nam10safelinksprotectionoutlook.wallacestate.net Open in urlscan Pro
104.130.255.68  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response nam10safelinksprotectionoutlook.wallacestate.net/	4 KB 3 KB	899ms 482ms	Document text/html	104.130.255.68 RMH-14
General Check archive.org Show headers Download Go to Full URL https://nam10safelinksprotectionoutlook.wallacestate.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 104.130.255.68 , United States, ASN33070 (RMH-14, US), Reverse DNS Software nginx/1.10.3 / ASP.NET Resource Hash db1cb8f420ec702103da2576cdb869005b5aa516949ca42c92de5bdc721b3918 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Sat, 26 Nov 2022 05:17:09 GMT safelinkswebapierrorcode 400204 server nginx/1.10.3 strict-transport-security max-age=15768000 vary Accept-Encoding x-aspnet-version 4.0.30319 x-aspnetmvc-version 4.0 x-backendproxy-cache MISS x-content-type-options nosniff x-from-cache False x-powered-by ASP.NET x-robots-tag noindex, nofollow x-safelinks-tracking-id d4e78b65-3f24-45c3-da2f-08dacf6d77c2 x-sb-proxy-cache MISS x-serverlat 2 x-servername BN7NAM10WS014 x-serverversion 15.20.5857.021 x-sl-geturlreputation-verdict Error x-ua-compatible IE=Edge
GET H2	200	safelinksv2.css nam10safelinksprotectionoutlook.wallacestate.net/Content/Scripts/	4 KB 2 KB	130ms 129ms	Stylesheet text/css	104.130.255.68 RMH-14
General Check archive.org Show headers Download Go to Full URL https://nam10safelinksprotectionoutlook.wallacestate.net/Content/Scripts/safelinksv2.css Requested by Host: nam10safelinksprotectionoutlook.wallacestate.net URL: https://nam10safelinksprotectionoutlook.wallacestate.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 104.130.255.68 , United States, ASN33070 (RMH-14, US), Reverse DNS Software nginx/1.10.3 / ASP.NET Resource Hash 41f78d15ae18c36b84c819d9af3511c342c180f0aba8f91dc1ccf4046b56b308 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://nam10safelinksprotectionoutlook.wallacestate.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers x-servername BN7NAM10WS020 date Sat, 26 Nov 2022 05:17:09 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=15768000 x-powered-by ASP.NET x-from-cache False x-serverlat 0 x-backendproxy-cache MISS x-ua-compatible IE=Edge x-sb-proxy-cache HIT last-modified Fri, 18 Nov 2022 17:40:30 GMT server nginx/1.10.3 vary Accept-Encoding x-safelinks-tracking-id 09652165-3b0b-4f30-d5e7-08dacf6d67a0 content-type text/css; charset=utf8 access-control-allow-origin * cache-control max-age=1800 x-serverversion 15.20.5857.019
GET H2	200	site.js Show response nam10safelinksprotectionoutlook.wallacestate.net/Content/Scripts/	2 KB 2 KB	131ms 130ms	Script application/javascript	104.130.255.68 RMH-14
General Check archive.org Show headers Download Go to Full URL https://nam10safelinksprotectionoutlook.wallacestate.net/Content/Scripts/site.js Requested by Host: nam10safelinksprotectionoutlook.wallacestate.net URL: https://nam10safelinksprotectionoutlook.wallacestate.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 104.130.255.68 , United States, ASN33070 (RMH-14, US), Reverse DNS Software nginx/1.10.3 / ASP.NET Resource Hash a9ce4840ff0d613b456081dea64e46eb717a1f8bfa5afb05d3bd058f294e416c Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://nam10safelinksprotectionoutlook.wallacestate.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers x-servername BN7NAM10WS005 date Sat, 26 Nov 2022 05:17:09 GMT strict-transport-security max-age=15768000 x-content-type-options nosniff x-powered-by ASP.NET x-from-cache False x-serverlat 0 x-backendproxy-cache MISS x-ua-compatible IE=Edge x-sb-proxy-cache HIT last-modified Thu, 24 Nov 2022 09:59:10 GMT server nginx/1.10.3 vary Accept-Encoding x-safelinks-tracking-id cab4002b-d5cc-422a-3145-08dacf6d6797 content-type application/javascript; charset=utf8 access-control-allow-origin * cache-control max-age=1800 x-serverversion 15.20.5857.021
GET H2	200	bd44b758b7fda362d335dfe.js Show response cdn.rlets.com/capture_configs/f7e/b59/eed/	185 KB 45 KB	1114ms 283ms	Script text/javascript	2600:9000:21f0:a400:6:9a19:88c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.rlets.com/capture_configs/f7e/b59/eed/bd44b758b7fda362d335dfe.js Requested by Host: nam10safelinksprotectionoutlook.wallacestate.net URL: https://nam10safelinksprotectionoutlook.wallacestate.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f0:a400:6:9a19:88c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash ba3d741995b38ad134a4ceaa8686e8799f3ffad3d55f64a85a1daa148cc24b21 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers date Fri, 25 Nov 2022 17:29:11 GMT content-encoding gzip x-content-type-options nosniff via 1.1 be868d7f633deda2e751380068dbbab4.cloudfront.net (CloudFront) x-permitted-cross-domain-policies none x-amz-cf-pop BOM50-C1 age 42479 x-cache Hit from cloudfront x-xss-protection 1; mode=block x-request-id c6a27352-b8f3-4262-a376-87628ed18362 x-runtime 0.033504 referrer-policy strict-origin-when-cross-origin etag W/"ba3d741995b38ad134a4ceaa8686e879" x-download-options noopen x-frame-options SAMEORIGIN vary Accept-Encoding content-type text/javascript; charset=utf-8 cache-control x-amz-cf-id YE4RroS0fzm4oE9t8V8s4KnhTPpJEWDnVO5CmLPYGrnXH6s9VyGekQ==
GET H2	200	scanned.png nam10safelinksprotectionoutlook.wallacestate.net/Content/images/	24 KB 11 KB	130ms 129ms	Image image/png	104.130.255.68 RMH-14
General Check archive.org Show headers Download Go to Show image Full URL https://nam10safelinksprotectionoutlook.wallacestate.net/Content/images/scanned.png Requested by Host: nam10safelinksprotectionoutlook.wallacestate.net URL: https://nam10safelinksprotectionoutlook.wallacestate.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 104.130.255.68 , United States, ASN33070 (RMH-14, US), Reverse DNS Software nginx/1.10.3 / ASP.NET Resource Hash bf5bd5c4216a18e5cea417d8ef471796eca754cff391d087409a940008d71a25 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://nam10safelinksprotectionoutlook.wallacestate.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers x-servername BN7NAM10WS041 date Sat, 26 Nov 2022 05:17:09 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=15768000 x-powered-by ASP.NET x-from-cache False x-serverlat 0 x-backendproxy-cache MISS x-ua-compatible IE=Edge x-sb-proxy-cache HIT last-modified Wed, 23 Nov 2022 10:08:36 GMT server nginx/1.10.3 x-safelinks-tracking-id d7666306-de83-49e0-115d-08dacf6d67e6 content-type image/png; charset=None access-control-allow-origin * cache-control max-age=1800 x-serverversion 15.20.5857.020
GET H2	200	storage.html Show response f7eb59ee-dbd4-4b75-8b7f-da362d335dfe.rlets.com/static/ Frame C76F	2 KB 2 KB	533ms 172ms	Document text/html	44.236.32.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f7eb59ee-dbd4-4b75-8b7f-da362d335dfe.rlets.com/static/storage.html Requested by Host: cdn.rlets.com URL: https://cdn.rlets.com/capture_configs/f7e/b59/eed/bd44b758b7fda362d335dfe.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.236.32.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-236-32-242.us-west-2.compute.amazonaws.com Software / Resource Hash 00455c2236cdd12509e5535b218c31ac9cf66fa454a69b246f4025b43d8aaa93 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-length 2024 content-type text/html date Sat, 26 Nov 2022 05:17:11 GMT last-modified Tue, 25 Oct 2022 18:55:19 GMT
GET H2	200	originCountry Show response capture-api.reachlocalservices.com/	35 B 554 B	586ms 586ms	XHR application/json	99.86.4.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://capture-api.reachlocalservices.com/originCountry Requested by Host: cdn.rlets.com URL: https://cdn.rlets.com/capture_configs/f7e/b59/eed/bd44b758b7fda362d335dfe.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.4.43 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-4-43.fra6.r.cloudfront.net Software / Resource Hash 2b343b21215fef87f4079b62256d4bc29f0697202fa85141731716654c303745 Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Content-type application/json Response headers date Sat, 26 Nov 2022 05:17:12 GMT via 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront) x-amz-cf-pop FRA6-C1 x-amzn-requestid 248212ea-91f6-4351-ad91-0f3371d2cbba x-amzn-trace-id Root=1-6381a158-0afe202c11804be51218e9f7;Sampled=0 access-control-allow-methods GET,POST,PUT,DELETE,OPTIONS content-type application/json access-control-allow-origin * x-cache Miss from cloudfront access-control-allow-credentials true x-amz-apigw-id cMYl4GFGvHcFeZQ= content-length 35 x-amz-cf-id 6XDBPs9IRWlUAjCbujOhbuej8UrFJShgbGFL4OO6a9X3MZcyGGydgQ== access-control-allow-headers Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
OPTIONS H2	200	originCountry capture-api.reachlocalservices.com/ Frame	0 0	470ms 430ms	Preflight application/json	99.86.4.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://capture-api.reachlocalservices.com/originCountry Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.4.43 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-4-43.fra6.r.cloudfront.net Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://nam10safelinksprotectionoutlook.wallacestate.net Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token access-control-allow-methods GET,OPTIONS access-control-allow-origin * content-length 0 content-type application/json date Sat, 26 Nov 2022 05:17:12 GMT via 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront) x-amz-apigw-id cMYlyEE1vHcF2cw= x-amz-cf-id -mNLkA2dU9Id_-4VjLF1ZzQsDDtDCbyz1_S7fAtsKdz-bS1of0L66A== x-amz-cf-pop FRA6-C1 x-amzn-requestid 6068920d-dfad-4f62-b4d0-73132dbfc145 x-cache Miss from cloudfront
POST H/1.1	200 OK	insights Show response liqadprdct-capture-prod-east.gannettdigital.com/capture_logger/api/v1/	16 B 783 B	108ms 108ms	XHR application/json	34.75.237.118 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://liqadprdct-capture-prod-east.gannettdigital.com/capture_logger/api/v1/insights Requested by Host: cdn.rlets.com URL: https://cdn.rlets.com/capture_configs/f7e/b59/eed/bd44b758b7fda362d335dfe.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.75.237.118 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 118.237.75.34.bc.googleusercontent.com Software envoy / Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Content-type application/json Response headers date Sat, 26 Nov 2022 05:17:12 GMT x-content-type-options nosniff x-permitted-cross-domain-policies none transfer-encoding chunked x-envoy-upstream-service-time 5 x-xss-protection 1; mode=block x-request-id fcca8f54-d6a5-49e3-b18b-854afbabc288 x-runtime 0.003161 referrer-policy strict-origin-when-cross-origin server envoy etag W/"c955e57777ec0d73639dca6748560d00" x-download-options noopen x-frame-options SAMEORIGIN access-control-max-age 7200 access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD access-control-allow-origin * access-control-expose-headers vary Accept, Origin cache-control max-age=0, private, must-revalidate content-type application/json; charset=utf-8
OPTIONS H/1.1	200 OK	insights liqadprdct-capture-prod-east.gannettdigital.com/capture_logger/api/v1/ Frame	0 0	376ms 105ms	Preflight	34.75.237.118 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://liqadprdct-capture-prod-east.gannettdigital.com/capture_logger/api/v1/insights Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.75.237.118 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 118.237.75.34.bc.googleusercontent.com Software envoy / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://nam10safelinksprotectionoutlook.wallacestate.net Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD access-control-allow-origin * access-control-expose-headers access-control-max-age 7200 date Sat, 26 Nov 2022 05:17:12 GMT server envoy transfer-encoding chunked x-envoy-upstream-service-time 1

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 undefined| theme object| params object| parts object| val function| AddCSS function| CloseHover function| GoBack object| sb object| rl_widget_cfg object| RLCAP object| captureStatus

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			f7eb59ee-dbd4-4b75-8b7f-da362d335dfe.rlets.com/	1970-01-20 07:45:26	Name: test Value: test

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

capture-api.reachlocalservices.com
cdn.rlets.com
f7eb59ee-dbd4-4b75-8b7f-da362d335dfe.rlets.com
liqadprdct-capture-prod-east.gannettdigital.com
nam10safelinksprotectionoutlook.wallacestate.net
104.130.255.68
2600:9000:21f0:a400:6:9a19:88c0:93a1
34.75.237.118
44.236.32.242
99.86.4.43
00455c2236cdd12509e5535b218c31ac9cf66fa454a69b246f4025b43d8aaa93
2b343b21215fef87f4079b62256d4bc29f0697202fa85141731716654c303745
41f78d15ae18c36b84c819d9af3511c342c180f0aba8f91dc1ccf4046b56b308
a9ce4840ff0d613b456081dea64e46eb717a1f8bfa5afb05d3bd058f294e416c
ba3d741995b38ad134a4ceaa8686e8799f3ffad3d55f64a85a1daa148cc24b21
bf5bd5c4216a18e5cea417d8ef471796eca754cff391d087409a940008d71a25
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
db1cb8f420ec702103da2576cdb869005b5aa516949ca42c92de5bdc721b3918