urlscan.io logo urlscan.io
SecurityTrails logo

total--protect.help Open in urlscan Pro
2606:4700:3037::ac43:a159  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://vxhqweyf.homcredit.ph/
Effective URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.010...
Submission: On January 20 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 7 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3037::ac43:a159, located in United States and belongs to CLOUDFLARENET, US. The main domain is total--protect.help.
TLS certificate: Issued by WE1 on January 17th 2025. Valid for: 3 months.
This is the only time total--protect.help was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 69.16.231.59 32244 (LIQUIDWEB)
2 5 64.190.63.136 47846 (SEDO-AS S...)
1 205.234.175.175 30081 (CACHENETW...)
1 1 173.239.53.32 27257 (WEBAIR-IN...)
1 2 35.171.240.102 14618 (AMAZON-AES)
1 1 5.161.89.212 213230 (HETZNER-C...)
16 2606:4700:303... 13335 (CLOUDFLAR...)
22 5
1    69.16.231.59 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: haproxy05.parklogic.com
vxhqweyf.homcredit.ph
5    64.190.63.136 (Germany)

ASN47846 (SEDO-AS SEDO GmbH, DE)
ww1.homcredit.ph
1    205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com
1    173.239.53.32 (New York, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.sedodna.com
2    35.171.240.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-240-102.compute-1.amazonaws.com
ernus-dop.com
1    5.161.89.212 (United States)

ASN213230 (HETZNER-CLOUD2-AS Hetzner Online GmbH, DE)
PTR: us-psh2.1push.io
so-gre8.net
16    2606:4700:3037::ac43:a159 (United States)

ASN13335 (CLOUDFLARENET, US)
total--protect.help
Apex Domain
Subdomains		 Transfer
16 total--protect.help
total--protect.help
124 KB
6 homcredit.ph
vxhqweyf.homcredit.ph
ww1.homcredit.ph
4 KB
2 ernus-dop.com
ernus-dop.com — Cisco Umbrella Rank: 285449
4 KB
1 so-gre8.net
so-gre8.net — Cisco Umbrella Rank: 73320
460 B
1 sedodna.com
xml.sedodna.com — Cisco Umbrella Rank: 333917
309 B
1 sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 66937
15 KB
0 .xyz Failed
.xyz Failed
22 7
Domain Requested by
16 total--protect.help ernus-dop.com
total--protect.help
5 ww1.homcredit.ph 2 redirects ww1.homcredit.ph
2 ernus-dop.com 1 redirects ww1.homcredit.ph
1 so-gre8.net 1 redirects
1 xml.sedodna.com 1 redirects
1 img.sedoparking.com
1 vxhqweyf.homcredit.ph 1 redirects
0 .xyz Failed total--protect.help
22 8

This site contains no links.

Subject Issuer Validity Valid
ww1.homcredit.ph
Encryption Everywhere DV TLS CA - G2		 2024-11-29 -
2025-11-29		 a year crt.sh
*.cachefly.net
GlobalSign RSA OV SSL CA 2018		 2024-11-12 -
2025-12-14		 a year crt.sh
ernus-dop.com
Amazon RSA 2048 M02		 2024-11-22 -
2025-12-22		 a year crt.sh
total--protect.help
WE1		 2025-01-17 -
2025-04-17		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Frame ID: 9858565607A4204E86B7F4C21DA4DD9D
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online monitor

Page URL History Show full URLs

  1. https://vxhqweyf.homcredit.ph/ HTTP 302
    http://ww1.homcredit.ph/?usid=24&utid=10228650867 HTTP 307
    https://ww1.homcredit.ph/?usid=24&utid=10228650867 Page URL
  2. https://ww1.homcredit.ph/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyK... HTTP 302
    https://ww1.homcredit.ph/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyK... HTTP 302
    https://xml.sedodna.com/click?i=jIHwoNkEyKM_0 HTTP 302
    https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38... Page URL
  3. https://ernus-dop.com/zclkredirect?visitid=c7c22c41-d70e-11ef-ac97-0affc64151a9&type=js&browserWid... HTTP 302
    https://so-gre8.net/r/gT9f-2a1izdHvCi28HgpnFOQlte37foXC7mJZ9nPB9j-0foFSXIaJ7PiQcPSiz0hGdlhlkiPTX... HTTP 302
    https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBo... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

95 %
HTTPS

14 %
IPv6

7
Domains

8
Subdomains

5
IPs

2
Countries

145 kB
Transfer

232 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://vxhqweyf.homcredit.ph/ HTTP 302
    http://ww1.homcredit.ph/?usid=24&utid=10228650867 HTTP 307
    https://ww1.homcredit.ph/?usid=24&utid=10228650867 Page URL
  2. https://ww1.homcredit.ph/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyKM_0&v=OGE5NjQzNmEwNGZlYWRiYWE3MjIzMDZhM2U0YTUwNjEJMQl3dzEuaG9tY3JlZGl0LnBoNjc4ZTEzYWIxY2M2MzkuODcyNjQzODEJd3cxLmhvbWNyZWRpdC5waDY3OGUxM2FiMWNjOWU5LjkwNjQ1MTk5CTE3MzczNjQzOTYJYWRfNjNfMA%3D%3D&l=ogcYTCNT568my6idHAHLdyUzLuy5bnwQWETeIYcGfeD76GSifiy5onKwHu_kN67k0P8lIKHqmKXteMxuW4TmhQaru1-IwYCNOUG7n917x2ymvT_SXf6xj1_h_44K0jNUX1eg4Re_kIhF7IxO4FR4JSpL0E4CMWywbqTPqRAmw8aOjj8coZ4-PyGxbK-CPXJkgaKJrM30dzm03cSEMUhWnWAf6qNsL1hv1bdcKhBSNUhhXHyfoT6DTju9hnuHSVB99MLv9709AFzIWktL9gNj-8zMcfGDxgMmHDBJTI29Wu0Bw4uCzDdC_AC-zNOQLpS21hCDkJCT16UQSRE4yXAwDH8HvrzEZ0aw5g3A10kpX1pxJFB3V9zH3k2xv8tidGAPHNZB1j7GZaLP7SjJykTLqPT53qOVk9toLGjtF3Hgb-H3IsFYjC-lobwfWYuk3UVO6R5Q6Q38v6Tk9SpjytqeJND5ktfMUBNzp5ZEOMP3EQFwSjw8IbFRk3UIcwIi--Ot7i7OLNU_3tYjgf7dMsbVB1mbznnrEv56il8F7pjjKuZQTlNRl7sWnwOGYR0jy5KG9Ii61j1lYgw3QJDC36VN5SrbzQJBADJua8sstYcG6ILYRAavsDQWDNIEPeyqq8IPzt1RYMWYm1Fd3dc3Cs4ds641FQnRPAxdJMC5lMF-r8hh12EhDWS2PZlwUTr-P12x0jnQNpvRZxgqvEV HTTP 302
    https://ww1.homcredit.ph/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyKM_0&v=OGE5NjQzNmEwNGZlYWRiYWE3MjIzMDZhM2U0YTUwNjEJMQl3dzEuaG9tY3JlZGl0LnBoNjc4ZTEzYWIxY2M2MzkuODcyNjQzODEJd3cxLmhvbWNyZWRpdC5waDY3OGUxM2FiMWNjOWU5LjkwNjQ1MTk5CTE3MzczNjQzOTYJYWRfNjNfMA%3D%3D&l=ogcYTCNT568my6idHAHLdyUzLuy5bnwQWETeIYcGfeD76GSifiy5onKwHu_kN67k0P8lIKHqmKXteMxuW4TmhQaru1-IwYCNOUG7n917x2ymvT_SXf6xj1_h_44K0jNUX1eg4Re_kIhF7IxO4FR4JSpL0E4CMWywbqTPqRAmw8aOjj8coZ4-PyGxbK-CPXJkgaKJrM30dzm03cSEMUhWnWAf6qNsL1hv1bdcKhBSNUhhXHyfoT6DTju9hnuHSVB99MLv9709AFzIWktL9gNj-8zMcfGDxgMmHDBJTI29Wu0Bw4uCzDdC_AC-zNOQLpS21hCDkJCT16UQSRE4yXAwDH8HvrzEZ0aw5g3A10kpX1pxJFB3V9zH3k2xv8tidGAPHNZB1j7GZaLP7SjJykTLqPT53qOVk9toLGjtF3Hgb-H3IsFYjC-lobwfWYuk3UVO6R5Q6Q38v6Tk9SpjytqeJND5ktfMUBNzp5ZEOMP3EQFwSjw8IbFRk3UIcwIi--Ot7i7OLNU_3tYjgf7dMsbVB1mbznnrEv56il8F7pjjKuZQTlNRl7sWnwOGYR0jy5KG9Ii61j1lYgw3QJDC36VN5SrbzQJBADJua8sstYcG6ILYRAavsDQWDNIEPeyqq8IPzt1RYMWYm1Fd3dc3Cs4ds641FQnRPAxdJMC5lMF-r8hh12EhDWS2PZlwUTr-P12x0jnQNpvRZxgqvEV HTTP 302
    https://xml.sedodna.com/click?i=jIHwoNkEyKM_0 HTTP 302
    https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9 Page URL
  3. https://ernus-dop.com/zclkredirect?visitid=c7c22c41-d70e-11ef-ac97-0affc64151a9&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    https://so-gre8.net/r/gT9f-2a1izdHvCi28HgpnFOQlte37foXC7mJZ9nPB9j-0foFSXIaJ7PiQcPSiz0hGdlhlkiPTX24By3HUPm7bqjPZzI56DecelTLPRCuS0uolgChLouc1pIsX7VnqyiPDWMHwJ66b2iwW7I0Fq4QeJixxiR2pzpguw9LaMrY74ciINtXnokO36TMhuxAAyLhJVfr6gy5M4PNw2q3KCaaOTuC1Muamyp4a1rVyJjnVYmSjm249ZuLL1PYim6oyxW1OUaJtY7z0Leh3hHWt0rE7Pi1SAqCR8qVEEti5iflaOe_r8wSdr7xwUiiMCRmOzwg-psoSZcQNEWB2UntCF1-pJ-2M9gcb4_VWErREBNSQIqlfyrAIvwSrnpfK_Px25q-jp3Bwmgg0hex8zh1S500KPHoGLiJgjEzwrvVmHIy0S4iaS9hJ4l81p9rTcnL3YKeAxkfC-QsPhaHQpl8PfhfBbwE5vocQ3fzPWfvS4KwSsiegbV3QjPpFB4CR7ic_vRlmAg9iQvhACicPSUOqBqMV3kbXewRr-mlTepRDjZgfHfz7MBZegNbOTIzkEKJrsfCjt0e5W9HX546lJeLLE1W-NXM8coDY0ykRfP5uPnS4Ox2Vo2cIjq-6YthPPGLZNdwxeP1OKhLE4AF9z0wyY5GG1pu3UmU_4p8M-_ZpBhzkLALzE_VuHs22njytk5ZY4wB1cE6cUdcuCfT3UEYiKK6qejRADTKydfjCLMnQgOxWTLuX-2EJpY8sTHOhHc HTTP 302
    https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://vxhqweyf.homcredit.ph/ HTTP 302
  • http://ww1.homcredit.ph/?usid=24&utid=10228650867 HTTP 307
  • https://ww1.homcredit.ph/?usid=24&utid=10228650867
Request Chain 4
  • https://ww1.homcredit.ph/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyKM_0&v=OGE5NjQzNmEwNGZlYWRiYWE3MjIzMDZhM2U0YTUwNjEJMQl3dzEuaG9tY3JlZGl0LnBoNjc4ZTEzYWIxY2M2MzkuODcyNjQzODEJd3cxLmhvbWNyZWRpdC5waDY3OGUxM2FiMWNjOWU5LjkwNjQ1MTk5CTE3MzczNjQzOTYJYWRfNjNfMA%3D%3D&l=ogcYTCNT568my6idHAHLdyUzLuy5bnwQWETeIYcGfeD76GSifiy5onKwHu_kN67k0P8lIKHqmKXteMxuW4TmhQaru1-IwYCNOUG7n917x2ymvT_SXf6xj1_h_44K0jNUX1eg4Re_kIhF7IxO4FR4JSpL0E4CMWywbqTPqRAmw8aOjj8coZ4-PyGxbK-CPXJkgaKJrM30dzm03cSEMUhWnWAf6qNsL1hv1bdcKhBSNUhhXHyfoT6DTju9hnuHSVB99MLv9709AFzIWktL9gNj-8zMcfGDxgMmHDBJTI29Wu0Bw4uCzDdC_AC-zNOQLpS21hCDkJCT16UQSRE4yXAwDH8HvrzEZ0aw5g3A10kpX1pxJFB3V9zH3k2xv8tidGAPHNZB1j7GZaLP7SjJykTLqPT53qOVk9toLGjtF3Hgb-H3IsFYjC-lobwfWYuk3UVO6R5Q6Q38v6Tk9SpjytqeJND5ktfMUBNzp5ZEOMP3EQFwSjw8IbFRk3UIcwIi--Ot7i7OLNU_3tYjgf7dMsbVB1mbznnrEv56il8F7pjjKuZQTlNRl7sWnwOGYR0jy5KG9Ii61j1lYgw3QJDC36VN5SrbzQJBADJua8sstYcG6ILYRAavsDQWDNIEPeyqq8IPzt1RYMWYm1Fd3dc3Cs4ds641FQnRPAxdJMC5lMF-r8hh12EhDWS2PZlwUTr-P12x0jnQNpvRZxgqvEV HTTP 302
  • https://ww1.homcredit.ph/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyKM_0&v=OGE5NjQzNmEwNGZlYWRiYWE3MjIzMDZhM2U0YTUwNjEJMQl3dzEuaG9tY3JlZGl0LnBoNjc4ZTEzYWIxY2M2MzkuODcyNjQzODEJd3cxLmhvbWNyZWRpdC5waDY3OGUxM2FiMWNjOWU5LjkwNjQ1MTk5CTE3MzczNjQzOTYJYWRfNjNfMA%3D%3D&l=ogcYTCNT568my6idHAHLdyUzLuy5bnwQWETeIYcGfeD76GSifiy5onKwHu_kN67k0P8lIKHqmKXteMxuW4TmhQaru1-IwYCNOUG7n917x2ymvT_SXf6xj1_h_44K0jNUX1eg4Re_kIhF7IxO4FR4JSpL0E4CMWywbqTPqRAmw8aOjj8coZ4-PyGxbK-CPXJkgaKJrM30dzm03cSEMUhWnWAf6qNsL1hv1bdcKhBSNUhhXHyfoT6DTju9hnuHSVB99MLv9709AFzIWktL9gNj-8zMcfGDxgMmHDBJTI29Wu0Bw4uCzDdC_AC-zNOQLpS21hCDkJCT16UQSRE4yXAwDH8HvrzEZ0aw5g3A10kpX1pxJFB3V9zH3k2xv8tidGAPHNZB1j7GZaLP7SjJykTLqPT53qOVk9toLGjtF3Hgb-H3IsFYjC-lobwfWYuk3UVO6R5Q6Q38v6Tk9SpjytqeJND5ktfMUBNzp5ZEOMP3EQFwSjw8IbFRk3UIcwIi--Ot7i7OLNU_3tYjgf7dMsbVB1mbznnrEv56il8F7pjjKuZQTlNRl7sWnwOGYR0jy5KG9Ii61j1lYgw3QJDC36VN5SrbzQJBADJua8sstYcG6ILYRAavsDQWDNIEPeyqq8IPzt1RYMWYm1Fd3dc3Cs4ds641FQnRPAxdJMC5lMF-r8hh12EhDWS2PZlwUTr-P12x0jnQNpvRZxgqvEV HTTP 302
  • https://xml.sedodna.com/click?i=jIHwoNkEyKM_0 HTTP 302
  • https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ww1.homcredit.ph/
Redirect Chain
  • https://vxhqweyf.homcredit.ph/
  • http://ww1.homcredit.ph/?usid=24&utid=10228650867
  • https://ww1.homcredit.ph/?usid=24&utid=10228650867
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ww1.homcredit.ph/?usid=24&utid=10228650867
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash
0910d8fc861d1abb48cd10b07b84d99d246d868e6d994b91bedf08acf900d00b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 20 Jan 2025 09:13:16 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Mon, 20 Jan 2025 09:13:15 GMT
pragma
no-cache
server
Parking/1.0
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_BH7f0Z6+IDV1sZW37ancBsuWGGhrrxonxDOaBij+VNlIAbbyY6eNBIVIWo9s9LEDs2FDVtBtHFyL2eWi2BbIFg==
x-cache-miss-from
parking-5f7bdb5f75-dcj5l

Redirect headers

Location
https://ww1.homcredit.ph/?usid=24&utid=10228650867
Non-Authoritative-Reason
HttpsUpgrades
js_preloader.gif
ww1.homcredit.ph/img.sedoparking.com/images/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ww1.homcredit.ph/img.sedoparking.com/images/js_preloader.gif
Requested by
Host: ww1.homcredit.ph
URL: https://ww1.homcredit.ph/?usid=24&utid=10228650867
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ww1.homcredit.ph/?usid=24&utid=10228650867

Response headers

date
Mon, 20 Jan 2025 09:13:16 GMT
server
Parking/1.0
content-length
0
tsc.php
ww1.homcredit.ph/search/ 		0
35 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ww1.homcredit.ph/search/tsc.php?ses=ogc8NFWSOp00EBqpd2yCqCn1xkyHie4kPm9t7k2U0F1FSWZiMGev3Uw3A5pHEivZ8cBRucphmi8YWEyQocdg3EAXcHZ-3Lz--JRtqtq6C1V2tdelNJXTX7jdWjp4vQ_XtL1csCksUtqbD9x9XCIaIO1SQUgLjYsi8mzIRiKlMnaBfDlAwyTVKlbSPK3ocZSMKw4weDHCM4pyde7MrVXtewbDblCEPkQRTVzHS3e4qGbKR-nZRJMKWWbopsni1UjSOQIRw5wzCncdOlwGnRIqfmnbydwR7twftB9JYaKluBP3t1Zhmm5IpPPE-85DW0OgDGgW_bOnXBTDU9mC7huPk5DnP-IHlfmBTEay1gkWuX0aBpiGWCZGW6r24Ny2Qbd&cv=2
Requested by
Host: ww1.homcredit.ph
URL: https://ww1.homcredit.ph/?usid=24&utid=10228650867
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ww1.homcredit.ph/?usid=24&utid=10228650867

Response headers

x-cache-miss-from
parking-5f7bdb5f75-mjbfn
content-length
0
date
Mon, 20 Jan 2025 09:13:16 GMT
content-type
text/html; charset=UTF-8
server
Parking/1.0
sedo_logo.png
img.sedoparking.com/templates/logos/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://img.sedoparking.com/templates/logos/sedo_logo.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 1124 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ww1.homcredit.ph/

Response headers

x-cf-rand
7.161
x-cf2
H
expires
Mon, 27 Jan 2025 09:13:17 GMT
x-cf1
11696:fR.ewr1:cf:nom:cacheN.ewr1-01:H
date
Mon, 20 Jan 2025 09:13:17 GMT
cf4ttl
31536000.000
content-type
image/png
x-cff
B
last-modified
Mon, 11 Jan 2021 07:44:34 GMT
x-cf-reqid
bc155b9390868e689aedc517406e3171
cf4age
2354427
cache-control
max-age=604800
x-cf3
H
accept-ranges
bytes
access-control-allow-origin
*
content-length
15086
x-cfhash
"def00c11b1596db4efee6a9fbe64fc27"
x-cf-tsc
1684184564
server
CFS 1124
9232f590-d991-493f-b95d-d38c0c6cdd28
ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/
Redirect Chain
  • https://ww1.homcredit.ph/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyKM_0&v=OGE5NjQzNmEwNGZlYWRiYWE3MjIzMDZhM2U0YTUwNjEJMQl3dzEuaG9tY3JlZGl0LnBoNjc4ZTEzYWIxY2M2MzkuOD...
  • https://ww1.homcredit.ph/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjIHwoNkEyKM_0&v=OGE5NjQzNmEwNGZlYWRiYWE3MjIzMDZhM2U0YTUwNjEJMQl3dzEuaG9tY3JlZGl0LnBoNjc4ZTEzYWIxY2M2MzkuOD...
  • https://xml.sedodna.com/click?i=jIHwoNkEyKM_0
  • https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9
Requested by
Host: ww1.homcredit.ph
URL: https://ww1.homcredit.ph/?usid=24&utid=10228650867
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.240.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-240-102.compute-1.amazonaws.com
Software
/
Resource Hash
1db9e9986cf93547b4104a37c608bd104d8d260710c92cb525631e695198282a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://ww1.homcredit.ph/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Mon, 20 Jan 2025 09:13:17 GMT

Redirect headers

Cache-Control
no-store
Connection
keep-alive
Content-Length
0
Date
Mon, 20 Jan 2025 09:13:17 GMT
Location
https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9
Server
nginx
Primary Request click.php
total--protect.help/
Redirect Chain
  • https://ernus-dop.com/zclkredirect?visitid=c7c22c41-d70e-11ef-ac97-0affc64151a9&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • https://so-gre8.net/r/gT9f-2a1izdHvCi28HgpnFOQlte37foXC7mJZ9nPB9j-0foFSXIaJ7PiQcPSiz0hGdlhlkiPTX24By3HUPm7bqjPZzI56DecelTLPRCuS0uolgChLouc1pIsX7VnqyiPDWMHwJ66b2iwW7I0Fq4QeJixxiR2pzpguw9LaMrY74ciINt...
  • https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=...
41 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Requested by
Host: ernus-dop.com
URL: https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
343c565b1b9e22a69282883068711d92e0334fb3433c5c23729e0d5a4b76e502
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
904df2a11ccd0801-IAD
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Mon, 20 Jan 2025 09:13:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkSZU1vc0h8fDZc2SooKh78uAQan6uIe5jA17VgWdwKsY10gE6wIdJbSZCszxBx%2BJXD9fB5XuerkDbKEZG4Gi19eyTfJl9arY75n5hLLfZUn%2BXAsDQrgY8VIc1zlDBEsXlcUkZ17iO7K2NUH%2FfWaT%2FiS"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=26781&min_rtt=26641&rtt_var=4339&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4184&recv_bytes=4618&delivery_rate=541&cwnd=12000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=451&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security
max-age=31536000
vary
accept-encoding

Redirect headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
content-length
0
date
Mon, 20 Jan 2025 09:13:18 GMT
location
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
referrer-policy
no-referrer
server
Angie
css2
total--protect.help/landers/674724a2ae35d/ 		35 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://total--protect.help/landers/674724a2ae35d/css2
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dff25a09a8f5519e6837a25f73aaf3d1efe0f964c1e9692080d0d2047863924
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

strict-transport-security
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
etag
"674724a2-8dbc"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hStCV71qchNMMV%2FBpS3nToxE8oG8pjAlcO1%2BUzWLckzwfNIe7lMcNJt6hjFMwOSKR5sqhupSd62%2BTveofLCeNROR5LJwh1FnhP6mp%2FbNXIVvjF4PBp6oJSYr4D97zLVJe7HKNeOHMSbsXnwgXZcR9gvt"}],"group":"cf-nel","max_age":604800}
cf-ray
904df2a42ecd0801-IAD
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=28248&min_rtt=26641&rtt_var=1427&sent=69&recv=45&lost=0&retrans=0&sent_bytes=62014&recv_bytes=10085&delivery_rate=747506&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=617&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
36284
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
application/octet-stream
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
server
cloudflare
priority
u=0,i=?0
default.css
total--protect.help/landers/674724a2ae35d/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://total--protect.help/landers/674724a2ae35d/default.css
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7eb6f993cfb36ddf239371daf662141983a2b7c9df02d9ca4b9b5d9d58f2188
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"674724a2-216d"
age
1746
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IhZ3Lv8%2Bj%2FegOgs%2FIDtYMd%2FRP5JS%2BolIezFdgQF%2FVfCbRvrNkJ%2B%2FGNFd%2FyTc8fgyk%2BbFD1Tnqd6QpJdNjyEtYCtuDT41s8sJP9KO0xMgqlmQCCf305CWmhPi4t2beGibey0TSPZHb7S5K0MU%2BUdssdr7"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26845&min_rtt=26641&rtt_var=1158&sent=21&recv=20&lost=0&retrans=0&sent_bytes=14241&recv_bytes=7838&delivery_rate=375905&cwnd=12000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=531&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
text/css
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a42ed00801-IAD
server
cloudflare
jquery.min.js
total--protect.help/landers/674724a2ae35d/ 		87 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://total--protect.help/landers/674724a2ae35d/jquery.min.js
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"674724a2-15d84"
age
1746
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rCASpe0%2B%2FlIwBTUKDc6WzmYyzwi2vqo618hl7Y6KqTPObZZ8eIzvQyb6bNxA63ni58%2BWMSbKNoTxZNUHiiER7lY3jEsX3aLK45Tf5eGkC1tyjvqbYeC1CS%2FCBU%2FyNhJ5d%2BznOld%2BxyW5U%2Bh2byCiBHwV"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26845&min_rtt=26641&rtt_var=1158&sent=29&recv=20&lost=0&retrans=0&sent_bytes=21136&recv_bytes=7838&delivery_rate=375905&cwnd=12000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=532&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
application/javascript
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a42ed20801-IAD
server
cloudflare
logo.svg
total--protect.help/landers/674724a2ae35d/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/logo.svg
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4aef0aba15680c1b745414a7c7bc39cdbeda17f1de0c7bf57bf90378b6a5d26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"674724a2-510"
age
1716
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=khWIC1zN9sFXhodavGlJaupQrjal2OsqCSDjTneQ8kgq2QJ8RnJQGN9lgsdmiXxg4xLLVSBoHanVdzgAYbojl%2BMQEaO8TtS%2BxDCSMKZ4A79J8hsVn3XZBMzP7TJWDsX6CXTlsJ2QadSmLoIWgHsXYn2q"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26845&min_rtt=26641&rtt_var=1158&sent=30&recv=20&lost=0&retrans=0&sent_bytes=21857&recv_bytes=7838&delivery_rate=375905&cwnd=12000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=532&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/svg+xml
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=2,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a42ed30801-IAD
server
cloudflare
favicon.png
total--protect.help/landers/674724a2ae35d/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/favicon.png
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
159d846c9bdea2230f04d4f2f04c10fefff91d023539e761f4e91da0c0ca9829
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-b20"
age
1716
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14OVD9C5zAiBP9AUOOm2eKebIYgz%2FmTi43y%2F1ACpKN7NJ98Y%2Bbe3BdgBW7Rn4PdVo6AKeL2a0u4llj9a7fpuaEEXAv4CacGk0DdCm2U6K8t%2B3OHHX8x53yohj5DVV6L0dGj%2FmodNKijNypfRK4%2B%2ByHpc"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26845&min_rtt=26641&rtt_var=1158&sent=22&recv=20&lost=0&retrans=0&sent_bytes=14964&recv_bytes=7838&delivery_rate=375905&cwnd=12000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=531&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=2,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a42ed50801-IAD
accept-ranges
bytes
content-length
2848
server
cloudflare
icon_1.png
total--protect.help/landers/674724a2ae35d/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/icon_1.png
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bc79b2b43c6496e7be7ea2cc22838c9e14bd7d4ab27d049d8a01a6423607e87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-471"
age
1716
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WsbMxtaKlPUTuy3MbdLClGhERMoe9Fcwoqz3ZRvNklBeZoeWKyL8uqUwdp5yHselVBnjPzWx%2FkBjoh4%2Bb7QwcLV6aGf%2FOnxqqllOSrRn52pKYdTW3uD2T8fNK%2BzVqceby%2Blw3BnQH69z5kvIU4re4YB4"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=32550&min_rtt=26641&rtt_var=5403&sent=58&recv=29&lost=0&retrans=0&sent_bytes=50264&recv_bytes=9397&delivery_rate=340188&cwnd=24000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=574&x=1", cfExtPri, cfHdrFlush;dur=12
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=2,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a46efe0801-IAD
accept-ranges
bytes
content-length
1137
server
cloudflare
icon_2.png
total--protect.help/landers/674724a2ae35d/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/icon_2.png
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c6902c5acb08e21fef1afb46bcf770245b6b942f0613d8063a5032065c4d317
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-97f"
age
1716
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B2P670W10BYp%2FQcEu82F2ff%2Fyczh8XkZOOzv3sx%2Bf3%2Be%2B35Fd6GNxB%2FJKyWegNPF9h1cYbweiDxOB4kWnWKlgyyeThmP80xDCUwh7ErFy4DK4bg2HzImDD1wLhlxMz2q5wv0fWSN2Bs0BdKAQjnkCPq0"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=32550&min_rtt=26641&rtt_var=5403&sent=58&recv=29&lost=0&retrans=0&sent_bytes=50264&recv_bytes=9397&delivery_rate=340188&cwnd=24000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=579&x=1", cfExtPri, cfHdrFlush;dur=7
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=2,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a46eff0801-IAD
accept-ranges
bytes
content-length
2431
server
cloudflare
atten.png
total--protect.help/landers/674724a2ae35d/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/atten.png
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beaf85377ddd403e8beb6772e27ef87608e0da79d09e3080798c339d9b822135
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-995"
age
1716
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4MuWC7YBcXPOkFG1YDOGTS6LROl2ULEktze05YnC0Sh5O82bA7LQ9uKAjVkMz6Fzzk0E%2BF3uvJSPK8fBTYZI54DZzKZwhNXJRY5FXB7zJvF6phD3GFQ5%2FFqCQnT1disKGuGvWxJfC0Tpklvmjit03n1"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=28161&min_rtt=26641&rtt_var=1245&sent=78&recv=46&lost=0&retrans=0&sent_bytes=71104&recv_bytes=10719&delivery_rate=776144&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=628&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=2,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a4bf3b0801-IAD
accept-ranges
bytes
content-length
2453
server
cloudflare
icon_3.png
total--protect.help/landers/674724a2ae35d/ 		1010 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/icon_3.png
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
746872277e95c813f0720fb138d445af664d09b0e9968bb2dfc453a4f30f75da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-3f2"
age
1715
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1QoUmsw%2BH2%2BUKlXrhP0t0oS7gc%2Fsu4g1ZZpYWUN7%2Ba%2Bw00k8x1KSE%2BZlU5XHpGGL2LOaXyGlvnIQr8x2LWR0HPOoulKJmV82wPg0jlmlR0kBj9HGqUh2gKyhvJd0zh2IHgy2hvHSSawoh7P2gYPZjIUT"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=27570&min_rtt=26641&rtt_var=822&sent=82&recv=52&lost=0&retrans=0&sent_bytes=74343&recv_bytes=11566&delivery_rate=339998&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=669&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=3,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a50f720801-IAD
accept-ranges
bytes
content-length
1010
server
cloudflare
icon_4.png
total--protect.help/landers/674724a2ae35d/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/icon_4.png
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d21436c30be8369abd4dcbf6b26d1c5d9db2f039c398d5c8aeba3db93d7d7a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-508"
age
1715
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=96GcAPjxeT5m8r7BmT4HTceVfJQidewHUXhxjobUwMacZhT9Hbt6fBTnpeEM%2FxEzemRLijtudmYT%2FrMYIe%2F6ZqdWlrTdf5Au7arlaL8h1qnxRVDnZWZ6q93XfiGbE3UIpykTwKXONI%2FDrpA0bL9QCnr2"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=27445&min_rtt=26572&rtt_var=866&sent=109&recv=54&lost=0&retrans=0&sent_bytes=104826&recv_bytes=12230&delivery_rate=49177&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=709&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=3,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a53fa40801-IAD
accept-ranges
bytes
content-length
1288
server
cloudflare
action_1.gif
total--protect.help/landers/674724a2ae35d/ 		69 B
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/action_1.gif
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-45"
age
1715
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtPN47uD7%2FI%2Fr7EdPJRx3KVfNhfWhv3MzlH3vZebdyvtWmXypWM68RtfApwQWrUEZDHn%2Fsw6Ljpl0T7MWsZhNPAf4HIKoi8K%2F3YcqMcj%2BsMdMKus3NI%2FEPT2BnG27qgLq80hUABJ7Xh1GsCnhswWMq1b"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=31043&min_rtt=26572&rtt_var=1966&sent=113&recv=67&lost=0&retrans=0&sent_bytes=106901&recv_bytes=13964&delivery_rate=986739&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=748&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/gif
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=3,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a57fca0801-IAD
accept-ranges
bytes
content-length
69
server
cloudflare
action_2.gif
total--protect.help/landers/674724a2ae35d/ 		377 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/action_2.gif
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-179"
age
1715
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qw8Mep3FME102Ubg9LaEFsXObY1KQvILHrRDgLelMnQ5wVD4GMVONouVjRp15V4YPY6CJlIZPZIXF7trO0pgi%2BFy6PMQM5v1JS0upWZP0CLTe1rH1TnT9r2ZLQaamewtBHVRPat8ET%2FxmdwbiEVwKI6r"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=31043&min_rtt=26572&rtt_var=1966&sent=115&recv=68&lost=0&retrans=0&sent_bytes=107713&recv_bytes=14585&delivery_rate=986739&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=757&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/gif
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=3,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a58fd60801-IAD
accept-ranges
bytes
content-length
377
server
cloudflare
action_3.gif
total--protect.help/landers/674724a2ae35d/ 		234 B
923 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://total--protect.help/landers/674724a2ae35d/action_3.gif
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?key=l3u52ky581vzzwpsak2y&clickId=GKkBOIFRaI_bNnDQ8q8B6AG64xyAAtmBoOH-nuamAg&Cost=0.0108&zoneId=471482&ageGroup=UNKNOWN&campaignId=896399&browser=Chrome&feedId=169&os=linux&osVersion=&carrier=Verizon+Internet+Services&creativeId=2881872&format=direct-click

Response headers

cf-cache-status
HIT
etag
"674724a2-ea"
age
1715
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EkWs7BADusefaqOjC84Kpnis0tXjPX0cw8EjP6yVltOLKWRAd3qmCAYFTT5%2BRon0NjybdHkPz4pD4y45ZkAmk1E1s0flgYEFZL9bie0qIMC97MzJgQRmhlN7q73bfLg%2BH4q1y6LZ26CTFleIsuCW69i8"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=31043&min_rtt=26572&rtt_var=1966&sent=116&recv=68&lost=0&retrans=0&sent_bytes=108803&recv_bytes=14585&delivery_rate=986739&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=764&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/gif
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=3,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a59fdd0801-IAD
accept-ranges
bytes
content-length
234
server
cloudflare
/
.xyz/fonts/ 		0
0
default.mp3
total--protect.help/landers/674724a2ae35d/ 		23 KB
24 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://total--protect.help/landers/674724a2ae35d/default.mp3
Requested by
Host: total--protect.help
URL: https://total--protect.help/click.php?lp=1&uclick=9rm7qn9l
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
506ff4358df748f349bc9588f0e5552091d649acdb6cda62a36f608960d66682
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://total--protect.help/click.php?lp=1&uclick=9rm7qn9l
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cf-cache-status
HIT
etag
"674724a2-5b99"
age
1715
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEn%2FLFM6u8yw00U8KQZNQ%2B6s6kDoims09gctylbX%2BIHDOocmoD5NCUfb%2FHz38PL987e8Y0JTN40WxqBO3m033I%2BkQi5P1M1TOn%2FvqJA5VP6RaqdCoWVGCF2a6ZIbtyk%2BHOaLFYthyhRlt6UFclXrI0v%2B"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=31707&min_rtt=26572&rtt_var=2289&sent=118&recv=71&lost=0&retrans=0&sent_bytes=109774&recv_bytes=15063&delivery_rate=84518&cwnd=36000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=793&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:19 GMT
content-type
audio/mpeg
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=3,i
strict-transport-security
max-age=31536000
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 0-23448/23449
cf-ray
904df2a5c8080801-IAD
Content-Length
23449
server
cloudflare
favicon.png
total--protect.help/landers/674724a2ae35d/ 		3 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://total--protect.help/landers/674724a2ae35d/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:a159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
159d846c9bdea2230f04d4f2f04c10fefff91d023539e761f4e91da0c0ca9829

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://total--protect.help/click.php?lp=1&uclick=9rm7qn9l

Response headers

cf-cache-status
HIT
etag
"674724a2-b20"
age
1716
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14OVD9C5zAiBP9AUOOm2eKebIYgz%2FmTi43y%2F1ACpKN7NJ98Y%2Bbe3BdgBW7Rn4PdVo6AKeL2a0u4llj9a7fpuaEEXAv4CacGk0DdCm2U6K8t%2B3OHHX8x53yohj5DVV6L0dGj%2FmodNKijNypfRK4%2B%2ByHpc"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26845&min_rtt=26641&rtt_var=1158&sent=22&recv=20&lost=0&retrans=0&sent_bytes=14964&recv_bytes=7838&delivery_rate=375905&cwnd=12000&unsent_bytes=0&cid=3ced84c4dfa39f53&ts=531&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 20 Jan 2025 09:13:18 GMT
content-type
image/png
last-modified
Wed, 27 Nov 2024 13:54:42 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
904df2a42ed50801-IAD
accept-ranges
bytes
content-length
2848
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
.xyz
URL
https://.xyz/fonts/?font=aHR0cHM6Ly90b3RhbC0tcHJvdGVjdC5oZWxwL2NsaWNrLnBocD9rZXk9bDN1NTJreTU4MXZ6endwc2FrMnkmY2xpY2tJZD1HS2tCT0lGUmFJX2JObkRROHE4QjZBRzY0eHlBQXRtQm9PSC1udWFtQWcmQ29zdD0wLjAxMDgmem9uZUlkPTQ3MTQ4MiZhZ2VHcm91cD1VTktOT1dOJmNhbXBhaWduSWQ9ODk2Mzk5JmJyb3dzZXI9Q2hyb21lJmZlZWRJZD0xNjkmb3M9bGludXgmb3NWZXJzaW9uPSZjYXJyaWVyPVZlcml6b24rSW50ZXJuZXQrU2VydmljZXMmY3JlYXRpdmVJZD0yODgxODcyJmZvcm1hdD1kaXJlY3QtY2xpY2s=

Verdicts & Comments Add Verdict or Comment

9 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| _0x16a585 function| detectOSAndDevice function| _0xcfc7 function| _0x3ce5 object| xhttplp function| getURLParameter function| speak

2 Cookies

Domain/Path Name / Value
total--protect.help/ Name: uclick
Value: 9rm7qn9l
total--protect.help/ Name: uclickhash
Value: 9rm7qn9l-9rm7qn9l-bze2-8r1z-myqd-k2g6bl-k2g68n-8e5e69

3 Console Messages

Source Level URL
Text
network error URL: https://ww1.homcredit.ph/img.sedoparking.com/images/js_preloader.gif
Message:
Failed to load resource: the server responded with a status of 441 ()
rendering warning URL: https://ernus-dop.com/zclkvisitor/c7c22c41-d70e-11ef-ac97-0affc64151a9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=c7cefd83-d70e-11ef-ac97-0affc64151a9
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0301D002C2C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://.xyz/fonts/?font=aHR0cHM6Ly90b3RhbC0tcHJvdGVjdC5oZWxwL2NsaWNrLnBocD9rZXk9bDN1NTJreTU4MXZ6endwc2FrMnkmY2xpY2tJZD1HS2tCT0lGUmFJX2JObkRROHE4QjZBRzY0eHlBQXRtQm9PSC1udWFtQWcmQ29zdD0wLjAxMDgmem9uZUlkPTQ3MTQ4MiZhZ2VHcm91cD1VTktOT1dOJmNhbXBhaWduSWQ9ODk2Mzk5JmJyb3dzZXI9Q2hyb21lJmZlZWRJZD0xNjkmb3M9bGludXgmb3NWZXJzaW9uPSZjYXJyaWVyPVZlcml6b24rSW50ZXJuZXQrU2VydmljZXMmY3JlYXRpdmVJZD0yODgxODcyJmZvcm1hdD1kaXJlY3QtY2xpY2s=
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

.xyz
ernus-dop.com
img.sedoparking.com
so-gre8.net
total--protect.help
vxhqweyf.homcredit.ph
ww1.homcredit.ph
xml.sedodna.com
.xyz
173.239.53.32
205.234.175.175
2606:4700:3037::ac43:a159
35.171.240.102
5.161.89.212
64.190.63.136
69.16.231.59
0910d8fc861d1abb48cd10b07b84d99d246d868e6d994b91bedf08acf900d00b
159d846c9bdea2230f04d4f2f04c10fefff91d023539e761f4e91da0c0ca9829
1db9e9986cf93547b4104a37c608bd104d8d260710c92cb525631e695198282a
2d21436c30be8369abd4dcbf6b26d1c5d9db2f039c398d5c8aeba3db93d7d7a5
343c565b1b9e22a69282883068711d92e0334fb3433c5c23729e0d5a4b76e502
3bc79b2b43c6496e7be7ea2cc22838c9e14bd7d4ab27d049d8a01a6423607e87
3c6902c5acb08e21fef1afb46bcf770245b6b942f0613d8063a5032065c4d317
506ff4358df748f349bc9588f0e5552091d649acdb6cda62a36f608960d66682
746872277e95c813f0720fb138d445af664d09b0e9968bb2dfc453a4f30f75da
7dff25a09a8f5519e6837a25f73aaf3d1efe0f964c1e9692080d0d2047863924
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
beaf85377ddd403e8beb6772e27ef87608e0da79d09e3080798c339d9b822135
d7eb6f993cfb36ddf239371daf662141983a2b7c9df02d9ca4b9b5d9d58f2188
e4aef0aba15680c1b745414a7c7bc39cdbeda17f1de0c7bf57bf90378b6a5d26
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d