assumption-school.emestore.com Open in urlscan Pro
209.126.16.123  Malicious Activity! Public Scan

URL: https://assumption-school.emestore.com/importer/web/js/login.php
Submission: On August 07 via manual from US

Summary

This website contacted 6 IPs in 4 countries across 8 domains to perform 35 HTTP transactions. The main IP is 209.126.16.123, located in Southfield, United States and belongs to NEXCESS-NET, US. The main domain is assumption-school.emestore.com.
TLS certificate: Issued by Gandi Standard SSL CA 2 on January 30th 2020. Valid for: a year.
This is the only time assumption-school.emestore.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

IP Address AS Autonomous System
7 209.126.16.123 36444 (NEXCESS-NET)
2 24 88.221.143.122 16625 (AKAMAI-AS)
1 1 35.237.102.216 15169 (GOOGLE)
1 184.50.160.199 16625 (AKAMAI-AS)
1 2 172.217.21.198 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 162.252.74.5 11054 (LIVEPERSON)
35 6
Domain Requested by
22 www.discovercard.com 2 redirects assumption-school.emestore.com
7 assumption-school.emestore.com assumption-school.emestore.com
3 sales.liveperson.net www.discovercard.com
assumption-school.emestore.com
2 fls.doubleclick.net 1 redirects assumption-school.emestore.com
2 www.discover.com assumption-school.emestore.com
1 adservice.google.de assumption-school.emestore.com
1 adservice.google.com 1 redirects
1 cdn-akamai.mookie1.com assumption-school.emestore.com
1 b3.mookie1.com 1 redirects
35 9
Subject Issuer Validity Valid
*.emestore.com
Gandi Standard SSL CA 2
2020-01-30 -
2021-02-16
a year crt.sh
www.discover.com
DigiCert SHA2 Extended Validation Server CA
2020-07-17 -
2022-07-22
2 years crt.sh
cdn-akamai.mookie1.com
DigiCert SHA2 Secure Server CA
2020-01-07 -
2021-01-07
a year crt.sh
*.doubleclick.net
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
*.google.de
GTS CA 1O1
2020-07-07 -
2020-09-29
3 months crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2020-05-30 -
2022-05-30
2 years crt.sh

This page contains 1 frames:

Primary Page: https://assumption-school.emestore.com/importer/web/js/login.php
Frame ID: 3ED53DDD00BB56E7DA8DA35795241D96
Requests: 35 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

35
Requests

100 %
HTTPS

25 %
IPv6

8
Domains

9
Subdomains

6
IPs

4
Countries

147 kB
Transfer

327 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • http://www.discovercard.com/images/login-off.gif HTTP 301
  • https://www.discover.com/images/login-off.gif
Request Chain 10
  • http://www.discovercard.com/loginlogout/app/images/credit-score-tracker-ac-placement.jpg HTTP 301
  • https://www.discover.com/loginlogout/app/images/credit-score-tracker-ac-placement.jpg
Request Chain 15
  • https://b3.mookie1.com/1/TRACK_Discover/Discover/Retargeting_NX_Secure@Bottom3 HTTP 302
  • https://cdn-akamai.mookie1.com/html/empty.gif
Request Chain 19
  • https://fls.doubleclick.net/activityj;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583 HTTP 302
  • https://fls.doubleclick.net/activityj;dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583
Request Chain 20
  • https://adservice.google.com/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/web/js/login.php HTTP 302
  • https://adservice.google.de/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/web/js/login.php

35 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
assumption-school.emestore.com/importer/web/js/
30 KB
30 KB
Document
General
Full URL
https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
707901cbf9d60ec135fda17d26421e13df515893dc4bb9b50595c280628b8e50

Request headers

Host
assumption-school.emestore.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:09 GMT
Server
Apache
X-Hostname
mce266-node1.nexcess.net
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
ac-global.css
www.discovercard.com/css/optimized/
55 KB
9 KB
Stylesheet
General
Full URL
https://www.discovercard.com/css/optimized/ac-global.css
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
758c57f269285817fd4b511e80f96bd4373a9950f8eccdf3ad26f514d6c23a2c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Apr 2020 06:10:32 GMT
date
Fri, 07 Aug 2020 21:47:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
vary
Accept-Encoding
content-length
9227
x-xss-protection
1; mode=block
loginlogout-global.css
www.discovercard.com/css/optimized/
112 KB
16 KB
Stylesheet
General
Full URL
https://www.discovercard.com/css/optimized/loginlogout-global.css
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
804b6281b14de8ea3beeac5bfc18dee2a4b4ad797c420d30fd2ff267a2542d1b
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:07:49 GMT
date
Fri, 07 Aug 2020 21:47:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
vary
Accept-Encoding
content-length
16391
x-xss-protection
1; mode=block
ac-global-screen.css
www.discovercard.com/css/optimized/
14 KB
3 KB
Stylesheet
General
Full URL
https://www.discovercard.com/css/optimized/ac-global-screen.css
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
866290055b5670010dac9c7101be7edcaeef61cdd98a805ef3e9b467fa156e97
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 13 Aug 2015 06:04:56 GMT
date
Fri, 07 Aug 2020 21:47:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
vary
Accept-Encoding
content-length
2874
x-xss-protection
1; mode=block
loginlogout-top.js
www.discovercard.com/scripts/optimized/
59 KB
23 KB
Script
General
Full URL
https://www.discovercard.com/scripts/optimized/loginlogout-top.js
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c29a78f3d8dc28314e247d994b1ea33951435d55a3a7d464169504710b87849a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 17:56:35 GMT
date
Fri, 07 Aug 2020 21:47:09 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
vary
Accept-Encoding
content-length
22707
x-xss-protection
1; mode=block
logo-discover-financial-services.gif
www.discovercard.com/registration/images/
2 KB
3 KB
Image
General
Full URL
https://www.discovercard.com/registration/images/logo-discover-financial-services.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
40da5d11bdfffe97bd52a7c20a03fdebafa7a0a0756fe65f4859298e4ba54370
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:08:52 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
2395
x-xss-protection
1; mode=block
btn-search-gray-off.gif
www.discovercard.com/search/images/
907 B
1 KB
Image
General
Full URL
https://www.discovercard.com/search/images/btn-search-gray-off.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
23463987921a39610e206599214b319a6fe88e106e695fecdcf6556603bb0b7d
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 19:07:20 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
907
x-xss-protection
1; mode=block
icon-lock.gif
www.discovercard.com/images/
72 B
327 B
Image
General
Full URL
https://www.discovercard.com/images/icon-lock.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
180fabdab945223febb42a698e458f019cbd321ea79fd886b00523d9f7a17222
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:10 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
72
x-xss-protection
1; mode=block
login-off.gif
www.discover.com/images/
Redirect Chain
  • http://www.discovercard.com/images/login-off.gif
  • https://www.discover.com/images/login-off.gif
703 B
964 B
Image
General
Full URL
https://www.discover.com/images/login-off.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
897bbcc31b17dd6e483ca3ccbd457e260e474bcecd823d1d04916567e2525568
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 19:09:12 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
703
x-xss-protection
1; mode=block

Redirect headers

Location
https://www.discover.com/images/login-off.gif
Date
Fri, 07 Aug 2020 21:47:10 GMT
Connection
keep-alive
Content-Length
253
Content-Type
text/html; charset=iso-8859-1
question-popup-off.gif
www.discovercard.com/images/
147 B
403 B
Image
General
Full URL
https://www.discovercard.com/images/question-popup-off.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9338be77b0bb0f06e446925ecc0d36d2a9e83a29f024e00023060db99c951bff
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 19:07:00 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
147
x-xss-protection
1; mode=block
mbox.js
assumption-school.emestore.com/scripts/vendors/
0
0
Script
General
Full URL
https://assumption-school.emestore.com/scripts/vendors/mbox.js
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:09 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Hostname
mce266-node1.nexcess.net
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=15, max=99
credit-score-tracker-ac-placement.jpg
www.discover.com/loginlogout/app/images/
Redirect Chain
  • http://www.discovercard.com/loginlogout/app/images/credit-score-tracker-ac-placement.jpg
  • https://www.discover.com/loginlogout/app/images/credit-score-tracker-ac-placement.jpg
0
0
Image
General
Full URL
https://www.discover.com/loginlogout/app/images/credit-score-tracker-ac-placement.jpg
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.discover.com/loginlogout/app/images/credit-score-tracker-ac-placement.jpg
Date
Fri, 07 Aug 2020 21:47:10 GMT
Connection
keep-alive
Content-Length
293
Content-Type
text/html; charset=iso-8859-1
btn-learn-more-lg.png
www.discovercard.com/achome/images/promos/
1 KB
2 KB
Image
General
Full URL
https://www.discovercard.com/achome/images/promos/btn-learn-more-lg.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2ff1afa3c4aa3531b49cb623cac70a8ff3cd1a961dfcf8dfd2fb7cb19da04cd6
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 19:05:40 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
1524
x-xss-protection
1; mode=block
btn-popup-close.gif
assumption-school.emestore.com/registration/images/
8 KB
8 KB
Image
General
Full URL
https://assumption-school.emestore.com/registration/images/btn-popup-close.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
360cb8f396f6eb43f01f8ed58b41d714b10f11c240920be7bc02ce13465108f0
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:10 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Hostname
mce266-node1.nexcess.net
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
dc-global-bottom.js
assumption-school.emestore.com/scripts/optimized/
0
0
Script
General
Full URL
https://assumption-school.emestore.com/scripts/optimized/dc-global-bottom.js
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:10 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Hostname
mce266-node1.nexcess.net
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
vendor-dc-global-bottom.js
assumption-school.emestore.com/scripts/optimized/
0
0
Script
General
Full URL
https://assumption-school.emestore.com/scripts/optimized/vendor-dc-global-bottom.js
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:10 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Hostname
mce266-node1.nexcess.net
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
empty.gif
cdn-akamai.mookie1.com/html/
Redirect Chain
  • https://b3.mookie1.com/1/TRACK_Discover/Discover/Retargeting_NX_Secure@Bottom3
  • https://cdn-akamai.mookie1.com/html/empty.gif
43 B
562 B
Image
General
Full URL
https://cdn-akamai.mookie1.com/html/empty.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.50.160.199 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-50-160-199.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:10 GMT
Last-Modified
Fri, 21 Aug 2015 16:09:40 GMT
Server
AkamaiNetStorage
ETag
"fc94fb0c3ed8a8f909dbc7630a0987ff:1440173380"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
43
Expires
Sat, 08 Aug 2020 21:47:10 GMT

Redirect headers

Location
https://cdn-akamai.mookie1.com/html/empty.gif
Pragma
no-cache
Cache-Control
no-cache
Connection
close
c_sprite.png
www.discovercard.com/images/optimized/
9 KB
9 KB
Image
General
Full URL
https://www.discovercard.com/images/optimized/c_sprite.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f80cd677405fca2aa43cb47cb4165fff83dedd3b0546c8d032c92c877e7be42e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/loginlogout-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:11 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
8748
x-xss-protection
1; mode=block
c_sprite1.png
www.discovercard.com/images/optimized/
553 B
789 B
Image
General
Full URL
https://www.discovercard.com/images/optimized/c_sprite1.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
824ee2b3eaae3448987f4217fe35b22c2e479316ccaad58475403ae57236db12
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/loginlogout-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:11 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
553
x-xss-protection
1; mode=block
icon-question-popup-gray.gif
www.discovercard.com/images/
147 B
403 B
Image
General
Full URL
https://www.discovercard.com/images/icon-question-popup-gray.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9338be77b0bb0f06e446925ecc0d36d2a9e83a29f024e00023060db99c951bff
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/loginlogout-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:08:36 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
147
x-xss-protection
1; mode=block
activityj;dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583
fls.doubleclick.net/
Redirect Chain
  • https://fls.doubleclick.net/activityj;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583?
  • https://fls.doubleclick.net/activityj;dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583?
545 B
622 B
Script
General
Full URL
https://fls.doubleclick.net/activityj;dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583?
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f198.1e100.net
Software
cafe /
Resource Hash
14bdf27b45d7231b6071d7e62bfdf61775a0a70254f0168d7f6613c462b90ef1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 Aug 2020 21:47:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
409
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 07 Aug 2020 21:47:10 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
content-type
text/html; charset=UTF-8
location
https://fls.doubleclick.net/activityj;dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583?
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
login.php
adservice.google.de/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/web/js/
Redirect Chain
  • https://adservice.google.com/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/we...
  • https://adservice.google.de/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/web...
0
0
Script
General
Full URL
https://adservice.google.de/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/web/js/login.php
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

pragma
no-cache
date
Fri, 07 Aug 2020 21:47:10 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://adservice.google.de/ddm/fls/j/dc_pre=CIW-kuCIiusCFU4Aiwod1dIOcA;src=2033010;type=cashbbou;cat=loginpag;ord=1;num=3491711668440.2583;~oref=https://assumption-school.emestore.com/importer/web/js/login.php
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bullet-blue.gif
www.discovercard.com/images/
68 B
323 B
Image
General
Full URL
https://www.discovercard.com/images/bullet-blue.gif
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fb2c359f2c3d053c6aa6c2e291faff3004f83ec078378c549f73ceffefce9fa1
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/loginlogout-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:08:36 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, must-revalidate
accept-ranges
bytes
content-length
68
x-xss-protection
1; mode=block
loginlogout_btn_sprite.png
www.discovercard.com/images/optimized/
6 KB
6 KB
Image
General
Full URL
https://www.discovercard.com/images/optimized/loginlogout_btn_sprite.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
97fbbb53c53c6d5b9af70e2b43942185f236114c0952e2d92dffc000ea8ff162
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/loginlogout-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:11 GMT
date
Fri, 07 Aug 2020 21:47:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
6026
x-xss-protection
1; mode=block
dc-global-bottom.js
assumption-school.emestore.com/scripts/optimized/
0
0
Script
General
Full URL
https://assumption-school.emestore.com/scripts/optimized/dc-global-bottom.js
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:13 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Hostname
mce266-node1.nexcess.net
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
vendor-dc-global-bottom.js
assumption-school.emestore.com/scripts/optimized/
0
0
Script
General
Full URL
https://assumption-school.emestore.com/scripts/optimized/vendor-dc-global-bottom.js
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.126.16.123 Southfield, United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS
mce266-lb1.nexcess.net
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:15 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Hostname
mce266-node1.nexcess.net
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
bg-social-icons.png
www.discovercard.com/images/
4 KB
4 KB
Image
General
Full URL
https://www.discovercard.com/images/bg-social-icons.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4f539319c027c53d3af91987b58bdf031ebc20603c62f9782f7acc67e291806a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/ac-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:10 GMT
date
Fri, 07 Aug 2020 21:47:16 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
4076
x-xss-protection
1; mode=block
bg-footer.png
www.discovercard.com/images/
250 B
485 B
Image
General
Full URL
https://www.discovercard.com/images/bg-footer.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c775671608781223d3c6355f2655c2eada5d811dd4412c9d4c054b5b657828ae
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/ac-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 19:06:59 GMT
date
Fri, 07 Aug 2020 21:47:16 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
250
x-xss-protection
1; mode=block
icon-footer-down-arrow.png
www.discovercard.com/images/
208 B
443 B
Image
General
Full URL
https://www.discovercard.com/images/icon-footer-down-arrow.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7cdc24c5739df6dec49b9e53c538399945d8eccc986ff84735317ca5185c169a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/ac-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 17:56:13 GMT
date
Fri, 07 Aug 2020 21:47:16 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
208
x-xss-protection
1; mode=block
logo-it-pays-to-discover.png
www.discovercard.com/images/
5 KB
5 KB
Image
General
Full URL
https://www.discovercard.com/images/logo-it-pays-to-discover.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b6bf543ad3b1547b54b9608d058aef4fd0412745d2517079a94da339900d8ea0
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/ac-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:10 GMT
date
Fri, 07 Aug 2020 21:47:16 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
5035
x-xss-protection
1; mode=block
bg-footer-btm.png
www.discovercard.com/images/
806 B
1 KB
Image
General
Full URL
https://www.discovercard.com/images/bg-footer-btm.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
88c115e368b88caf347417c33f4fbe321450fa8f1f667f0d933b937568a6cb4b
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/ac-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:10 GMT
date
Fri, 07 Aug 2020 21:47:16 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
806
x-xss-protection
1; mode=block
footer-line.png
www.discovercard.com/images/
126 B
361 B
Image
General
Full URL
https://www.discovercard.com/images/footer-line.png
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.143.122 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-143-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9b53f818b1aa9c91a5456738caedfe89c562996d9ed4deea9e0df50b718148b6
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.discovercard.com/css/optimized/ac-global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Fri, 27 Oct 2017 18:57:10 GMT
date
Fri, 07 Aug 2020 21:47:16 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
accept-ranges
bytes
content-length
126
x-xss-protection
1; mode=block
mTag.js
sales.liveperson.net/hcp/html/
17 KB
18 KB
Script
General
Full URL
https://sales.liveperson.net/hcp/html/mTag.js?site=33238650
Requested by
Host: www.discovercard.com
URL: https://www.discovercard.com/scripts/optimized/loginlogout-top.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
162.252.74.5 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
WS /
Resource Hash
7af71bf299d55a276ed7126683da9bdc8534684cca0044fa34252a9f18ebc917

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 21:47:17 GMT
Last-Modified
Wed, 16 Sep 2015 19:55:44 GMT
Server
WS
ETag
"0a0eacb9f0d01:0"
Access-Control-Allow-Methods
GET, POST, PATCH
P3P
CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/javascript
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length
17753
/
sales.liveperson.net/hc/33238650/
108 B
1 KB
Script
General
Full URL
https://sales.liveperson.net/hc/33238650/?&site=33238650&cmd=mTagKnockPage&lpCallId=878802197853-125947096218&protV=20&lpjson=1&id=679207575&javaSupport=false&visitorStatus=INSITE_STATUS
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
162.252.74.5 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
WS /
Resource Hash
88182aa996ed9cd1ccc0d0479b120edd160614b508a9667518791fe6394330a5

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 Aug 2020 21:47:17 GMT
Last-Modified
Fri, 07 Aug 2020 21:47:17 GMT
Server
WS
Access-Control-Allow-Methods
GET, POST, PATCH
P3P
CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/x-javascript
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length
108
Expires
Wed, 31 Dec 1969 23:59:59 GMT
/
sales.liveperson.net/hc/33238650/
108 B
1 KB
Script
General
Full URL
https://sales.liveperson.net/hc/33238650/?&site=33238650&cmd=mTagKnockPage&lpCallId=281988207700-501031506948&protV=20&lpjson=1&id=679207575&javaSupport=false&visitorStatus=INSITE_STATUS
Requested by
Host: assumption-school.emestore.com
URL: https://assumption-school.emestore.com/importer/web/js/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
162.252.74.5 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
WS /
Resource Hash
f2d7ed0018a66a5dcfeb8959b3b961c1387e088200d7ec43fcfdd7ede6f7cb03

Request headers

Referer
https://assumption-school.emestore.com/importer/web/js/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 Aug 2020 21:47:27 GMT
Last-Modified
Fri, 07 Aug 2020 21:47:27 GMT
Server
WS
Access-Control-Allow-Methods
GET, POST, PATCH
P3P
CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/x-javascript
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length
108
Expires
Wed, 31 Dec 1969 23:59:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| expDays object| exp function| GetCookie function| SetCookie function| DeleteCookie function| getCookieVal function| checkUserID function| setValues string| SEP string| PAIR string| DEV number| ver function| goto function| flashfix function| activeXDetect function| extractVersions function| stripIllegalChars function| stripFullPath function| fingerprint_browser function| fingerprint_display function| fingerprint_software function| fingerprint_timezone function| fingerprint_language function| fingerprint_java function| fingerprint_cookie function| form_add_data function| form_add_fingerprint function| asyncpost_fingerprints function| post_fingerprints function| post_fingerprintsnoencode function| URLencode function| add_deviceprint function| Hashtable string| pageUrl object| logurl object| lpMTagConfig string| lpUnit string| lpLanguage string| dfsedskey function| addLoadEvent function| findPos function| clearSearch function| initNavDropdown function| getElementsByClassName number| currentPane object| overlayArray function| initOverlays function| showOverlay function| lpAddMonitorTag function| lpSendData function| lpSendDataPage function| lpAddVars function| getCookieValue string| ua boolean| opera boolean| ie boolean| iemac number| moz string| os function| jQuery function| $ number| flashinstalled number| flashversion string| MSDetect undefined| d undefined| out string| t boolean| isFirst string| axel number| a string| bName number| bVer string| popURL boolean| suppressMboxes object| focusControl string| turl string| urlIdx string| fpString string| andString object| today number| year0 object| navRoot object| node function| hcArrayStorage function| lpRequest function| lpConnectionLibrary object| lpJSLib object| lpConnLib function| lpMonitorTag object| lpLazy object| lpMTag function| lpJSLibrary object| lpOpenPlatformNS object| lpMTagDebug

2 Cookies

Domain/Path Name / Value
.assumption-school.emestore.com/ Name: frontend
Value: 6t9lj39b0hbra5otcf7rb88g06
.assumption-school.emestore.com/ Name: frontend_cid
Value: 7OPt7GjVR0Bc2IXZ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
assumption-school.emestore.com
b3.mookie1.com
cdn-akamai.mookie1.com
fls.doubleclick.net
sales.liveperson.net
www.discover.com
www.discovercard.com
162.252.74.5
172.217.21.198
184.50.160.199
209.126.16.123
2a00:1450:4001:806::2002
2a00:1450:4001:819::2002
35.237.102.216
88.221.143.122
14bdf27b45d7231b6071d7e62bfdf61775a0a70254f0168d7f6613c462b90ef1
180fabdab945223febb42a698e458f019cbd321ea79fd886b00523d9f7a17222
23463987921a39610e206599214b319a6fe88e106e695fecdcf6556603bb0b7d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ff1afa3c4aa3531b49cb623cac70a8ff3cd1a961dfcf8dfd2fb7cb19da04cd6
360cb8f396f6eb43f01f8ed58b41d714b10f11c240920be7bc02ce13465108f0
40da5d11bdfffe97bd52a7c20a03fdebafa7a0a0756fe65f4859298e4ba54370
4f539319c027c53d3af91987b58bdf031ebc20603c62f9782f7acc67e291806a
707901cbf9d60ec135fda17d26421e13df515893dc4bb9b50595c280628b8e50
758c57f269285817fd4b511e80f96bd4373a9950f8eccdf3ad26f514d6c23a2c
7af71bf299d55a276ed7126683da9bdc8534684cca0044fa34252a9f18ebc917
7cdc24c5739df6dec49b9e53c538399945d8eccc986ff84735317ca5185c169a
804b6281b14de8ea3beeac5bfc18dee2a4b4ad797c420d30fd2ff267a2542d1b
824ee2b3eaae3448987f4217fe35b22c2e479316ccaad58475403ae57236db12
866290055b5670010dac9c7101be7edcaeef61cdd98a805ef3e9b467fa156e97
88182aa996ed9cd1ccc0d0479b120edd160614b508a9667518791fe6394330a5
88c115e368b88caf347417c33f4fbe321450fa8f1f667f0d933b937568a6cb4b
897bbcc31b17dd6e483ca3ccbd457e260e474bcecd823d1d04916567e2525568
9338be77b0bb0f06e446925ecc0d36d2a9e83a29f024e00023060db99c951bff
97fbbb53c53c6d5b9af70e2b43942185f236114c0952e2d92dffc000ea8ff162
9b53f818b1aa9c91a5456738caedfe89c562996d9ed4deea9e0df50b718148b6
b6bf543ad3b1547b54b9608d058aef4fd0412745d2517079a94da339900d8ea0
c29a78f3d8dc28314e247d994b1ea33951435d55a3a7d464169504710b87849a
c775671608781223d3c6355f2655c2eada5d811dd4412c9d4c054b5b657828ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2d7ed0018a66a5dcfeb8959b3b961c1387e088200d7ec43fcfdd7ede6f7cb03
f80cd677405fca2aa43cb47cb4165fff83dedd3b0546c8d032c92c877e7be42e
fb2c359f2c3d053c6aa6c2e291faff3004f83ec078378c549f73ceffefce9fa1