urlscan.io logo urlscan.io
SecurityTrails logo

ww25.laudypauty.com Open in urlscan Pro
199.59.243.225  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/Q7TL616IGE
Effective URL: http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
Submission Tags: @phish_report
Submission: On November 18 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 14 HTTP transactions. The main IP is 199.59.243.225, located in United States and belongs to AMAZON-02, US. The main domain is ww25.laudypauty.com.
This is the only time ww25.laudypauty.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious2 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.69 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 103.224.212.217 133618 (TRELLIAN-...)
4 199.59.243.225 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
14 6
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
1    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com
1    103.224.212.217 (Australia)

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-212-217.above.com
laudypauty.com
4    199.59.243.225 (United States)

ASN16509 (AMAZON-02, US)
ww25.laudypauty.com
5    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
2    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
afs.googleusercontent.com
Apex Domain
Subdomains		 Transfer
5 google.com
www.google.com — Cisco Umbrella Rank: 2
110 KB
5 laudypauty.com
laudypauty.com
ww25.laudypauty.com
37 KB
2 googleusercontent.com
afs.googleusercontent.com — Cisco Umbrella Rank: 9168
1 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1181
593 B
1 googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 6216
649 B
1 t.co
t.co — Cisco Umbrella Rank: 607
647 B
14 6
Domain Requested by
5 www.google.com ww25.laudypauty.com
www.google.com
4 ww25.laudypauty.com firebasestorage.googleapis.com
ww25.laudypauty.com
2 afs.googleusercontent.com www.google.com
1 partner.googleadservices.com www.google.com
1 laudypauty.com 1 redirects
1 firebasestorage.googleapis.com t.co
1 t.co
14 7

This site contains no links.

Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
Frame ID: BB99623FB22182265A7E3B3AB7E26029
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol316%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol466&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.laudypauty.com%3Fcaf%26subid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=8381700325313701&num=0&output=afd_ads&domain_name=ww25.laudypauty.com&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1700325313702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.laudypauty.com%2F1014ba03c4e6c96c000%2F19%3Fsubid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b
Frame ID: C8DAAE2F9862728DE945D0B02EE8D51A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Laudypauty.com

Page URL History Show full URLs

  1. https://t.co/Q7TL616IGE Page URL
  2. https://firebasestorage.googleapis.com/v0/b/sohqibq.appspot.com/o/walmrt.html?alt=media&token=128a1bf5-b2d7-4a3c-99... Page URL
  3. https://laudypauty.com/1014ba03c4e6c96c000/19 HTTP 302
    http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b Page URL

Page Statistics

14
Requests

71 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

149 kB
Transfer

344 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/Q7TL616IGE Page URL
  2. https://firebasestorage.googleapis.com/v0/b/sohqibq.appspot.com/o/walmrt.html?alt=media&token=128a1bf5-b2d7-4a3c-9985-9b0c7411ae65 Page URL
  3. https://laudypauty.com/1014ba03c4e6c96c000/19 HTTP 302
    http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Q7TL616IGE
t.co/ 		557 B
647 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/Q7TL616IGE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
274
content-type
text/html; charset=utf-8
date
Sat, 18 Nov 2023 16:35:09 GMT
expires
Sat, 18 Nov 2023 16:40:10 GMT
perf
7626143928
server
tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
59dc9e45a2597c9a121dff56c0576af2db928c0b38a773013c870b996d40a595
x-response-time
111
x-transaction-id
6795db7aa9627321
x-xss-protection
0
walmrt.html
firebasestorage.googleapis.com/v0/b/sohqibq.appspot.com/o/ 		89 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://firebasestorage.googleapis.com/v0/b/sohqibq.appspot.com/o/walmrt.html?alt=media&token=128a1bf5-b2d7-4a3c-9985-9b0c7411ae65
Requested by
Host: t.co
URL: https://t.co/Q7TL616IGE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-disposition
inline; filename*=utf-8''walmrt.html
content-length
89
content-type
text/html
date
Sat, 18 Nov 2023 16:35:10 GMT
etag
"7e9529892b8e980774bf7b051553d2c0"
expires
Sat, 18 Nov 2023 16:35:10 GMT
last-modified
Fri, 17 Nov 2023 15:36:42 GMT
server
UploadServer
x-goog-generation
1700235402339078
x-goog-hash
crc32c=jGaOzQ== md5=fpUpiSuOmAd0v3sFFVPSwA==
x-goog-meta-firebasestoragedownloadtokens
128a1bf5-b2d7-4a3c-9985-9b0c7411ae65
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
89
x-guploader-uploadid
ABPtcPpVQkt_wS_cFQzuQIITrly2hz7ieQ9Az1ISvnMVEPGTPSSycppVd_WX5jPM1JCcMES38Ds
Primary Request 19
ww25.laudypauty.com/1014ba03c4e6c96c000/
Redirect Chain
  • https://laudypauty.com/1014ba03c4e6c96c000/19
  • http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
Requested by
Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/sohqibq.appspot.com/o/walmrt.html?alt=media&token=128a1bf5-b2d7-4a3c-9985-9b0c7411ae65
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7a08cc4df936b3b9281a4f83dfbb82f4f5b6198300041a8d7d4b95bb6ac4f3de

Request headers

Referer
https://firebasestorage.googleapis.com/v0/b/sohqibq.appspot.com/o/walmrt.html?alt=media&token=128a1bf5-b2d7-4a3c-9985-9b0c7411ae65
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ch
sec-ch-prefers-color-scheme
cache-control
no-store, max-age=0
content-length
1181
content-type
text/html; charset=utf-8
critical-ch
sec-ch-prefers-color-scheme
date
Sat, 18 Nov 2023 16:35:12 GMT
vary
sec-ch-prefers-color-scheme
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PGtZ+gdJddWqSQOAMduD+z7kyn2y6Ypwv3Wu5Z4CfZ80zmMYtesmQnoAHElSWCSZ3JRxIDqrCt6BS+gWpFLjWg==
x-request-id
48d79206-3c3b-4a9b-bfe9-6a559e0dcf4c

Redirect headers

connection
close
content-length
2
content-type
text/html; charset=UTF-8
date
Sat, 18 Nov 2023 16:35:12 GMT
location
http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
server
Apache
bpGuWYFrA.js
ww25.laudypauty.com/ 		31 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ww25.laudypauty.com/bpGuWYFrA.js
Requested by
Host: ww25.laudypauty.com
URL: http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
46e2c2af87720b7ae5a86434547bd9bef9ff21fab2956b64bc48f17dc73c63a7

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 16:35:12 GMT
content-length
32054
x-request-id
4995165e-2059-4264-a479-67b95704371d
content-type
application/javascript; charset=utf-8
_fd
ww25.laudypauty.com/ 		5 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww25.laudypauty.com/_fd?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
Requested by
Host: ww25.laudypauty.com
URL: http://ww25.laudypauty.com/bpGuWYFrA.js
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
2311b7f476967188dddb6a5da6e499766cc63b52921dbaf24d78ea39e6fb5b07

Request headers

Accept
application/json
Referer
http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

x-version
2.110.3
date
Sat, 18 Nov 2023 16:35:12 GMT
content-encoding
gzip
pragma
no-cache
server
openresty
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length
2596
expires
Thu, 01 Jan 1970 00:00:01 GMT
caf.js
www.google.com/adsense/domains/ 		146 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: ww25.laudypauty.com
URL: http://ww25.laudypauty.com/bpGuWYFrA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a1f85a8b9c0ae7e01a01780b44c447ebbadb5d856c6ff826e2cd9fe19f15135f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://ww25.laudypauty.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 16:35:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"3100330882123301848"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Sat, 18 Nov 2023 16:35:13 GMT
cookie.js
partner.googleadservices.com/gampad/ 		382 B
593 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=ww25.laudypauty.com&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2b73790f4314e3db3d6bca4be7739fe2cf5829091153bd0f19a8f7a08a4609c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://ww25.laudypauty.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 16:35:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
242
x-xss-protection
0
ads
www.google.com/afs/ Frame C8DA 		13 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol316%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol466&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.laudypauty.com%3Fcaf%26subid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=8381700325313701&num=0&output=afd_ads&domain_name=ww25.laudypauty.com&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1700325313702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.laudypauty.com%2F1014ba03c4e6c96c000%2F19%3Fsubid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
f70501fc11a83cfb8bfa02e5e52d0d7998e9179d401bec1142696857825855b5
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-CgFCo6lJU9aGnB-6ZPxLog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
http://ww25.laudypauty.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
2574
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-CgFCo6lJU9aGnB-6ZPxLog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Sat, 18 Nov 2023 16:35:13 GMT
expires
Sat, 18 Nov 2023 16:35:13 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
caf.js
www.google.com/adsense/domains/ Frame C8DA 		146 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js?pac=0
Requested by
Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol316%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol466&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.laudypauty.com%3Fcaf%26subid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=8381700325313701&num=0&output=afd_ads&domain_name=ww25.laudypauty.com&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1700325313702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.laudypauty.com%2F1014ba03c4e6c96c000%2F19%3Fsubid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3503f88f15c97af34775dd6a1601c85fed1402b075d1889a263b28dedbafc37f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 16:35:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"15592410222595928350"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Sat, 18 Nov 2023 16:35:13 GMT
chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C8DA 		200 B
700 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
Requested by
Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol316%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol466&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.laudypauty.com%3Fcaf%26subid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=8381700325313701&num=0&output=afd_ads&domain_name=ww25.laudypauty.com&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1700325313702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.laudypauty.com%2F1014ba03c4e6c96c000%2F19%3Fsubid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 18 Nov 2023 13:08:25 GMT
age
12409
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Sun, 19 Nov 2023 12:08:25 GMT
call_to_action_arrow.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C8DA 		444 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
Requested by
Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol316%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol466&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.laudypauty.com%3Fcaf%26subid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=8381700325313701&num=0&output=afd_ads&domain_name=ww25.laudypauty.com&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1700325313702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.laudypauty.com%2F1014ba03c4e6c96c000%2F19%3Fsubid1%3D20231119-0335-12d9-b0d1-7e7204c7c40b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 17 Nov 2023 19:33:05 GMT
age
75729
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
278
x-xss-protection
0
last-modified
Tue, 27 Jun 2023 17:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Sat, 18 Nov 2023 18:33:05 GMT
_tr
ww25.laudypauty.com/ 		2 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww25.laudypauty.com/_tr
Requested by
Host: ww25.laudypauty.com
URL: http://ww25.laudypauty.com/bpGuWYFrA.js
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Accept
application/json
Referer
http://ww25.laudypauty.com/1014ba03c4e6c96c000/19?subid1=20231119-0335-12d9-b0d1-7e7204c7c40b
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

x-version
2.110.3
date
Sat, 18 Nov 2023 16:35:14 GMT
content-encoding
gzip
pragma
no-cache
server
openresty
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length
22
expires
Thu, 01 Jan 1970 00:00:01 GMT
gen_204
www.google.com/afs/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=bh3d679gd4qw&aqid=wedYZeiuMN2kjuwPu-CQ0A4&psid=3113057640&pbt=bs&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C200%7C210%7C34&lle=0&ifv=1&hpt=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-afYUMNQU_MWBeiNqOCs2lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://ww25.laudypauty.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-afYUMNQU_MWBeiNqOCs2lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Sat, 18 Nov 2023 16:35:15 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=l4apbrzf9cdm&aqid=wedYZeiuMN2kjuwPu-CQ0A4&psid=3113057640&pbt=bv&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C200%7C210%7C34&lle=0&ifv=1&hpt=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-TlFHe92mNJaUTCxo-s1QnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://ww25.laudypauty.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-TlFHe92mNJaUTCxo-s1QnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Sat, 18 Nov 2023 16:35:16 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on November 18th 2023, 4:36:15 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: https://t.co/Q7TL616IGE sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://t.co https://firebasestorage.googleapis.com https://laudypauty.com http://ww25.laudypauty.com http://binga.pro https://storage.googleapis.com http://holor.cc https://zommermist.com https://yaffscup.online https://tinyurl.com/yo2bsea8 https://clk-1699884554.newtopoffer.live https://clk-1699884554.imaginio.live https://s-1699884554.dopino.co

Malicious task.url
Submitted on November 18th 2023, 4:35:58 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: https://t.co/Q7TL616IGE sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://t.co https://firebasestorage.googleapis.com https://laudypauty.com http://ww25.laudypauty.com http://binga.pro https://storage.googleapis.com http://holor.cc https://zommermist.com https://yaffscup.online https://tinyurl.com/yo2bsea8 https://clk-1699884554.newtopoffer.live https://clk-1699884554.imaginio.live https://s-1699884554.dopino.co

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| park object| version object| __parkour number| googleNDT_ number| googleAltLoader object| google function| __sasCookie number| experimentId_

5 Cookies

Domain/Path Name / Value
laudypauty.com/1014ba03c4e6c96c000 Name: __tad
Value: 1700325312.2087370
.t.co/ Name: muc
Value: 5af281e7-59b0-40f3-9ac4-4718a3da2d5b
ww25.laudypauty.com/ Name: parking_session
Value: 48d79206-3c3b-4a9b-bfe9-6a559e0dcf4c
.laudypauty.com/ Name: __gsas
Value: ID=a6dd2e7dcedba5c7:T=1700325313:RT=1700325313:S=ALNI_MYtoVsccr0y7cn79IMX0X4pmU6rbw
.google.com/ Name: NID
Value: 511=KsanvmgtlLVp5auhyAeoePF-SbHdop8Vb3o8cJAqYFeQy-cDRYWTc8_A3clceTpIAtlSUuIdxc2RAuriaKZE9RaqrOaUYRIFsnLFppwxXfqrIrzXCne6wa737swx8cr9TPIyAtGjL9gCnmnsX3JshxZqpmWsr91l5hIuSkOnVfo

1 Console Messages

Source Level URL
Text
other warning URL: https://www.google.com/adsense/domains/caf.js(Line 213)
Message:
Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0