urlscan.io logo urlscan.io
SecurityTrails logo

livesession.vcita.com Open in urlscan Pro
52.44.172.169  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://spotify.localizer.co/
Effective URL: https://livesession.vcita.com/login
Submission: On April 24 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 5 countries across 14 domains to perform 22 HTTP transactions. The main IP is 52.44.172.169, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is livesession.vcita.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 17th 2020. Valid for: 3 months.
This is the only time livesession.vcita.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 173.239.36.166 27257 (WEBAIR-IN...)
1 2 52.44.172.169 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
6 13.225.78.204 16509 (AMAZON-02)
1 23.210.249.13 16625 (AKAMAI-AS)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 4 23.210.248.216 16625 (AKAMAI-AS)
1 2 63.32.63.32 16509 (AMAZON-02)
22 12
1    173.239.36.166 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
spotify.localizer.co
2    52.44.172.169 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-172-169.compute-1.amazonaws.com
livesession.vcita.com
2    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    13.225.78.204 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-204.fra2.r.cloudfront.net
d2ra6nuwn69ktl.cloudfront.net
1    23.210.249.13 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-13.deploy.static.akamaitechnologies.com
c15117557.ssl.cf2.rackcdn.com
2    2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
4    23.210.248.216 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com
s.adroll.com
2    63.32.63.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
d.adroll.mgr.consensu.org
d.adroll.com
Domain Requested by
6 d2ra6nuwn69ktl.cloudfront.net livesession.vcita.com
4 s.adroll.com 1 redirects livesession.vcita.com
s.adroll.com
2 connect.facebook.net livesession.vcita.com
connect.facebook.net
2 bat.bing.com livesession.vcita.com
2 stats.g.doubleclick.net 1 redirects livesession.vcita.com
2 fonts.googleapis.com livesession.vcita.com
2 livesession.vcita.com 1 redirects
1 d.adroll.com
1 d.adroll.mgr.consensu.org 1 redirects
1 www.facebook.com livesession.vcita.com
1 www.google.de livesession.vcita.com
1 www.google.com 1 redirects
1 fonts.gstatic.com livesession.vcita.com
1 c15117557.ssl.cf2.rackcdn.com livesession.vcita.com
1 spotify.localizer.co 1 redirects
22 15

This site contains no links.

Subject Issuer Validity Valid
*.vcita.com
Let's Encrypt Authority X3		 2020-03-17 -
2020-06-15		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2019-07-17 -
2020-07-05		 a year crt.sh
*.ssl.cf2.rackcdn.com
DigiCert SHA2 Secure Server CA		 2020-02-18 -
2021-05-19		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh
www.bing.com
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-04-15 -
2020-07-14		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA		 2020-01-29 -
2021-04-29		 a year crt.sh
adroll.mgr.consensu.org
Amazon		 2019-11-06 -
2020-12-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://livesession.vcita.com/login
Frame ID: 93F09600F2522EAB2B189A1149AD64C5
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://spotify.localizer.co/ HTTP 302
    https://livesession.vcita.com/ HTTP 302
    https://livesession.vcita.com/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /angular.*\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

22
Requests

100 %
HTTPS

57 %
IPv6

14
Domains

15
Subdomains

12
IPs

5
Countries

1130 kB
Transfer

2788 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://spotify.localizer.co/ HTTP 302
    https://livesession.vcita.com/ HTTP 302
    https://livesession.vcita.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1802038307&utmhn=livesession.vcita.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Login%20to%20vCita&utmhid=175717600&utmr=-&utmp=%2Flogin&utmht=1587708105217&utmac=UA-20992974-1&utmcc=__utma%3D147183146.1754449125.1587708105.1587708105.1587708105.1%3B%2B__utmz%3D147183146.1587708105.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1894649654&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-20992974-1&cid=1754449125.1587708105&jid=1894649654&_v=5.7.2dc&z=1802038307 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-20992974-1&cid=1754449125.1587708105&jid=1894649654&_v=5.7.2dc&z=1802038307&slf_rd=1&random=2665035543
Request Chain 18
  • https://s.adroll.com/j/exp/WZPRYR3BLNDY3I7JPOWBOY/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 20
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/WZPRYR3BLNDY3I7JPOWBOY?_s=e8a998ab107c86a4952fa716d01c7f9a&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/WZPRYR3BLNDY3I7JPOWBOY/?_s=e8a998ab107c86a4952fa716d01c7f9a&_b=2

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
livesession.vcita.com/
Redirect Chain
  • https://spotify.localizer.co/
  • https://livesession.vcita.com/
  • https://livesession.vcita.com/login
30 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.44.172.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-172-169.compute-1.amazonaws.com
Software
openresty /
Resource Hash
a597ea5bc521cda7e068a31262a2d7ec98072e4e16f8a8fcca7a71df34be15ef

Request headers

:method
GET
:authority
livesession.vcita.com
:scheme
https
:path
/login
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
source_referrer=; attribution_params=%5B%7B%22source_referrer%22%3A%22%22%7D%5D; ____vcita_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJTg3OTQ1YzE0Y2VmMjZkZWI2OTcyOWNhZTg5ZTM0ZGVmBjsAVEkiFHNvdXJjZV9yZWZlcnJlcgY7AEZJIgAGOwBUSSIXYXR0cmlidXRpb25fcGFyYW1zBjsARkkiHVt7InNvdXJjZV9yZWZlcnJlciI6IiJ9XQY7AFQ%3D--917c6b0b4db65af6dba0e2f74a3c11ede807ee54
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200 200 OK
server
openresty
date
Fri, 24 Apr 2020 06:01:44 GMT
content-type
text/html; charset=utf-8
cache-control
must-revalidate, no-cache, no-store, private, max-age=0
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
/after_login
x-ua-compatible
IE=Edge,chrome=1
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
set-cookie
attribution_params=%5B%7B%22source_referrer%22%3A%22%22%2C%22invitation%22%3A682851%2C%22source_invite%22%3A%22WHITE_LABEL_SUB_ACCOUNT_REG%22%7D%5D; path=/ ____vcita_session=BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJTg3OTQ1YzE0Y2VmMjZkZWI2OTcyOWNhZTg5ZTM0ZGVmBjsAVEkiFHNvdXJjZV9yZWZlcnJlcgY7AEZJIgAGOwBUSSIXYXR0cmlidXRpb25fcGFyYW1zBjsARkkiX1t7InNvdXJjZV9yZWZlcnJlciI6IiIsImludml0YXRpb24iOjY4Mjg1MSwic291cmNlX2ludml0ZSI6IldISVRFX0xBQkVMX1NVQl9BQ0NPVU5UX1JFRyJ9XQY7AFRJIhBfY3NyZl90b2tlbgY7AEZJIjFKRlczWlFNUWd4dU5yMEM3czZhYzh5eWRrWXpLdU9RRnZMTHcwOCs4TWhvPQY7AEY%3D--31be638caa294f8941dd27e2ea20529aa5b7b440; domain=.vcita.com; path=/; SameSite=None; expires=Tue, 23-Jun-2020 06:01:44 GMT; secure; HttpOnly
x-request-id
ae7e5fefcc0d4f40508119151744184e
x-runtime
0.054761
x-rack-cache
miss
content-encoding
gzip

Redirect headers

status
302 302 Found
server
openresty
date
Fri, 24 Apr 2020 06:01:44 GMT
content-type
text/html; charset=utf-8
location
https://livesession.vcita.com/login
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
x-ua-compatible
IE=Edge,chrome=1
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
set-cookie
source_referrer=; path=/ attribution_params=%5B%7B%22source_referrer%22%3A%22%22%7D%5D; path=/ ____vcita_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJTg3OTQ1YzE0Y2VmMjZkZWI2OTcyOWNhZTg5ZTM0ZGVmBjsAVEkiFHNvdXJjZV9yZWZlcnJlcgY7AEZJIgAGOwBUSSIXYXR0cmlidXRpb25fcGFyYW1zBjsARkkiHVt7InNvdXJjZV9yZWZlcnJlciI6IiJ9XQY7AFQ%3D--917c6b0b4db65af6dba0e2f74a3c11ede807ee54; domain=.vcita.com; path=/; SameSite=None; expires=Tue, 23-Jun-2020 06:01:44 GMT; secure; HttpOnly
x-request-id
4706115f18ba0c790e70724fe8cf9c4f
x-runtime
0.008080
x-rack-cache
miss
css
fonts.googleapis.com/ 		36 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,100,700|Open+Sans:300italic,400italic,600italic,700italic,300,400,700,600|Montserrat:400,500,600,700
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0608428f12f4d4b24724a968ecfc4067458924383c7c0e27839e191700511237
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 24 Apr 2020 06:01:44 GMT
server
ESF
date
Fri, 24 Apr 2020 06:01:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 24 Apr 2020 06:01:44 GMT
css
fonts.googleapis.com/ 		27 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=fonts.googleapis.com/css?family=Caudex|Overlock|Patrick+Hand|Jockey+One|Sarina|Niconne|Fredericka+the+Great|Corben|Kelly+Slab|Marck+Script|Mr+De+Haviland|Lobster|Anton|Josefin+Slab|EB+Garamond|Basic|Chelsea+Market|Enriqueta|Forum|Jura|Noticia+Text|Open+Sans|Play|Signika|Spinnaker
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9d15c4d5fc7928d141670f0cf1b346d309fcbe79e1e70cd60592a2d95e902c6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 24 Apr 2020 06:01:44 GMT
server
ESF
date
Fri, 24 Apr 2020 06:01:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 24 Apr 2020 06:01:44 GMT
application-582a49dad99185c2aaff34019f7128a5.css
d2ra6nuwn69ktl.cloudfront.net/assets/ 		468 KB
469 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2ra6nuwn69ktl.cloudfront.net/assets/application-582a49dad99185c2aaff34019f7128a5.css
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-204.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b287e00d05c3c3f010d8cc575402b9e101070f3f9216900b681d3b36f056debc

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 08:28:27 GMT
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
last-modified
Mon, 20 Apr 2020 08:16:37 GMT
server
AmazonS3
age
77597
etag
"42c92ad0d1cb102e7b74e21ac124a3cd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
479417
x-amz-cf-id
uxGwHFA4HbWeJQRghSYn7CxBt2MwlLA5tiCmI_A5j9hgPZWxUXcmkw==
angular-file-upload-shim-932122bbf105b652a135674b9a6d1b1f.js
d2ra6nuwn69ktl.cloudfront.net/assets/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2ra6nuwn69ktl.cloudfront.net/assets/angular-file-upload-shim-932122bbf105b652a135674b9a6d1b1f.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-204.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f985be19209269f2d44f6d864b16af8afcdf19ab950d5d992464d9fb72779

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 08:30:11 GMT
content-encoding
gzip
last-modified
Mon, 20 Apr 2020 08:16:35 GMT
server
AmazonS3
age
77494
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
MNZ5xfs6LOJxB0bqAGxTNgwcXue3fUlQvipEuCIf7KMOuNGjrQNqog==
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
application-58282c1f38f612631a7606f1fe12f685.js
d2ra6nuwn69ktl.cloudfront.net/assets/ 		652 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2ra6nuwn69ktl.cloudfront.net/assets/application-58282c1f38f612631a7606f1fe12f685.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-204.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
23f9756576bf200767b7ac559d52eb0f49541caa521d839f89b234bbff177823

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 07:00:13 GMT
content-encoding
gzip
last-modified
Tue, 21 Apr 2020 06:43:56 GMT
server
AmazonS3
age
82892
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
vAHSRbHb8s4VOruhjfnNuLO6LdwNo4SX8PTIQUkdhGKNEOcVW4fP8g==
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
angular-pack-f136f546a8cb036a5bf455dd1188d582.js
d2ra6nuwn69ktl.cloudfront.net/assets/ 		189 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2ra6nuwn69ktl.cloudfront.net/assets/angular-pack-f136f546a8cb036a5bf455dd1188d582.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-204.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3206d063be471325db4d375f3173f7f1d1d1cc0c74804f09b264fbc4ee61451b

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 08:30:11 GMT
content-encoding
gzip
last-modified
Mon, 20 Apr 2020 08:16:36 GMT
server
AmazonS3
age
77494
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
E6C0WtgCKjqmUmKjfDmXoZk8PrncJtTvKig_mbof52tHu92UuOMkeA==
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
angular-pack-2-8fd180493ff9705fcba030de807ddfac.js
d2ra6nuwn69ktl.cloudfront.net/assets/ 		850 KB
220 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2ra6nuwn69ktl.cloudfront.net/assets/angular-pack-2-8fd180493ff9705fcba030de807ddfac.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-204.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6bf600e2837dc55f9289d9cf1e0fc0ebfd047a5cf997c22621f4cb1b783319e2

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 07:29:06 GMT
content-encoding
gzip
last-modified
Tue, 21 Apr 2020 06:43:54 GMT
server
AmazonS3
age
81159
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
THH35xBWY_RyrP1d2HGQIepXcya9h4vRo-p6O1bZJCRF4T6abqjGoQ==
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
signup-e5c1f63fa7dd9b7577035b3c9e6cff8d.css
d2ra6nuwn69ktl.cloudfront.net/assets/controllers/ 		16 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2ra6nuwn69ktl.cloudfront.net/assets/controllers/signup-e5c1f63fa7dd9b7577035b3c9e6cff8d.css
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-204.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e54311c7ef67069acfc846cf12b02c5cab3a94cd8a66038967cd82c227b41d10

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 11:02:09 GMT
content-encoding
gzip
last-modified
Mon, 20 Apr 2020 08:17:00 GMT
server
AmazonS3
age
68376
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
fKdBqhB5HbRHvnXRkQztkM8eJU__ITj_DeB8vH7oKNIrSYZXhRmRVA==
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
normal_ca3riqxqqtypimtpyq6906yuv0xsbmtc.png
c15117557.ssl.cf2.rackcdn.com/avatar/image/323150/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c15117557.ssl.cf2.rackcdn.com/avatar/image/323150/normal_ca3riqxqqtypimtpyq6906yuv0xsbmtc.png
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.249.13 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-249-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7386bed53406a43a7f89c4ac32a3f5e66faa9ab96caa5a11f4a574583cf53043

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 24 Apr 2020 06:01:45 GMT
Last-Modified
Mon, 12 Sep 2016 04:48:32 GMT
X-Trans-Id
tx9441d4ecd82d4a7aa5aa1-005ea280c9ord1
ETag
02fb77a9d93cb9480b28016b271eb677
Content-Type
image/png
X-Timestamp
1473655711.95557
Cache-Control
public, max-age=259182
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3239
Expires
Mon, 27 Apr 2020 06:01:27 GMT
dc.js
stats.g.doubleclick.net/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
1847
date
Fri, 24 Apr 2020 05:30:58 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
17093
expires
Fri, 24 Apr 2020 07:30:58 GMT
bat.js
bat.bing.com/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 24 Apr 2020 06:01:44 GMT
content-encoding
gzip
last-modified
Mon, 13 Apr 2020 22:01:50 GMT
x-msedge-ref
Ref A: DBF15CC82B2E4DE5960F92287EB5398D Ref B: FRAEDGE0716 Ref C: 2020-04-24T06:01:45Z
status
200
etag
"0db222df11d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7610
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee5c75817b6d0f322ce3364bdb704cb9021b7039e49bed4e738c6c144b474043
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
NAuJ/3WcbK8n5qYQiIyLpQ==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
1781
etag
"713dd5dff740e80096d3d6553938c39a"
x-fb-debug
eV4R2pWMHJd+R/oJAnIXHP6CQaEhJPGcbcD2SRWOVZKV/762SaCo9CIxAnOx4aFq3a2ifktp5xddLcE5SL6z8A==
x-fb-trip-id
420120009
x-fb-content-md5
fafd29a16dd9eeb9409c36b037794452
x-frame-options
DENY
date
Fri, 24 Apr 2020 06:01:45 GMT, Fri, 24 Apr 2020 06:01:45 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 24 Apr 2020 06:20:21 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,300,100,700|Open+Sans:300italic,400italic,600italic,700italic,300,400,700,600|Montserrat:400,500,600,700
Origin
https://livesession.vcita.com

Response headers

date
Wed, 15 Apr 2020 23:49:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
713521
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
9132
x-xss-protection
0
expires
Thu, 15 Apr 2021 23:49:44 GMT
sdk.js
connect.facebook.net/en_US/ 		394 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=03f798bdd4584c84c555921a0845f614&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9381217085b8f0291da183367897c9acf99a7fa3f9646fc8c712d8962dfacf84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://livesession.vcita.com/login
Origin
https://livesession.vcita.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
TJxOAS39KoqVhmSwpraivA==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
116959
etag
"e52292bc578504181bcc5e867ecc9469"
x-fb-debug
OQamRQdOHRPMALWkqoRPNaHsQLSSatVvLrZ8CIxUg1AE0p5+igEZF59d2cBDAHpIkAYx0hn/LOMa43MvrF8D2g==
x-fb-trip-id
420120009
x-fb-content-md5
821150a27eb80c04636d3fe4c1d14887
x-frame-options
DENY
date
Fri, 24 Apr 2020 06:01:45 GMT, Fri, 24 Apr 2020 06:01:45 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
expires
Sat, 24 Apr 2021 06:00:21 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1802038307&utmhn=livesession.vcita.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utm...
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-20992974-1&cid=1754449125.1587708105&jid=1894649654&_v=5.7.2dc&z=1802038307
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-20992974-1&cid=1754449125.1587708105&jid=1894649654&_v=5.7.2dc&z=1802038307&slf_rd=1&random=2665035543
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-20992974-1&cid=1754449125.1587708105&jid=1894649654&_v=5.7.2dc&z=1802038307&slf_rd=1&random=2665035543
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Apr 2020 06:01:45 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 24 Apr 2020 06:01:45 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-20992974-1&cid=1754449125.1587708105&jid=1894649654&_v=5.7.2dc&z=1802038307&slf_rd=1&random=2665035543
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/ 		0
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5819928&Ver=2&mid=0b96cd63-1ffe-6465-673c-2f2ab6a4b323&sid=4a6ce9cb-8587-eb9c-7e46-4a48300b9d1f&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Login%20to%20vCita&p=https%3A%2F%2Flivesession.vcita.com%2Flogin&r=&lt=1304&evt=pageLoad&msclkid=N&sv=1&rn=872907
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 24 Apr 2020 06:01:44 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 93E8E52DE74E43FF9D5FF0D3F2DABB3C Ref B: FRAEDGE0716 Ref C: 2020-04-24T06:01:45Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=746053468893176&ev=fb_page_view&dl=https%3A%2F%2Flivesession.vcita.com%2Flogin&rl=&if=false&ts=1587708105267&sw=1600&sh=1200
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 24 Apr 2020 06:01:45 GMT, Fri, 24 Apr 2020 06:01:45 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Fri, 24 Apr 2020 06:01:45 GMT
roundtrip.js
s.adroll.com/j/ 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: livesession.vcita.com
URL: https://livesession.vcita.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5c2dcc7280f9f75b2123f8512238e0fb4598e19f1d4da2206d37e613696b50f2

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
8rrc9TDMV5ezSD47OAU1r1L8E3IeGbdH
Content-Encoding
gzip
ETag
"27092f648763d7e7050dcf9fd3e938ba"
x-amz-request-id
0A7A8C13DBCBAEAD
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
10927
x-amz-id-2
ksLXpHw9gp4a7w1p+Fkm7I/jB2eTI8Q5HvK6RVBx708+iRhWKik2oZnMfcJMRgu0DK5BGm3tlN0=
Last-Modified
Wed, 22 Apr 2020 16:19:10 GMT
Server
AmazonS3
Date
Fri, 24 Apr 2020 06:01:45 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/WZPRYR3BLNDY3I7JPOWBOY/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
aDfSXL8RpbWzJh.9yIuXAVju83FCBFL2
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
03E7EE14B1F664F1
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
bnKxY4wSthkjXqmjrZMfhNB8AtG2P5gVZ8ipWaUVMrd/Kps0KDRa4YKSZhAAXjaF11d6yY5taiE=
Last-Modified
Wed, 22 Apr 2020 16:21:25 GMT
Server
AmazonS3
Date
Fri, 24 Apr 2020 06:01:45 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Fri, 24 Apr 2020 06:01:45 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/WZPRYR3BLNDY3I7JPOWBOY/CUU7LSMOUFDDFJQBPTZRFS/ 		0
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/WZPRYR3BLNDY3I7JPOWBOY/CUU7LSMOUFDDFJQBPTZRFS/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
SL0xAwPYq4wnNjuC7.HCHSE8KnmhQbFw
Content-Encoding
gzip
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id
C9E893C33398A5E1
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
x-amz-id-2
W41IiloOPPdT8+1G3jEceJ3l25S5uWklXup85HJG8GnPSkZrGYK1P1xxMFqzTY6kLBs09wjdRFI=
Last-Modified
Thu, 23 Apr 2020 07:36:38 GMT
Server
AmazonS3
Date
Fri, 24 Apr 2020 06:01:45 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/WZPRYR3BLNDY3I7JPOWBOY/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/WZPRYR3BLNDY3I7JPOWBOY?_s=e8a998ab107c86a4952fa716d01c7f9a&_b=2
  • https://d.adroll.com/consent/check/WZPRYR3BLNDY3I7JPOWBOY/?_s=e8a998ab107c86a4952fa716d01c7f9a&_b=2
116 B
208 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/WZPRYR3BLNDY3I7JPOWBOY/?_s=e8a998ab107c86a4952fa716d01c7f9a&_b=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
f266941c67fff44433de8bcd4c12033716172e43f6fd78b27d29503cb0c7d1bb

Request headers

Referer
https://livesession.vcita.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 24 Apr 2020 06:01:45 GMT
server
nginx/1.16.1
content-length
116
content-type
application/javascript

Redirect headers

status
302
date
Fri, 24 Apr 2020 06:01:45 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/WZPRYR3BLNDY3I7JPOWBOY/?_s=e8a998ab107c86a4952fa716d01c7f9a&_b=2

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| frontageIframe function| frontageIframeEvent object| state_shortcodes function| linkToFrontage function| frontageRefresh function| frontageReload function| frontageRedirect function| frontageMessage function| frontageUrlRedirect function| frontageTarget object| target boolean| FRONTAGE_IFRAME function| reportVCitaHeightChange object| FileAPI function| TimeZone function| date_is_dst function| get_date_offset function| get_timezone_info function| get_january_offset function| get_june_offset function| determine_timezone function| show_timezone_info function| getBrowserTimezone function| timezoneToRailsSafe function| getMyTimezone function| getBrowserTimezoneInternal function| getBrowserTimezoneName function| FastClick function| mixpanel_on function| safeTrack function| safeTrackWithCallback function| safeTrackOnce function| safeTrackLink function| safeTrackForm function| googleConversion function| googleTrackingCode function| businessEventTracking function| add_param function| safeTrackFacebookEvent function| safeTrackFacebookLead function| safeTrackFacebookConverstion function| safeGaqPush function| redirectToJoin function| redirectToSignup function| getURLParameter function| today function| nullToEmpty function| vanilasoftTrackEvent function| dateToTime function| setTime function| markAjaxError function| markAjaxErrorSignup function| mergeOverlappingEvents function| isChrome function| isUserAgentIE function| getFlashMovie function| remove_fields function| add_fields function| countCharsLeft function| parseBoolean function| booleanToString function| linkPopup function| directPopup function| popup function| popupCenter function| auth_callback function| synchronizeSubmit function| releaseSubmitLock function| singlePageSubmit function| reloadCurrentPage function| redirectOnDemand function| disableField function| initAutoLoadUser function| initFeatureTips function| loadQTips function| createUUID function| bindNumericInputKeys function| showVideo function| googleTracking function| closeVideo function| dateWithTime function| getQueryParams function| attachPopupControlJS function| lockPopup function| attachWidgetImplementationPopupJS function| openNewWidgetImplementationPopup string| HEMISPHERE_SOUTH string| HEMISPHERE_NORTH string| HEMISPHERE_UNKNOWN object| olson string| dt_zone object| jQueryLoaderOptions object| msBeautify object| I18n object| Base64 boolean| popupOpened object| RedactorPlugins object| html5 object| Modernizr function| yepnope function| $ function| jQuery function| DP_jQuery_1587708105126 object| jQuery18308200525735676909 object| BROWSER function| tinycolor function| designedSelect function| recurlyController function| openPopup function| openEducationCenterPopup function| openDialog function| createDialogContainer object| angular function| mixpanel_id_callback function| inner_auth_callback function| onSubmit object| _gaq object| uetq undefined| style function| fbAsyncInit string| adroll_adv_id string| adroll_pix_id string| csrf_token string| csrf_param string| browser_timezone_rails string| timezonename object| industries string| professionTitle object| FB object| _gat object| gaGlobal function| UET boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback boolean| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country object| adroll_exp_list

9 Cookies

Domain/Path Name / Value
.livesession.vcita.com/ Name: __utmb
Value: 147183146.1.10.1587708105
.vcita.com/ Name: _uetsid
Value: _uet4a6ce9cb-8587-eb9c-7e46-4a48300b9d1f
.livesession.vcita.com/ Name: __utmt
Value: 1
.livesession.vcita.com/ Name: __utmz
Value: 147183146.1587708105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.vcita.com/ Name: ____vcita_session
Value: BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJTg3OTQ1YzE0Y2VmMjZkZWI2OTcyOWNhZTg5ZTM0ZGVmBjsAVEkiFHNvdXJjZV9yZWZlcnJlcgY7AEZJIgAGOwBUSSIXYXR0cmlidXRpb25fcGFyYW1zBjsARkkiX1t7InNvdXJjZV9yZWZlcnJlciI6IiIsImludml0YXRpb24iOjY4Mjg1MSwic291cmNlX2ludml0ZSI6IldISVRFX0xBQkVMX1NVQl9BQ0NPVU5UX1JFRyJ9XQY7AFRJIhBfY3NyZl90b2tlbgY7AEZJIjFKRlczWlFNUWd4dU5yMEM3czZhYzh5eWRrWXpLdU9RRnZMTHcwOCs4TWhvPQY7AEY%3D--31be638caa294f8941dd27e2ea20529aa5b7b440
livesession.vcita.com/ Name: source_referrer
Value:
livesession.vcita.com/ Name: attribution_params
Value: %5B%7B%22source_referrer%22%3A%22%22%2C%22invitation%22%3A682851%2C%22source_invite%22%3A%22WHITE_LABEL_SUB_ACCOUNT_REG%22%7D%5D
.livesession.vcita.com/ Name: __utmc
Value: 147183146
.livesession.vcita.com/ Name: __utma
Value: 147183146.1754449125.1587708105.1587708105.1587708105.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
c15117557.ssl.cf2.rackcdn.com
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
d2ra6nuwn69ktl.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
livesession.vcita.com
s.adroll.com
spotify.localizer.co
stats.g.doubleclick.net
www.facebook.com
www.google.com
www.google.de
13.225.78.204
173.239.36.166
23.210.248.216
23.210.249.13
2620:1ec:c11::200
2a00:1450:4001:801::2003
2a00:1450:4001:806::200a
2a00:1450:4001:809::2004
2a00:1450:4001:821::2003
2a00:1450:400c:c0c::9d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
52.44.172.169
63.32.63.32
0608428f12f4d4b24724a968ecfc4067458924383c7c0e27839e191700511237
079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
23f9756576bf200767b7ac559d52eb0f49541caa521d839f89b234bbff177823
2d0f985be19209269f2d44f6d864b16af8afcdf19ab950d5d992464d9fb72779
3206d063be471325db4d375f3173f7f1d1d1cc0c74804f09b264fbc4ee61451b
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5c2dcc7280f9f75b2123f8512238e0fb4598e19f1d4da2206d37e613696b50f2
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
6bf600e2837dc55f9289d9cf1e0fc0ebfd047a5cf997c22621f4cb1b783319e2
7386bed53406a43a7f89c4ac32a3f5e66faa9ab96caa5a11f4a574583cf53043
9381217085b8f0291da183367897c9acf99a7fa3f9646fc8c712d8962dfacf84
9d15c4d5fc7928d141670f0cf1b346d309fcbe79e1e70cd60592a2d95e902c6e
a597ea5bc521cda7e068a31262a2d7ec98072e4e16f8a8fcca7a71df34be15ef
b287e00d05c3c3f010d8cc575402b9e101070f3f9216900b681d3b36f056debc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54311c7ef67069acfc846cf12b02c5cab3a94cd8a66038967cd82c227b41d10
ee5c75817b6d0f322ce3364bdb704cb9021b7039e49bed4e738c6c144b474043
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f266941c67fff44433de8bcd4c12033716172e43f6fd78b27d29503cb0c7d1bb
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52