www.ndtnetworking.com Open in urlscan Pro
192.223.10.25  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.ndtnetworking.com/7XQX85E959L6DR/contact-notification.html?case_id=7XQX85E959L6DR Page URL
2. https://www.xlvut12po99xdpqw.com/cc-index.jspx Page URL
3. https://www.ndtnetworking.com/badphish_notice.jspx?ident=7XQX85E959L6DR&oto=91881FAEC8D24CDF1AF7498063CD8CE353223812 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	contact-notification.html Show response www.ndtnetworking.com/7XQX85E959L6DR/	562 B 812 B	467ms 121ms	Document text/html	192.223.10.25 PERFORMIVE
General Check archive.org Show headers Download Go to Full URL https://www.ndtnetworking.com/7XQX85E959L6DR/contact-notification.html?case_id=7XQX85E959L6DR Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.223.10.25 Atlanta, United States, ASN46562 (PERFORMIVE, US), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 / Resource Hash a61d2fd765fa2ee508713bf36fc7b5adff20102453751239b7a8cbeccd4b5520 Request headers Host www.ndtnetworking.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 16 Jul 2021 21:05:47 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html;charset=UTF-8
GET H/1.1	200 OK	jquery-1.6-v2.js Show response www.stickleyonsecurity.com/js/	403 KB 404 KB	444ms 107ms	Script application/javascript	192.223.10.25 PERFORMIVE
General Check archive.org Show headers Download Go to Full URL https://www.stickleyonsecurity.com/js/jquery-1.6-v2.js Requested by Host: www.ndtnetworking.com URL: https://www.ndtnetworking.com/7XQX85E959L6DR/contact-notification.html?case_id=7XQX85E959L6DR Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.223.10.25 Atlanta, United States, ASN46562 (PERFORMIVE, US), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 / Resource Hash 28c8b61c276178cf67c80b42fb968e9faa0a467cb676b633b789e6c7f897e4c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.ndtnetworking.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 16 Jul 2021 21:05:47 GMT Last-Modified Wed, 09 Jun 2021 15:19:32 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 ETag "64d4e-5c456cd2c0900" Strict-Transport-Security max-age=31536000; includeSubDomains Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 413006
POST H/1.1	200 OK	cc-index.jspx Show response www.xlvut12po99xdpqw.com/	7 KB 7 KB	460ms 123ms	Document text/html	192.223.10.25 PERFORMIVE
General Check archive.org Show headers Download Go to Full URL https://www.xlvut12po99xdpqw.com/cc-index.jspx Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.223.10.25 Atlanta, United States, ASN46562 (PERFORMIVE, US), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 / Resource Hash 4104df805e20bfbc3b53c5161d6aefd13f7cc0a1c3aa7abbedadf11a67bf95bc Request headers Host www.xlvut12po99xdpqw.com Connection keep-alive Content-Length 60 Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 Origin https://www.ndtnetworking.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://www.ndtnetworking.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 Origin https://www.ndtnetworking.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://www.ndtnetworking.com/ Response headers Date Fri, 16 Jul 2021 21:05:49 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html;charset=UTF-8
GET H/1.1	200 OK	jquery-compressed.js Show response www.stickleyonsecurity.com/js/	86 KB 86 KB	107ms 106ms	Script application/javascript	192.223.10.25 PERFORMIVE
General Check archive.org Show headers Download Go to Full URL https://www.stickleyonsecurity.com/js/jquery-compressed.js Requested by Host: www.xlvut12po99xdpqw.com URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.223.10.25 Atlanta, United States, ASN46562 (PERFORMIVE, US), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.xlvut12po99xdpqw.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 16 Jul 2021 21:05:49 GMT Last-Modified Wed, 26 Aug 2020 17:07:05 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 ETag "15851-5adcad9586040" Strict-Transport-Security max-age=31536000; includeSubDomains Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 88145
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.3.1/	85 KB 85 KB	28ms 7ms	Script text/javascript	2a00:1450:4001:82f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js Requested by Host: www.xlvut12po99xdpqw.com URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.xlvut12po99xdpqw.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 16 Jul 2021 21:03:08 GMT x-content-type-options nosniff age 159 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 86927 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sat, 16 Jul 2022 21:03:08 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	884 B 673 B	20ms 19ms	Script text/javascript	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?render=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted Requested by Host: www.xlvut12po99xdpqw.com URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash f2f9247ceddc7a4b1e5e301b16a29211692685a0543601a2d9b628405d714020 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.xlvut12po99xdpqw.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 16 Jul 2021 21:05:47 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 581 x-xss-protection 1; mode=block expires Fri, 16 Jul 2021 21:05:47 GMT
GET H/1.1	200 OK	Header-800x200.jpg mobile.onenevada.org/images/sos/	48 KB 0	822ms 173ms	Image image/jpeg	184.188.147.25 ONCU-M
General Check archive.org Show headers Download Go to Show image Full URL https://mobile.onenevada.org/images/sos/Header-800x200.jpg Requested by Host: www.xlvut12po99xdpqw.com URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 184.188.147.25 , United States, ASN394158 (ONCU-M, US), Reverse DNS wsip-184-188-147-25.lv.lv.cox.net Software Microsoft-IIS/10.0 / ASP.NET Resource Hash Request headers Referer https://www.xlvut12po99xdpqw.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 16 Jul 2021 21:05:48 GMT Last-Modified Tue, 23 Apr 2019 20:51:38 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET ETag "0a9675816fad41:0" Content-Type image/jpeg Accept-Ranges bytes Content-Length 92336
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/	341 KB 133 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?render=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.xlvut12po99xdpqw.com Referer https://www.xlvut12po99xdpqw.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 16 Jul 2021 15:35:12 GMT content-encoding gzip x-content-type-options nosniff age 19836 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 136011 x-xss-protection 0 last-modified Mon, 12 Jul 2021 02:05:32 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 16 Jul 2022 15:35:12 GMT
GET H3-29	200	anchor Show response www.google.com/recaptcha/api2/ Frame 196F	38 KB 19 KB	36ms 36ms	Document text/html	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash bbe324f2eed2ec70305e5287b1933a8bf07fa901fed7f2044cd50c0adcabbe44 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-Sk/vnKAvDrFjVcJuHBY0YA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.xlvut12po99xdpqw.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://www.xlvut12po99xdpqw.com/ Response headers content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Fri, 16 Jul 2021 21:05:48 GMT content-security-policy script-src 'report-sample' 'nonce-Sk/vnKAvDrFjVcJuHBY0YA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 19802 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	styles__ltr.css www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ Frame 196F	52 KB 25 KB	22ms 7ms	Stylesheet text/css	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 16 Jul 2021 16:03:53 GMT content-encoding gzip x-content-type-options nosniff age 18115 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 25732 x-xss-protection 0 last-modified Mon, 12 Jul 2021 02:05:32 GMT server sffe vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 16 Jul 2022 16:03:53 GMT
GET H3-29	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ Frame 196F	341 KB 133 KB	25ms 11ms	Script text/javascript	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 16 Jul 2021 15:35:12 GMT content-encoding gzip x-content-type-options nosniff age 19836 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 136011 x-xss-protection 0 last-modified Mon, 12 Jul 2021 02:05:32 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 16 Jul 2022 15:35:12 GMT
GET H3-29	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame 196F	2 KB 2 KB	7ms 6ms	Image image/png	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Jul 2021 00:00:30 GMT x-content-type-options nosniff last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe age 335118 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha content-type image/png cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2228 x-xss-protection 0 expires Tue, 20 Jul 2021 00:00:30 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 196F	15 KB 15 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.google.com Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 12 Jul 2021 21:27:21 GMT x-content-type-options nosniff age 344307 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 12 Jul 2022 21:27:21 GMT
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 196F	15 KB 15 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.google.com Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Jul 2021 14:26:18 GMT x-content-type-options nosniff age 283170 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15552 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:33:02 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 13 Jul 2022 14:26:18 GMT
GET H3-29	200	webworker.js www.google.com/recaptcha/api2/ Frame 196F	102 B 132 B	23ms 22ms	Other text/javascript	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash d8c7cf6fa5788300fc92e8ff2578c03fc025debbc62680379ed3af26ad7d1811 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 16 Jul 2021 21:05:48 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 112 x-xss-protection 1; mode=block expires Fri, 16 Jul 2021 21:05:48 GMT
POST H3-29	200	reload Show response www.google.com/recaptcha/api2/ Frame 196F	28 KB 16 KB	48ms 47ms	XHR application/json	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/reload?k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash ba4baa11d28ef05b7cd3aecacb58a5cb636d7e1b01924926a2aa0c31ec8f3c4f Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LepteEUAAAAAJwgAAo1eqAlarlFFpeO1O36hted&co=aHR0cHM6Ly93d3cueGx2dXQxMnBvOTl4ZHBxdy5jb206NDQz&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=invisible&cb=kqu537xa0ayz User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-protobuffer Response headers date Fri, 16 Jul 2021 21:05:48 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type application/json; charset=utf-8 cache-control private, max-age=0 content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16153 x-xss-protection 1; mode=block expires Fri, 16 Jul 2021 21:05:48 GMT
POST H/1.1	200 OK	bp_end.jspx Show response www.xlvut12po99xdpqw.com/	0 242 B	203ms 203ms	XHR text/html	192.223.10.25 PERFORMIVE
General Check archive.org Show headers Download Go to Full URL https://www.xlvut12po99xdpqw.com/bp_end.jspx Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.223.10.25 Atlanta, United States, ASN46562 (PERFORMIVE, US), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Sec-Fetch-Mode cors Origin https://www.xlvut12po99xdpqw.com Accept-Encoding gzip, deflate, br Accept-Language en-US Sec-Fetch-Dest empty X-Requested-With XMLHttpRequest Connection keep-alive Content-Length 532 Pragma no-cache Host www.xlvut12po99xdpqw.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept */* Cache-Control no-cache Referer https://www.xlvut12po99xdpqw.com/cc-index.jspx Sec-Fetch-Site same-origin Accept */* Referer https://www.xlvut12po99xdpqw.com/cc-index.jspx X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Fri, 16 Jul 2021 21:05:49 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 Connection Keep-Alive Keep-Alive timeout=5, max=99 Transfer-Encoding chunked Content-Type text/html;charset=UTF-8
GET H/1.1	200 OK	Primary Request badphish_notice.jspx Show response www.ndtnetworking.com/	5 KB 5 KB	120ms 120ms	Document text/html	192.223.10.25 PERFORMIVE
General Check archive.org Show headers Download Go to Full URL https://www.ndtnetworking.com/badphish_notice.jspx?ident=7XQX85E959L6DR&oto=91881FAEC8D24CDF1AF7498063CD8CE353223812 Requested by Host: www.xlvut12po99xdpqw.com URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.223.10.25 Atlanta, United States, ASN46562 (PERFORMIVE, US), Reverse DNS Software Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 / Resource Hash d55cf62dcd4a5ac7e444be018b32f3fd98a2c873dac73ab984e81a1a2fe18318 Request headers Host www.ndtnetworking.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://www.xlvut12po99xdpqw.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://www.xlvut12po99xdpqw.com/ Response headers Date Fri, 16 Jul 2021 21:05:50 GMT Server Apache/2.4.46 (Unix) OpenSSL/1.1.1g mod_jk/1.2.41 Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html;charset=UTF-8
GET H/1.1	200 OK	Header-800x200.jpg mobile.onenevada.org/images/sos/	90 KB 90 KB	664ms 336ms	Image image/jpeg	184.188.147.25 ONCU-M
General Check archive.org Show headers Download Go to Show image Full URL https://mobile.onenevada.org/images/sos/Header-800x200.jpg Requested by Host: www.ndtnetworking.com URL: https://www.ndtnetworking.com/badphish_notice.jspx?ident=7XQX85E959L6DR&oto=91881FAEC8D24CDF1AF7498063CD8CE353223812 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 184.188.147.25 , United States, ASN394158 (ONCU-M, US), Reverse DNS wsip-184-188-147-25.lv.lv.cox.net Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 0b19b361d43e66dab4cecddbb8d2007e61361bebe0c537448ad538ac234b0c5c Request headers Referer https://www.ndtnetworking.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 16 Jul 2021 21:05:48 GMT Last-Modified Tue, 23 Apr 2019 20:51:38 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET ETag "0a9675816fad41:0" Content-Type image/jpeg Accept-Ranges bytes Content-Length 92336

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx(Line 28) Message: started
console-api	log	URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx(Line 62) Message: got this
console-api	log	URL: https://www.xlvut12po99xdpqw.com/cc-index.jspx(Line 65) Message:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.gstatic.com
mobile.onenevada.org
www.google.com
www.gstatic.com
www.ndtnetworking.com
www.stickleyonsecurity.com
www.xlvut12po99xdpqw.com
184.188.147.25
192.223.10.25
2a00:1450:4001:800::2003
2a00:1450:4001:813::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82f::200a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b19b361d43e66dab4cecddbb8d2007e61361bebe0c537448ad538ac234b0c5c
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
28c8b61c276178cf67c80b42fb968e9faa0a467cb676b633b789e6c7f897e4c1
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4104df805e20bfbc3b53c5161d6aefd13f7cc0a1c3aa7abbedadf11a67bf95bc
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
a61d2fd765fa2ee508713bf36fc7b5adff20102453751239b7a8cbeccd4b5520
ba4baa11d28ef05b7cd3aecacb58a5cb636d7e1b01924926a2aa0c31ec8f3c4f
bbe324f2eed2ec70305e5287b1933a8bf07fa901fed7f2044cd50c0adcabbe44
d55cf62dcd4a5ac7e444be018b32f3fd98a2c873dac73ab984e81a1a2fe18318
d8c7cf6fa5788300fc92e8ff2578c03fc025debbc62680379ed3af26ad7d1811
e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2f9247ceddc7a4b1e5e301b16a29211692685a0543601a2d9b628405d714020