b467d4507217562f123c10e9e3bcaaf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 00:52:34 GMT
x-amz-version-id: iiagosPkoXkUz3GKibFLPcIPzhyVqBIR
content-encoding: gzip
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
age: 3374264
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Jul 2021 14:00:54 GMT
server: AmazonS3
etag: W/"1a13788b75f37b770190c0da28e99537"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: RsXlKT7MiBIQnL6wh0l-DgiOSir_mM2CReYOV7KtWh6hcfmojtKKtQ==

GET
H2 200 stub.js Show response
cdn.iubenda.com/cs/ccpa/ 4 KB
2 KB 21ms
20ms Script
application/javascript 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cs/ccpa/stub.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bd14ceebd0845b680acf4be88fcca7dcac9b09ef366c8828ed7fb65073ebc385

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-5f7"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, must-revalidate, proxy-revalidate, max-age=86400
content-length: 1527
expires: Thu, 06 Oct 2022 02:10:18 GMT

GET
H2 200 iubenda_cs.js Show response
cdn.iubenda.com/cs/ 597 B
564 B 21ms
21ms Script
application/javascript 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cs/iubenda_cs.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WF5KQ9M
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ac64d2087d19437b30634ce592ad8db5c5760ccc5d2de77940f1f869a08f44ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:18 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-135"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, must-revalidate, proxy-revalidate, max-age=10800
content-length: 309
expires: Wed, 05 Oct 2022 05:10:18 GMT

GET
H2 200 core-en.js Show response
cdn.iubenda.com/cookie_solution/iubenda_cs/1.41.0/ 283 KB
58 KB 20ms
20ms Script
application/javascript 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.41.0/core-en.js
Requested by: Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cs/iubenda_cs.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bbbeb23863f2fae2a3ec158ce3755ba2614b3677e316cd03151996781a743896

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-e6ff"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, must-revalidate, proxy-revalidate, max-age=31536000
content-length: 59135
expires: Thu, 05 Oct 2023 02:10:19 GMT

GET
H2 200 tcf-v2-0.18.1.js Show response
cdn.iubenda.com/cs/tcf/versions/ 106 KB
21 KB 22ms
21ms Script
application/javascript 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cs/tcf/versions/tcf-v2-0.18.1.js
Requested by: Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.41.0/core-en.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1d767c17a18a3563079d7c5cf129d815f1aaf88c854faf6d2f670afa9d080aec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-53c9"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, must-revalidate, proxy-revalidate, max-age=31536000
content-length: 21449
expires: Thu, 05 Oct 2023 02:10:19 GMT

GET
H2 200 31282315.js Show response
www.iubenda.com/cookie-solution/confs/js/ 115 B
486 B 44ms
36ms Script
application/javascript 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.iubenda.com/cookie-solution/confs/js/31282315.js

Requested by

Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.41.0/core-en.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-19-37-157.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

60f4bcaa051d731e2b2f115766b544a5e07a5e3c8d9fe46e908ba2a098e6e794

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
access-control-request-method: *
content-encoding: gzip
date: Wed, 05 Oct 2022 02:10:19 GMT
content-length: 105
last-modified: Fri, 29 Jul 2022 10:30:58 GMT
server: nginx
etag: "62e3b6e2-73"
vary: Accept-Encoding
access-control-allow-methods: POST, PUT, DELETE, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Thu, 06 Oct 2022 02:10:19 GMT

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 1008 B
1023 B 80ms
30ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

46bb9e35692679c2ef79cbecf203f57c4f787510a76e98994176cfdfd22b8299

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 611
x-xss-protection: 1; mode=block
expires: Wed, 05 Oct 2022 02:10:19 GMT

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 23ms
23ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Wed, 05 Oct 2022 02:10:19 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H2 200 vendorlist.163.json Show response
cdn.iubenda.com/cs/tcf/v2/ 360 KB
36 KB 59ms
20ms XHR
application/json 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cs/tcf/v2/vendorlist.163.json
Requested by: Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cs/tcf/versions/tcf-v2-0.18.1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: dfcd31bc0cf58efb2386fba827a5b4d9854e1475d4c51746d63401fcc5b354a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-903e"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/json
cache-control: public, must-revalidate, proxy-revalidate, max-age=10800
content-length: 36926
expires: Wed, 05 Oct 2022 05:10:19 GMT

GET
H2 200 gac-vendors.json Show response
cdn.iubenda.com/cs/tcf/ 59 KB
13 KB 79ms
39ms XHR
application/json 2.19.37.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iubenda.com/cs/tcf/gac-vendors.json
Requested by: Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cs/tcf/versions/tcf-v2-0.18.1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.37.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-37-157.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2d7add52f20e5d41e0244f8e48a07a4ac5696eccae612a2293f0fd99ca858115

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: br
last-modified: Mon, 03 Oct 2022 13:26:19 GMT
etag: "633ae2fb-31f2"
p3p: CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin: *
content-type: application/json
cache-control: public, must-revalidate, proxy-revalidate, max-age=10800
content-length: 12786
expires: Wed, 05 Oct 2022 05:10:19 GMT

POST
H2 200 shares-post.json Show response
api-public.addthis.com/url/serviceapi/ 2 B
295 B 707ms
192ms XHR
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww.cleafy.com%2Fcleafy-labs%2Fsova-malware-is-back-and-is-evolving-rapidly

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.cleafy.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
date: Wed, 05 Oct 2022 02:10:19 GMT
surrogate-key: sFbt=https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
last-modified: Wed, 05 Oct 2022 02:00:00 GMT
server: nginx/1.15.8
content-type: application/json
access-control-allow-origin: https://www.cleafy.com
cache-control: no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials: true
content-length: 2

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/ 392 KB
157 KB 118ms
33ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fe11aff0ae158a9a4a91fe408daf8ecddf648ed069942e11efb1e023b83eee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cleafy.com/
Origin: https://www.cleafy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 15:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 160114
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 15:17:11 GMT

POST
H2 204 write Show response
hits-i.iubenda.com/ 0
400 B 77ms
77ms XHR
text/plain 192.81.221.184
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://hits-i.iubenda.com/write?db=hits1
Requested by: Host: cdn.iubenda.com
URL: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.41.0/core-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.81.221.184 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cleafy.com/
accept-language: de-DE,de;q=0.9
Authorization: Basic aGl0czFfdTpoaXRzMV91cHdk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
server: nginx
x-influxdb-build: OSS
access-control-allow-methods: DELETE, GET, OPTIONS, POST, PUT
access-control-allow-origin: https://www.cleafy.com
x-influxdb-version: 1.8.2
access-control-expose-headers: Date, X-InfluxDB-Version, X-InfluxDB-Build
request-id: dc61720e-4452-11ed-8f1c-0242ac110002
access-control-allow-headers: Accept, Accept-Encoding, Authorization, Content-Length, Content-Type, X-CSRF-Token, X-HTTP-Method-Override
x-request-id: dc61720e-4452-11ed-8f1c-0242ac110002

OPTIONS
H2 204 write
hits-i.iubenda.com/ Frame 0
0 110ms
26ms Preflight
text/plain 192.81.221.184
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://hits-i.iubenda.com/write?db=hits1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.81.221.184 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: POST
Origin: https://www.cleafy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: *, authorization
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 05 Oct 2022 02:10:19 GMT
server: nginx

GET
H3 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame DBB2 43 KB
22 KB 79ms
38ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuY2xlYWZ5LmNvbTo0NDM.&hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&size=invisible&badge=inline&cb=o6xaoafw0h53

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8f230fa1e6bdd9003b831e665b110cdf8aed8614f9f725969f6f5da8b6ec16d1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bxQTP7Ahg0PBRdTbZZw-Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cleafy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22796
content-security-policy: script-src 'report-sample' 'nonce-bxQTP7Ahg0PBRdTbZZw-Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 02:10:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
478 B 195ms
136ms Image
image/gif 2606:4700::6810:5705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=3993512

Requested by

Host: www.cleafy.com
URL: https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cleafy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-hubspot-correlation-id: 096f75e9-7238-453f-b86d-c20c1c59abdf
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Wed, 05 Oct 2022 02:10:19 GMT
server: cloudflare
x-trace: 2B9DE83C34732858BAAD33EEAE385361762DC1AF6F000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 75529ec7cc6f9a30-FRA

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/ Frame DBB2 52 KB
24 KB 98ms
32ms Stylesheet
text/css 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuY2xlYWZ5LmNvbTo0NDM.&hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&size=invisible&badge=inline&cb=o6xaoafw0h53

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 20:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 453715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24262
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Sep 2023 20:08:24 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/ Frame DBB2 392 KB
156 KB 115ms
50ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fe11aff0ae158a9a4a91fe408daf8ecddf648ed069942e11efb1e023b83eee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 15:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 160114
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 15:17:11 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame DBB2 2 KB
2 KB 33ms
32ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 09:16:38 GMT
x-content-type-options: nosniff
age: 492821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 06 Oct 2022 09:16:38 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DBB2 15 KB
15 KB 63ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 53534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Oct 2023 11:18:05 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DBB2 15 KB
15 KB 62ms
20ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 25831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Oct 2023 18:59:48 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame DBB2 102 B
134 B 28ms
27ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

380c41380ef43ac49c23949ead8c0f90133a93c49ec6527f7065ab4ee9c2ee44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuY2xlYWZ5LmNvbTo0NDM.&hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&size=invisible&badge=inline&cb=o6xaoafw0h53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 05 Oct 2022 02:10:19 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame F94D 7 KB
1 KB 31ms
30ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0a15f67ddce862cc4425824c9f0173d50b292254655320c42e3d95a2a3a7efa0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ENJVrDT0Dq4knOXyascGxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cleafy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1119
content-security-policy: script-src 'report-sample' 'nonce-ENJVrDT0Dq4knOXyascGxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 02:10:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/ Frame F94D 52 KB
24 KB 32ms
32ms Stylesheet
text/css 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 20:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 453715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24262
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Sep 2023 20:08:24 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/ Frame F94D 392 KB
156 KB 34ms
33ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fe11aff0ae158a9a4a91fe408daf8ecddf648ed069942e11efb1e023b83eee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 15:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 160114
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 15:17:11 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/enterprise/ Frame F94D 39 KB
24 KB 73ms
72ms XHR
application/json 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

22f6c78988b3928684c09fc39f9551d8ec274d5f4c1238819a65a217db84b823

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 05 Oct 2022 02:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24166
x-xss-protection: 1; mode=block
expires: Wed, 05 Oct 2022 02:10:20 GMT

GET
H3 200 canonical_car.png
www.gstatic.com/recaptcha/api2/ Frame F94D 11 KB
11 KB 33ms
32ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/canonical_car.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 08:08:29 GMT
x-content-type-options: nosniff
age: 583311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11174
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 05 Oct 2022 08:08:29 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame F94D 600 B
624 B 34ms
32ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:07:14 GMT
x-content-type-options: nosniff
age: 186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 12 Oct 2022 02:07:14 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame F94D 530 B
554 B 35ms
34ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 02:13:46 GMT
x-content-type-options: nosniff
age: 431794
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 07 Oct 2022 02:13:46 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame F94D 665 B
689 B 34ms
33ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 16:08:06 GMT
x-content-type-options: nosniff
age: 36134
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 11 Oct 2022 16:08:06 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F94D 15 KB
15 KB 20ms
19ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 53535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Oct 2023 11:18:05 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F94D 15 KB
15 KB 27ms
26ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 06:37:10 GMT
x-content-type-options: nosniff
age: 415990
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 30 Sep 2023 06:37:10 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F94D 15 KB
15 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 25832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Oct 2023 18:59:48 GMT

GET
H3 200 payload
www.google.com/recaptcha/enterprise/ Frame F94D 42 KB
42 KB 29ms
29ms Image
image/jpeg 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/enterprise/payload?p=06AIIukzj484hub9Lb3pa667BSkuEXrge2EJVYGw0uVONkKinuzTLR59MtDro5xX1ExAaAzFYOw3ZjNNKA1vKK-d0rm-oCdPvQxH5o7y_1SHTz9kIa2v1tnECq6KPuVyeVocjh2AVg9stmaxLD9BABefmphuZgpaCWGl_XUDuvmCtDKYn3OYvdlW6LvwsZOlOpEJSAzbMKa5WizyC50IAC8rUYvn9c-gT0lA&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

16d544f469722f12eb94b070d66e50b56639af1195c9c152931478bd40b275e7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=a9s0j4pCVT6gaTEkLiFbtZPH&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:10:20 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42798
x-xss-protection: 1; mode=block
expires: Wed, 05 Oct 2022 02:10:20 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 10:48:07	Name: _GRECAPTCHA Value: 09ALeKQC8lzBUpWaP4i9Vvt5wueu0V6O9Bqwv2G458TB0snKcobJfVRQi-mbynoIvUm0Qny-DxX1wlgAwRWzcqqbM
.cleafy.com/	1970-01-20 16:04:55	Name: _ga_XXDJEBQ2SP Value: GS1.1.1664935818.1.0.1664935818.0.0.0
.cleafy.com/	1970-01-20 16:04:55	Name: _ga Value: GA1.1.312391302.1664935819
www.cleafy.com/	1970-01-20 15:59:10	Name: __atuvc Value: 1%7C40
www.cleafy.com/	1970-01-20 06:28:57	Name: __atuvs Value: 633ce78a7809b81a000
.addthis.com/	1970-01-20 15:59:10	Name: uvc Value: 1%7C40
.addthis.com/	1970-01-20 15:59:10	Name: loc Value: MDAwMDBFVURFSEUyMzA4MTg5MzAwMzAwMDBDSA==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api-public.addthis.com
assets.website-files.com
cdn.iubenda.com
d3e54v103j8qbb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
hits-i.iubenda.com
js.hsforms.net
m.addthis.com
perf.hsforms.com
region1.google-analytics.com
s7.addthis.com
v1.addthisedge.com
www.cleafy.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.iubenda.com
z.moatads.com
s7.addthis.com
104.75.88.126
192.81.221.184
2.18.169.149
2.19.37.157
2001:4860:4802:32::36
2600:9000:2057:3200:11:3b84:d200:93a1
2606:4700::6810:5605
2606:4700::6810:5705
2606:4700::6811:b849
2a00:1450:4001:811::2003
2a00:1450:4001:828::200a
2a00:1450:4001:830::2004
2a00:1450:400d:807::2003
2a00:1450:400d:80e::2008
2a00:1450:400d:80e::200a
34.253.101.190
99.86.1.78
02dbd6b05946a22b670a3677b968a9e8b467d4507217562f123c10e9e3bcaaf0
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0a15f67ddce862cc4425824c9f0173d50b292254655320c42e3d95a2a3a7efa0
14331ec85ea77c3a2fa6012876323a5762d6ad11aca18803dc8f4d728c0f4ff3
1503658367127cc4c649f705228aa8d85807391d3944e9fd268f698d3e81230b
16d544f469722f12eb94b070d66e50b56639af1195c9c152931478bd40b275e7
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d767c17a18a3563079d7c5cf129d815f1aaf88c854faf6d2f670afa9d080aec
22f6c78988b3928684c09fc39f9551d8ec274d5f4c1238819a65a217db84b823
26b893dd303325a2e525941dd75c1d0fa37be2f53853667c552a34356a380163
2d7add52f20e5d41e0244f8e48a07a4ac5696eccae612a2293f0fd99ca858115
380c41380ef43ac49c23949ead8c0f90133a93c49ec6527f7065ab4ee9c2ee44
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
46bb9e35692679c2ef79cbecf203f57c4f787510a76e98994176cfdfd22b8299
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
4b33ec8541d497fa4e6fba96d81cdb28efd2229a64bec6a0ba44ccccaee7bb27
4f72fc7b86c86a7d8d3cae046fd215c4361da587a14f349d9c3988493b4b4a6c
54a4c9772d4cd5ec4be769e3db588a4a9e0ab90d0157bfacf8ddf5542defd808
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5d5476afa39f08490e9c4e1844eb25fd5c1fd71169e360b44e1398ee5ecece40
60f4bcaa051d731e2b2f115766b544a5e07a5e3c8d9fe46e908ba2a098e6e794
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
696ca750acc5eb583152a7de113eac009bf5551a8a7ca286ed4c2ac7b60e260d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6fe11aff0ae158a9a4a91fe408daf8ecddf648ed069942e11efb1e023b83eee1
7295944e0067d71c5d5276d397dc0299afb519f277ba644aec0b96343e4185d1
7347d2a17d111cc9430673c9a2562311cb10c537573e5d35fe43b85dc3334cd3
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7cc5d218479e076d814547e2c5d5309e6b7d9e019a6256b1ae1ecd0dd08c9c2e
7ef1a7d84061ccedd441b7eb0ccdf1f7ceaadd0b63bc164344a797c90bf1542c
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8f230fa1e6bdd9003b831e665b110cdf8aed8614f9f725969f6f5da8b6ec16d1
910a62f751b890279d0c9776da5ec248e270518edbdaf28e7ef1f9192b5f7da4
94fb2ae6928aefdec5405cc1bca32a34347239bd7fe3418e3904e4f98f0ba3a5
982ec121721fb8c8ec7de5fdc9b4880110192ec150fcfda12484537fac62498b
a0f7a639dc16e6009207fca29c8bf4c0c534dd6af37638fbabf497a1f5d77db8
ab0bd19ed5ad90fb72819af221441e8a88091304b4d41b247b0dced128798935
abc5a0dfe4d07a6e3c5cf11e90abfdd994e3db90a27414568366f72ac50e84db
ac64d2087d19437b30634ce592ad8db5c5760ccc5d2de77940f1f869a08f44ef
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b0954ee834fe0437011e04648fda6aeee8f6566a4d1dfc641df2a77d108739c1
b9cf0bb20a1cef757918df5638a0130f3823ec42206246ae006aa227005f9196
bbbeb23863f2fae2a3ec158ce3755ba2614b3677e316cd03151996781a743896
bd14ceebd0845b680acf4be88fcca7dcac9b09ef366c8828ed7fb65073ebc385
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
d046e4d678e786ce2b1b678831d922df3a4bbc9f09b3d62e86e4a4e59d2c1edb
d1e192f72c5d5910b1e70d5b0876edd4c8efba3e843533f3c6aade6ad6c8743b
d95582899fa2f256da7500086e7fad1592906a0858f82c168997e344d2f27924
da1ce2a65e85ed424f9dd532945b577c6fb284b3a6d30872583b74c3996a681b
ddc34e46b62ef6dbb9c1c98933525325d5d36a828d1eabe7e7a6b28549fc4c98
dfcd31bc0cf58efb2386fba827a5b4d9854e1475d4c51746d63401fcc5b354a2
e14b85fcfc743aee53464dc0908a44dba858a1292903a4e3e803d8bcff63bf58
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

www.cleafy.com Open in urlscan Pro 34.253.101.190 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

68 Requests

99 %HTTPS

65 %IPv6

14 Domains

21 Subdomains

18 IPs

5 Countries

11223 kBTransfer

14595 kBSize

7 Cookies

6 Outgoing links

Redirected requests

68 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cleafy.com Open in urlscan Pro
34.253.101.190 Public Scan

Screenshot
Live screenshot

Full Image

68
Requests

99 %
HTTPS

65 %
IPv6

14
Domains

21
Subdomains

18
IPs

5
Countries

11223 kB
Transfer

14595 kB
Size

7
Cookies

68 HTTP transactions
0 data transactions