www.normstream.com Open in urlscan Pro
172.66.40.168 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://normstream.com/
Effective URL:
https://www.normstream.com/en/
Submission: On December 07 via manual (December 7th 2022, 4:45:15 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 8 domains to perform 18 HTTP transactions. The main IP is 172.66.40.168, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.normstream.com.
TLS certificate: Issued by E1 on October 14th 2022. Valid for: 3 months.

This is the only time www.normstream.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	172.66.40.168 172.66.40.168	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	146.59.254.187 146.59.254.187	() ()
1	2606:4700:303... 2606:4700:3037::6815:43a5	() ()
1	2a00:1450:400... 2a00:1450:4001:830::2008	() ()
1	2a00:1450:400... 2a00:1450:4001:80f::2004	() ()
1	2a00:1450:400... 2a00:1450:4001:831::2003	() ()
18	7

11 172.66.40.168 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

normstream.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.normstream.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.59.254.187 (None, )

ASN- ()

excelmacrostore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:43a5 (None, )

ASN- ()

models3drevit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (None, )

ASN- ()

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	normstream.com 2 redirects normstream.com www.normstream.com	305 KB
2	excelmacrostore.com excelmacrostore.com	2 KB
1	gstatic.com www.gstatic.com	162 KB
1	google.com www.google.com	992 B
1	googletagmanager.com www.googletagmanager.com	76 KB
1	models3drevit.com models3drevit.com	1 KB
0	google-analytics.com Failed region1.google-analytics.com Failed
0	2dcadmodels.com Failed 2dcadmodels.com Failed
18	8

	Domain	Requested by
9	www.normstream.com	www.normstream.com
2	excelmacrostore.com	www.normstream.com
2	normstream.com	2 redirects
1	www.gstatic.com	www.google.com
1	www.google.com	www.normstream.com
1	www.googletagmanager.com	www.normstream.com
1	models3drevit.com	www.normstream.com
0	region1.google-analytics.com Failed	www.googletagmanager.com
0	2dcadmodels.com Failed	www.normstream.com
18	9

This site contains no links.

Subject Issuer	Validity	Valid
*.normstream.com E1	`2022-10-14` - `2023-01-12`	3 months	crt.sh
excelmacrostore.com R3	`2022-11-27` - `2023-02-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-09-11` - `2023-09-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.normstream.com/en/
Frame ID: 8124ED6874278C0920212EE5A2773893
Requests: 14 HTTP requests in this frame

Frame: https://2dcadmodels.com/PaypalPayment?currency=EUR&Ver=1.2.18
Frame ID: C971FD225DC1FE113620B230E9B27982
Requests: 1 HTTP requests in this frame

Frame: https://excelmacrostore.com/PaypalPayment?currency=EUR&Ver=1.2.18
Frame ID: AE0C1C50CB97DDBAFC273398CB98DB24
Requests: 1 HTTP requests in this frame

Frame: https://models3drevit.com/PaypalPayment?currency=USD&Ver=1.2.18
Frame ID: 49F7D4160AF0B3F8E6000011C439B65B
Requests: 1 HTTP requests in this frame

Frame: https://excelmacrostore.com/PaypalPayment?currency=USD&Ver=1.2.18
Frame ID: 6BA0FF9210945392B365A631BEB7E82A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NormStreamNACE_logo_blkJapanese Industrial Standards symbol (Manufacturing technology)

Page URL History Show full URLs

http://normstream.com/ HTTP 301
https://normstream.com/ HTTP 302
https://www.normstream.com/en/ Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

18
Requests

83 %
HTTPS

67 %
IPv6

8
Domains

9
Subdomains

7
IPs

1
Countries

545 kB
Transfer

1212 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://normstream.com/ HTTP 301
https://normstream.com/ HTTP 302
https://www.normstream.com/en/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.normstream.com/en/
Redirect Chain

http://normstream.com/
https://normstream.com/
https://www.normstream.com/en/

50 KB
9 KB

182ms
117ms

Document
text/html

172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f8bc2b888e127d7aeb856cb4224250cb313097f7e8af63aafa66cddc30fab1a2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 775ebaf15b85bbf8-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 16:45:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYZhzLfH3xd2CEppOnX8c4cRGnTGQWZuD%2FjLCaJ3UPf8WxZKlwPxg23X6UlNnrKEBRMRuSM2pfv1Wv4a3NDkhtULhBIHKSWUBlqZCMiit0%2BLMygcWzQR4r1p0gAYWjWabN827m4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 775ebaefee8c92b7-FRA
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 16:45:11 GMT
location: https://www.normstream.com/en/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZRIlQMfo3WBJ48y8Gt%2BUtwnf4eNxEiiMkhtWw%2BXj2yfEEQLrUbRriL0SUOPW2IYvdss0%2Bl3Cyv4RqAFFqUwhhMvEmY1V0DZm3jlW8tiBwhvenTFDOCz2jDpe6e1rhHG2IA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H2 200 site.min.css
www.normstream.com/ 48 KB
9 KB 43ms
42ms Stylesheet
text/css 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/site.min.css?parts=general,search,purchase&version=1.2.18
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 77c87797c61098db494e6aea9548715539fe1c5d21cc00d76b96c294d5350288

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
age: 25723
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-aspnetmvc-version: 5.2
last-modified: Tue, 06 Dec 2022 19:21:41 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2F35mMJJ8a%2FRn9gYbk1rMpii%2Bhgn21UxsocoWv4N5PIqZDbPVkwfc2JcNeOJcxGx5BwaQKPjB3riy8xdLyXMmagVUnx4zvEs4zHuxIbUYU9AayyV8h1zOartp5eUkhsizUIKzxM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=2592000
cf-ray: 775ebaf21cfdbbf8-FRA

GET
H2 200 7.webp
www.normstream.com/Content/Publishers/SVG/ 8 KB
8 KB 57ms
56ms Image
image/webp 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.normstream.com/Content/Publishers/SVG/7.webp
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: dcc8b19c2f4e28345f9a865bd8074f2f7cd18182dfe091e2a6f1bfed22d2acfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7782
last-modified: Sat, 29 Jan 2022 04:02:53 GMT
server: cloudflare
etag: "8b79c216c514d81:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btRV5s2nnElUR0DAavNS%2BRYBzpF%2FvAb%2BkGa141lah%2BqMUJbQdOB3MPFc1beGU74pnVs3CbDWXm9WwkcS2djpOgq6zjJFw%2FfeRKNi7yfs0W%2FABC4eQZUnEIuN7Rr301N2qPem1VQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=8640000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 775ebaf21d00bbf8-FRA

GET
H3 200 site.min.js Show response
www.normstream.com/ 106 KB
24 KB 47ms
47ms Script
text/javascript 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/site.min.js?parts=strings_en,general,login,notification,itemDrawing,itemDrawingPurchase,purchase,paymentMedler_utils,paymentMedler_paypal,paymentMedler_stripe,icons_general&version=1.2.18
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/en/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bc7add0df84fd1cfab50f3cb9757770169679b8982a226dc6d2b7b4fe723ffbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
age: 225362
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-aspnetmvc-version: 5.2
last-modified: Thu, 01 Dec 2022 03:57:21 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BCzilZrjY9SgpdPvl9dmvI4dC8kN8%2BLH9Oc%2FRjyboRopkvG%2FaMeBBngchjIS5IeS4FA%2FdLH7ZowHHhCIJ3gZYCI8KJFM%2BXiZrvpp3%2BGkroVfYRRWczYiWw3mLVcGk4bLn6qkJ08%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=2592000
cf-ray: 775ebaf23dff5c98-FRA

GET
H3 200 PublishersSVGs Show response
www.normstream.com/en/Home/ 132 KB
49 KB 97ms
96ms Script
text/javascript 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/en/Home/PublishersSVGs?Subset=Home&ver=1.2.18_1860
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/en/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0969335663656b4bc4d3191dfd0e92e3f3200466790700394e683d53cff27773

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
content-encoding: br
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DoGRUFMySO%2BMmR68eCuAMyN7VfR4KcOEwuP5nVeKg21T5z9mfuzJ2FykMbHvWbXDJ9R4LpKn0y6fJSDzBKLxlpQg8KLgO%2BO9Aa33%2FjxwIWx%2FsB1y46AktxKor%2BtWDXPkcb1esbE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=2592000
cf-ray: 775ebaf23e055c98-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Home.jpg
www.normstream.com/Content/Images/ 183 KB
184 KB 51ms
51ms Image
image/jpeg 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.normstream.com/Content/Images/Home.jpg
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/en/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0cb9d6c1fc44680852f1b8b9cea0c732b7057b2ff852394afc31175eaeae7581

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 31687
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 187694
last-modified: Sat, 22 Jan 2022 13:56:03 GMT
server: cloudflare
etag: "4ca32ccb97fd81:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUrWoEnlZuR7rL0nug51xJZ9XK7Eh6G%2BtN6GiOe%2BsLuL%2FxBAyEPPvc22Hnv%2Buoo%2FZywgwwrb6EVMoxkTXezTbBexd323so1%2ByVMSvnIUJulf6MQ1oBYekaQh5dhNAhxjrxc%2FxAU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=8640000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 775ebaf25e705c98-FRA

GET
H3 200 still_on_page_worker.min.js
www.normstream.com/Scripts/ 2 KB
1 KB 74ms
73ms Other
application/javascript 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/Scripts/still_on_page_worker.min.js?version=1.2.18
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/en/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1cb7ed231491fdbaf5dd96baac7bda5e32f74dc649a8dfa0b8cb915a54833b08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 06 Aug 2022 03:34:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"34e1516845a9d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDs6LLNvBWCqn79wyQOCO2EXl1es09gwl8iHKQ%2B9IPHer7gfzPNGEOo2XoUOGgZ4jIE5%2FgyObhUrMxNsEX8VIW%2BbE6pMdLUoCph16B8RJTQVOSEuJE%2BM6C8YfXsaIw%2Fm8cNlvVU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 775ebaf28eca5c98-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 GetPaymentAccounts Show response
www.normstream.com/Utils/ 581 B
841 B 43ms
43ms Fetch
application/json 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/Utils/GetPaymentAccounts
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/site.min.js?parts=strings_en,general,login,notification,itemDrawing,itemDrawingPurchase,purchase,paymentMedler_utils,paymentMedler_paypal,paymentMedler_stripe,icons_general&version=1.2.18
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d51c14fcf50207e77ed720899703525826dd46bc00b15768cf6382690979a382

Request headers

Referer: https://www.normstream.com/en/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 16:45:11 GMT
content-encoding: br
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Xxv%2F3tDMInCy6ESvRhljpPplU7CI6fTkjUny%2BEE5bp1z%2BV0UXLm7B85iD6b4mOspQ%2FsoOdzqJgHm%2Fk9z1jixisWDnik2RrskJxJEmI3TLUl9sAuCg0%2BHMhKJnZ8SGrikHemAxA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cache-control: private
cf-ray: 775ebaf2ef855c98-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 autocomplete.min.js Show response
www.normstream.com/Scripts/ 56 KB
19 KB 62ms
61ms Script
application/javascript 172.66.40.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.normstream.com/Scripts/autocomplete.min.js
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/site.min.js?parts=strings_en,general,login,notification,itemDrawing,itemDrawingPurchase,purchase,paymentMedler_utils,paymentMedler_paypal,paymentMedler_stripe,icons_general&version=1.2.18
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.40.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 5a3d06d1b1f501f2093b356eda8275778f948abbf611429866909e5589f12b46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 06 Aug 2022 03:05:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"a4fe3b6541a9d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofUSkXZ%2FSIdwsqUv1Ntam8A4eoZ5rwemi9cGyKvsu9InX%2BYY39tsJzz8%2BW4HPLbeYUhPSKjzX79xZe%2FLbYj1DTgS0dZxAGljScbii5KR%2FRGBUilSfXTwPOqgSompZyfl0Qbi4mE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 775ebb0be85d5c98-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET PaypalPayment
2dcadmodels.com/ Frame C971 0
0

GET
H2 200 PaypalPayment Show response
excelmacrostore.com/ Frame AE0C 2 KB
1007 B 79ms
15ms Document
text/html 146.59.254.187

General

Check archive.org

Show headers Download Go to

Full URL: https://excelmacrostore.com/PaypalPayment?currency=EUR&Ver=1.2.18
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/site.min.js?parts=strings_en,general,login,notification,itemDrawing,itemDrawingPurchase,purchase,paymentMedler_utils,paymentMedler_paypal,paymentMedler_stripe,icons_general&version=1.2.18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.59.254.187 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 187eee1afc14e714b09c55e484b9dc68a71a41d74f89cfb061161e17f75a2e01

Request headers

Referer: https://www.normstream.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=2473
content-encoding: br
content-length: 968
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 16:45:15 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 PaypalPayment Show response
models3drevit.com/ Frame 49F7 2 KB
1 KB 172ms
105ms Document
text/html 2606:4700:3037::6815:43a5

General

Check archive.org

Show headers Download Go to

Full URL: https://models3drevit.com/PaypalPayment?currency=USD&Ver=1.2.18
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/site.min.js?parts=strings_en,general,login,notification,itemDrawing,itemDrawingPurchase,purchase,paymentMedler_utils,paymentMedler_paypal,paymentMedler_stripe,icons_general&version=1.2.18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:43a5 -, , ASN (),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 187eee1afc14e714b09c55e484b9dc68a71a41d74f89cfb061161e17f75a2e01

Request headers

Referer: https://www.normstream.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=114
cf-cache-status: DYNAMIC
cf-ray: 775ebb0cac2cb794-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 16:45:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0Xpke1BfYsvGlaCZLlhkpWoPRfLl7TOPLEsHF1MS2bfKXKXc9cubdVtzCe5y1Sm8yj1m0PnktpEoL7lNGh%2BTLUtIPdT8OyBfpgYcEwD850wf865sLZslEs8F0uP%2BvO4Vs9jCuCWcmny5fc8Y%2BMXKg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 PaypalPayment Show response
excelmacrostore.com/ Frame 6BA0 2 KB
1 KB 71ms
14ms Document
text/html 146.59.254.187

General

Check archive.org

Show headers Download Go to

Full URL: https://excelmacrostore.com/PaypalPayment?currency=USD&Ver=1.2.18
Requested by: Host: www.normstream.com
URL: https://www.normstream.com/site.min.js?parts=strings_en,general,login,notification,itemDrawing,itemDrawingPurchase,purchase,paymentMedler_utils,paymentMedler_paypal,paymentMedler_stripe,icons_general&version=1.2.18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.59.254.187 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 187eee1afc14e714b09c55e484b9dc68a71a41d74f89cfb061161e17f75a2e01

Request headers

Referer: https://www.normstream.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=2473
content-encoding: br
content-length: 968
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 16:45:15 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
76 KB 47ms
22ms Script
application/javascript 2a00:1450:4001:830::2008

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DKCMSKG508

Requested by

Host: www.normstream.com
URL: https://www.normstream.com/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

09c04c6905466e3785ea8bd2f9a2731551076354c80a2b60d7245b86b2d07fee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76944
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 07 Dec 2022 16:45:15 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 918 B
992 B 40ms
16ms Script
text/javascript 2a00:1450:4001:80f::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=recaptchaOnloadCallback&render=explicit

Requested by

Host: www.normstream.com
URL: https://www.normstream.com/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

5a75671a71f85cbcb3976cd86c6fbbc9277c5742824b2a33d9b16278522f1d66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.normstream.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 579
x-xss-protection: 1; mode=block
expires: Wed, 07 Dec 2022 16:45:15 GMT

GET
H2 200 recaptcha__de.js
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ 402 KB
162 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:831::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=recaptchaOnloadCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.normstream.com/
Origin: https://www.normstream.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 164812
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 12:59:23 GMT

POST collect
region1.google-analytics.com/g/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 2dcadmodels.com
URL: https://2dcadmodels.com/PaypalPayment?currency=EUR&Ver=1.2.18

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9RRX45JCGN&gtm=2oebu0&_p=409850149&cid=1000981047.1670431516&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1670431515&sct=1&seg=0&dl=https%3A%2F%2Fwww.normstream.com%2Fen%2F&dt=NormStream&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DKCMSKG508&gtm=2oebu0&_p=409850149&cid=1000981047.1670431516&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1670431515&sct=1&seg=0&dl=https%3A%2F%2Fwww.normstream.com%2Fen%2F&dt=NormStream&en=page_view&_fv=1&_ss=1&_ee=1

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			normstream.com/	1970-01-20 08:10:36	Name: ASP.NET_SessionId Value: a1eeovfn5g13lf11rdhcdpgp
			www.normstream.com/	1970-01-20 16:20:31	Name: ASP.NET_SessionId Value: 1twwooakumgannqzkurnhklt

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2dcadmodels.com
excelmacrostore.com
models3drevit.com
normstream.com
region1.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.normstream.com
2dcadmodels.com
region1.google-analytics.com
146.59.254.187
172.66.40.168
2606:4700:3037::6815:43a5
2a00:1450:4001:80f::2004
2a00:1450:4001:830::2008
2a00:1450:4001:831::2003
0969335663656b4bc4d3191dfd0e92e3f3200466790700394e683d53cff27773
09c04c6905466e3785ea8bd2f9a2731551076354c80a2b60d7245b86b2d07fee
0cb9d6c1fc44680852f1b8b9cea0c732b7057b2ff852394afc31175eaeae7581
187eee1afc14e714b09c55e484b9dc68a71a41d74f89cfb061161e17f75a2e01
1cb7ed231491fdbaf5dd96baac7bda5e32f74dc649a8dfa0b8cb915a54833b08
5a3d06d1b1f501f2093b356eda8275778f948abbf611429866909e5589f12b46
5a75671a71f85cbcb3976cd86c6fbbc9277c5742824b2a33d9b16278522f1d66
77c87797c61098db494e6aea9548715539fe1c5d21cc00d76b96c294d5350288
bc7add0df84fd1cfab50f3cb9757770169679b8982a226dc6d2b7b4fe723ffbd
d51c14fcf50207e77ed720899703525826dd46bc00b15768cf6382690979a382
dcc8b19c2f4e28345f9a865bd8074f2f7cd18182dfe091e2a6f1bfed22d2acfa
f8bc2b888e127d7aeb856cb4224250cb313097f7e8af63aafa66cddc30fab1a2

www.normstream.com Open in urlscan Pro 172.66.40.168 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

83 %HTTPS

67 %IPv6

8 Domains

9 Subdomains

7 IPs

1 Countries

545 kBTransfer

1212 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

2 Cookies

Indicators

www.normstream.com Open in urlscan Pro
172.66.40.168 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

83 %
HTTPS

67 %
IPv6

8
Domains

9
Subdomains

7
IPs

1
Countries

545 kB
Transfer

1212 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions