safe-site.protected-forms.com Open in urlscan Pro
52.5.163.214  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://https.file-transfers.ancillarycheese.com/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Page URL
2. https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Show response https.file-transfers.ancillarycheese.com/	367 B 797 B	336ms 292ms	Document text/html	3.222.195.87 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://https.file-transfers.ancillarycheese.com/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol HTTP/1.1 Server 3.222.195.87 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-3-222-195-87.compute-1.amazonaws.com Software / Resource Hash 95988c5fb43b167cf95cca651b33f4c1cf8c970d4e03474fe38a82596461b4e3 Security Headers Name Value Content-Security-Policy X-Frame-Options SAMEORIGIN Request headers Host https.file-transfers.ancillarycheese.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 27 Sep 2019 08:14:28 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Referrer-Policy no-referrer-when-downgrade X-Frame-Options SAMEORIGIN ETag W/"95988c5fb43b167cf95cca651b33f4c1" Cache-Control max-age=0, private, must-revalidate Content-Security-Policy X-Request-Id cc5b512b-696e-4a88-bfb3-8f2db4880aef X-Runtime 0.112521
GET H2	200	Primary Request XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Show response safe-site.protected-forms.com/pages/85ed13a2c1740/	29 KB 29 KB	390ms 127ms	Document text/html	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Requested by Host: https.file-transfers.ancillarycheese.com URL: http://https.file-transfers.ancillarycheese.com/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 02cff4823be590fa42b08091748deca5635057e3565fff2b191f64bfa2a6483d Security Headers Name Value Content-Security-Policy X-Frame-Options SAMEORIGIN Request headers :method GET :authority safe-site.protected-forms.com :scheme https :path /pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site cross-site referer http://https.file-transfers.ancillarycheese.com/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Referer http://https.file-transfers.ancillarycheese.com/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Response headers status 200 date Fri, 27 Sep 2019 08:14:28 GMT content-type text/html; charset=utf-8 referrer-policy no-referrer-when-downgrade x-frame-options SAMEORIGIN etag W/"02cff4823be590fa42b08091748deca5" cache-control max-age=0, private, must-revalidate content-security-policy x-request-id e169e775-a735-4318-b4b9-66428d9a5064 x-runtime 0.028198
GET H2	200	application-de3f52e5dbd2db9456c316030a588a270edce407e0c265f76423aa3d312c14b9.js Show response safe-site.protected-forms.com/assets/	4 MB 965 KB	103ms 100ms	Script application/javascript	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/assets/application-de3f52e5dbd2db9456c316030a588a270edce407e0c265f76423aa3d312c14b9.js Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash de3f52e5dbd2db9456c316030a588a270edce407e0c265f76423aa3d312c14b9 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Thu, 26 Sep 2019 18:43:41 GMT content-length 987045 vary Accept-Encoding content-type application/javascript
GET H2	200	vendor-1306c16bdc67d7e3edb8.js Show response safe-site.protected-forms.com/packs/js/	365 KB 125 KB	108ms 105ms	Script application/javascript	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/packs/js/vendor-1306c16bdc67d7e3edb8.js Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 369fb4fcab1174db1513f3abf7e7b7fa8f190daf80ff28deefb6b1678ace88f8 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Thu, 26 Sep 2019 18:48:23 GMT content-length 127699 vary Accept-Encoding content-type application/javascript
GET H2	200	modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js Show response safe-site.protected-forms.com/assets/	50 KB 16 KB	188ms 185ms	Script application/javascript	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Thu, 26 Sep 2019 17:50:43 GMT content-length 15721 vary Accept-Encoding content-type application/javascript
GET H2	200	landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css safe-site.protected-forms.com/assets/	1 KB 549 B	109ms 106ms	Stylesheet text/css	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Wed, 25 Sep 2019 11:18:27 GMT content-length 415 vary Accept-Encoding content-type text/css
GET H2	200	sei-modal-24152d098d5744697d79f0a2a169038a204eb8c53a3f6e23b227b178712b53c1.css safe-site.protected-forms.com/assets/	1 KB 578 B	108ms 105ms	Stylesheet text/css	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/assets/sei-modal-24152d098d5744697d79f0a2a169038a204eb8c53a3f6e23b227b178712b53c1.css Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 24152d098d5744697d79f0a2a169038a204eb8c53a3f6e23b227b178712b53c1 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Wed, 25 Sep 2019 11:18:27 GMT content-length 444 vary Accept-Encoding content-type text/css
GET H2	200	sei-tooltip-15c00abdc9e9462d2538982039515c2ee3a056dfaef70b944c0b234c1dda1270.css safe-site.protected-forms.com/assets/	3 KB 815 B	188ms 185ms	Stylesheet text/css	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/assets/sei-tooltip-15c00abdc9e9462d2538982039515c2ee3a056dfaef70b944c0b234c1dda1270.css Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 15c00abdc9e9462d2538982039515c2ee3a056dfaef70b944c0b234c1dda1270 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Wed, 25 Sep 2019 11:18:27 GMT content-length 681 vary Accept-Encoding content-type text/css
GET H2	200	sei-flag-590a28b756e2e8a0661ceca1971920bd1a0c3579252c8f51c98af4cc357b6e8b.css safe-site.protected-forms.com/assets/	2 KB 748 B	180ms 178ms	Stylesheet text/css	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://safe-site.protected-forms.com/assets/sei-flag-590a28b756e2e8a0661ceca1971920bd1a0c3579252c8f51c98af4cc357b6e8b.css Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash 590a28b756e2e8a0661ceca1971920bd1a0c3579252c8f51c98af4cc357b6e8b Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT content-encoding gzip last-modified Wed, 25 Sep 2019 11:18:27 GMT content-length 614 vary Accept-Encoding content-type text/css
GET H2	200	element.js Show response translate.google.com/translate_a/	2 KB 800 B	18ms 16ms	Script text/javascript	2a00:1450:4001:81e::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software HTTP server (unknown) / Resource Hash cf52ca89d125c7a28d78f99c604b1f1ba7aacadae28465e71428842441b6a3fc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Fri, 27 Sep 2019 08:14:28 GMT content-encoding gzip x-content-type-options nosniff server HTTP server (unknown) content-language en status 200 cache-control no-cache, must-revalidate content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 728 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	kelly_whatsnext_fullcolor-1.png starmensclub.files.wordpress.com/2019/08/	9 KB 9 KB	66ms 17ms	Image image/png	192.0.72.21 Automattic
General Check archive.org Show headers Download Go to Show image Full URL https://starmensclub.files.wordpress.com/2019/08/kelly_whatsnext_fullcolor-1.png Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash 54fa339a0a53a6334372c223f3da75205eadaa381aff0f8ad7488abca5165471 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 21 np date Fri, 27 Sep 2019 08:14:29 GMT last-modified Wed, 21 Aug 2019 15:08:03 GMT server nginx x-orig-src 01_mogdir content-type image/png status 200 accept-ranges bytes content-length 9437 expires Fri, 18 Oct 2019 10:30:46 GMT
GET H/1.1	200 OK	b220713a2d4ac7a75ebe1f9ee0c78549.png aro.scdn.co/newsletters/	4 KB 5 KB	85ms 39ms	Image image/png	143.204.208.2 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://aro.scdn.co/newsletters/b220713a2d4ac7a75ebe1f9ee0c78549.png Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol HTTP/1.1 Server 143.204.208.2 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-208-2.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash a8b6d39f13a122eefbb4741645ee66c2f83c7ab605c9bc9f10360b2c5cd8e545 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 26 Sep 2019 16:30:14 GMT Via 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront) Last-Modified Tue, 25 Sep 2018 15:12:29 GMT Server AmazonS3 Age 56656 ETag "b220713a2d4ac7a75ebe1f9ee0c78549" X-Cache Hit from cloudfront Content-Type image/png Connection keep-alive X-Amz-Cf-Pop FRA53-C1 Accept-Ranges bytes Content-Length 4256 X-Amz-Cf-Id XOqfZk5LXfSGybtcGF_-Ed2g43U9AciAXzXnVwxCjrzwqz6qi4knwQ==
GET H/1.1	200 OK	logo_footer.png aro.spotify.s3.amazonaws.com/newsletter/images/	1 KB 2 KB	225ms 199ms	Image image/png	54.231.120.203 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://aro.spotify.s3.amazonaws.com/newsletter/images/logo_footer.png Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol HTTP/1.1 Server 54.231.120.203 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 48f94b8cfe346d6a6e71aa7c26e2b1d3b36c02bcaff6258b9ef18a33a32bbae1 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 27 Sep 2019 08:14:30 GMT Last-Modified Wed, 10 Dec 2014 10:54:21 GMT Server AmazonS3 x-amz-request-id A2D128538A410300 ETag "6b9c52615e93393e5f221445b4abd22d" Content-Type image/png x-amz-meta-s3fox-filesize 1255 x-amz-meta-s3fox-modifiedtime 1418208827000 Accept-Ranges bytes Content-Length 1255 x-amz-id-2 R6jRvzzERHAfcXkTVC9FzslC5xjNj4QmF/ZIKT0YG0LStNQyCVt+tuVfmf+oDh4kReE312OzkH4=
GET H2	200	translateelement.css translate.googleapis.com/translate_static/css/	18 KB 4 KB	6ms 6ms	Stylesheet text/css	2a00:1450:4001:80b::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.googleapis.com/translate_static/css/translateelement.css Requested by Host: translate.google.com URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 27 Sep 2019 07:26:55 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 07 May 2019 20:15:00 GMT server sffe age 2854 vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=3600 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 3619 x-xss-protection 0 expires Fri, 27 Sep 2019 08:26:55 GMT
GET H2	200	main.js Show response translate.googleapis.com/translate_static/js/element/	3 KB 2 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80b::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.googleapis.com/translate_static/js/element/main.js Requested by Host: translate.google.com URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash cc97bba93da7a5906a14d048efd383ba780984afbb53bc4504fb24c34ff3bfa8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 27 Sep 2019 07:24:10 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 04 Sep 2019 00:45:00 GMT server sffe age 3019 vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=3600 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 1543 x-xss-protection 0 expires Fri, 27 Sep 2019 08:24:10 GMT
GET H2	200	sei-flag-fc5e7621ba0e98c5c6728e3b2bdf802311c0a0953a05e60a7551cb0c7bed00a9.png safe-site.protected-forms.com/assets/	3 KB 3 KB	98ms 97ms	Image image/png	52.5.163.214 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://safe-site.protected-forms.com/assets/sei-flag-fc5e7621ba0e98c5c6728e3b2bdf802311c0a0953a05e60a7551cb0c7bed00a9.png Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.163.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-5-163-214.compute-1.amazonaws.com Software / Resource Hash fc5e7621ba0e98c5c6728e3b2bdf802311c0a0953a05e60a7551cb0c7bed00a9 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/assets/sei-flag-590a28b756e2e8a0661ceca1971920bd1a0c3579252c8f51c98af4cc357b6e8b.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Fri, 27 Sep 2019 08:14:29 GMT last-modified Wed, 25 Sep 2019 11:18:27 GMT content-length 3168 content-type image/png
GET H2	200	element_main.js Show response translate.googleapis.com/element/TE_20190724_00/e/js/element/	239 KB 86 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80b::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.googleapis.com/element/TE_20190724_00/e/js/element/element_main.js Requested by Host: translate.googleapis.com URL: https://translate.googleapis.com/translate_static/js/element/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 2acb6b5eca2478cae3b9c12f69df75d514aaa0e7a6c7c7dc0c4399fb36aa85fd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 27 Sep 2019 07:14:20 GMT content-encoding gzip x-content-type-options nosniff age 3609 status 200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 88192 x-xss-protection 0 last-modified Wed, 24 Jul 2019 14:29:11 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 26 Sep 2020 07:14:20 GMT
GET H2	200	l Show response translate.googleapis.com/translate_a/	3 KB 1 KB	18ms 18ms	Script application/javascript	2a00:1450:4001:80b::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=_callbacks____0k11uony9 Requested by Host: translate.googleapis.com URL: https://translate.googleapis.com/element/TE_20190724_00/e/js/element/element_main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash c9050a0408de3f0d58a80d5ce7c7fe5fd6bacb51087db16d5a1958a184df558a Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-PJWMa6RR5LE5zvdNDq6AMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', script-src 'nonce-PJWMa6RR5LE5zvdNDq6AMQ' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/TranslateApiHttp/cspreport X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache content-security-policy script-src 'report-sample' 'nonce-PJWMa6RR5LE5zvdNDq6AMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', script-src 'nonce-PJWMa6RR5LE5zvdNDq6AMQ' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/TranslateApiHttp/cspreport content-encoding gzip x-content-type-options nosniff server ESF status 200 date Fri, 27 Sep 2019 08:14:29 GMT x-frame-options SAMEORIGIN content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, must-revalidate alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 x-xss-protection 0 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	translate_24dp.png www.gstatic.com/images/branding/product/2x/	2 KB 2 KB	6ms 5ms	Image image/png	2a00:1450:4001:824::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/branding/product/2x/translate_24dp.png Requested by Host: translate.googleapis.com URL: https://translate.googleapis.com/element/TE_20190724_00/e/js/element/element_main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://translate.googleapis.com/translate_static/css/translateelement.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 26 Sep 2019 12:40:21 GMT x-content-type-options nosniff last-modified Thu, 21 Apr 2016 03:17:22 GMT server sffe age 70448 vary Origin content-type image/png status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 1847 x-xss-protection 0 expires Fri, 25 Sep 2020 12:40:21 GMT
GET H2	200	translateelement.css translate.googleapis.com/translate_static/css/ Frame 0821	18 KB 4 KB	6ms 6ms	Stylesheet text/css	2a00:1450:4001:80b::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.googleapis.com/translate_static/css/translateelement.css Requested by Host: translate.googleapis.com URL: https://translate.googleapis.com/element/TE_20190724_00/e/js/element/element_main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 27 Sep 2019 07:26:55 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 07 May 2019 20:15:00 GMT server sffe age 2854 vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=3600 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 3619 x-xss-protection 0 expires Fri, 27 Sep 2019 08:26:55 GMT
GET H2	200	translate_24dp.png www.gstatic.com/images/branding/product/1x/	825 B 890 B	6ms 6ms	Image image/png	2a00:1450:4001:824::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/branding/product/1x/translate_24dp.png Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 25 Sep 2019 21:09:34 GMT x-content-type-options nosniff last-modified Thu, 21 Apr 2016 03:17:22 GMT server sffe age 126295 vary Origin content-type image/png status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 825 x-xss-protection 0 expires Thu, 24 Sep 2020 21:09:34 GMT
GET H2	200	cleardot.gif www.google.com/images/	43 B 120 B	38ms 38ms	Image image/gif	2a00:1450:4001:820::2004 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/images/cleardot.gif Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Fri, 27 Sep 2019 08:14:29 GMT x-content-type-options nosniff last-modified Thu, 08 Dec 2016 01:00:57 GMT server sffe content-type image/gif status 200 cache-control no-cache, no-store, must-revalidate accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 43 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	te_ctrl3.gif translate.googleapis.com/translate_static/img/	1 KB 1 KB	6ms 6ms	Image image/gif	2a00:1450:4001:80b::200a Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://translate.googleapis.com/translate_static/img/te_ctrl3.gif Requested by Host: safe-site.protected-forms.com URL: https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://safe-site.protected-forms.com/pages/85ed13a2c1740/XYWNw0aW9uPWnNsaWNrJnbVybD1ottdHRwlczovL3NhyZmlUtc2l0ZS5wcm90ZWN0dZWQtZm9ybXMuY29tL3BhZ2VzLzg1ZWQxM2EyYzE3NDAmcmVjaXBpZW50X2lkPTUwOTQxNTgyNCZjYW1wYWlnbl9ydW5faWQ9MjM5NTk5OQ== User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 23 Aug 2019 02:29:56 GMT x-content-type-options nosniff last-modified Tue, 15 Aug 2017 20:15:00 GMT server sffe age 3044673 content-type image/gif status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 1412 x-xss-protection 0 expires Sat, 22 Aug 2020 02:29:56 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Phishing Simulation (Internet)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| _typeof boolean| windowIsDefined function| _extends function| FlatpickrInstance function| _flatpickr function| flatpickr function| timeToLocal function| updateQueryStringParameter function| getParam function| colSort function| ES6Promise function| $ function| jQuery object| jQuery1124013926338643392278 function| Retina function| RetinaImagePath function| RetinaImage function| Color function| Chart object| Chartkick function| proj4 function| AjaxBootstrapSelect function| AjaxBootstrapSelectList function| AjaxBootstrapSelectRequest function| Slider object| Utils object| asap_questionaire function| AsapStoreViewer object| Routes function| moment object| FullCalendar function| _ object| ProgressBar object| ZeroClipboard_TableTools object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime object| Highcharts object| html5 object| Modernizr function| googleTranslateElementInit object| google object| asap object| kb4 object| closure_lm_734061

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://safe-site.protected-forms.com/assets/application-de3f52e5dbd2db9456c316030a588a270edce407e0c265f76423aa3d312c14b9.js(Line 71456) Message: bootstrap-slider.js - WARNING: $.fn.slider namespace is already bound. Use the $.fn.bootstrapSlider namespace instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aro.scdn.co
aro.spotify.s3.amazonaws.com
https.file-transfers.ancillarycheese.com
safe-site.protected-forms.com
starmensclub.files.wordpress.com
translate.google.com
translate.googleapis.com
www.google.com
www.gstatic.com
143.204.208.2
192.0.72.21
2a00:1450:4001:80b::200a
2a00:1450:4001:81e::200e
2a00:1450:4001:820::2004
2a00:1450:4001:824::2003
3.222.195.87
52.5.163.214
54.231.120.203
02cff4823be590fa42b08091748deca5635057e3565fff2b191f64bfa2a6483d
15c00abdc9e9462d2538982039515c2ee3a056dfaef70b944c0b234c1dda1270
16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
24152d098d5744697d79f0a2a169038a204eb8c53a3f6e23b227b178712b53c1
2acb6b5eca2478cae3b9c12f69df75d514aaa0e7a6c7c7dc0c4399fb36aa85fd
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
369fb4fcab1174db1513f3abf7e7b7fa8f190daf80ff28deefb6b1678ace88f8
48f94b8cfe346d6a6e71aa7c26e2b1d3b36c02bcaff6258b9ef18a33a32bbae1
54fa339a0a53a6334372c223f3da75205eadaa381aff0f8ad7488abca5165471
590a28b756e2e8a0661ceca1971920bd1a0c3579252c8f51c98af4cc357b6e8b
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97
95988c5fb43b167cf95cca651b33f4c1cf8c970d4e03474fe38a82596461b4e3
99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d
a8b6d39f13a122eefbb4741645ee66c2f83c7ab605c9bc9f10360b2c5cd8e545
c9050a0408de3f0d58a80d5ce7c7fe5fd6bacb51087db16d5a1958a184df558a
cc97bba93da7a5906a14d048efd383ba780984afbb53bc4504fb24c34ff3bfa8
cf52ca89d125c7a28d78f99c604b1f1ba7aacadae28465e71428842441b6a3fc
d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171
de3f52e5dbd2db9456c316030a588a270edce407e0c265f76423aa3d312c14b9
fc5e7621ba0e98c5c6728e3b2bdf802311c0a0953a05e60a7551cb0c7bed00a9