halifaxthankyoupage.pages.ontraport.net Open in urlscan Pro
209.170.211.179  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response halifaxthankyoupage.pages.ontraport.net/	27 KB 5 KB	888ms 369ms	Document text/html	209.170.211.179 ViaWest
General Check archive.org Show headers Download Go to Full URL https://halifaxthankyoupage.pages.ontraport.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 209.170.211.179 , United States, ASN13649 (ASN-VINS - ViaWest, US), Reverse DNS mail9.ontramail.com Software ONTRAport / Resource Hash 416741bddabf99798b6578a4d96faafacb54ea38d2cb686fee4538265a5e1c9b Request headers Host halifaxthankyoupage.pages.ontraport.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers Date Sat, 24 Aug 2019 04:38:58 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Set-Cookie lpsplt_154=0 P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" X-op-class hosted X-op-release 1 X-op-ca 185.38.150.96 Server ONTRAport Access-Control-Allow-Origin * Access-Control-Allow-Credentials true Access-Control-Allow-Methods GET, POST, OPTIONS Content-Encoding gzip
GET H2	200	icon fonts.googleapis.com/	574 B 419 B	17ms 16ms	Stylesheet text/css	2a00:1450:4001:81f::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/icon?family=Material+Icons Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 09e13bc501877a8383c2661e6fc80187efadbd82ac4d3b0d1ec8a41d8630756c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Sat, 24 Aug 2019 04:38:58 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Sat, 24 Aug 2019 04:38:58 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" x-xss-protection 0 expires Sat, 24 Aug 2019 04:38:58 GMT
GET H2	200	opt-styles.min.css optassets.ontraport.com/opt_assets/elements_v3/common/materialize/css/	192 KB 32 KB	118ms 39ms	Stylesheet text/css	104.16.21.19 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://optassets.ontraport.com/opt_assets/elements_v3/common/materialize/css/opt-styles.min.css Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.21.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cd86ad782309657089b4af1445f1c0d90ea3a973ac10c82bf887545b08370143 Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:58 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT age 6650 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 x-op-ca 10.2.80.206 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-op-release 1 access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control public, max-age=14400 access-control-allow-credentials true x-op-class optassets cf-ray 50b2a3ca680735d6-LHR expires Sat, 24 Aug 2019 08:38:58 GMT
GET H2	200	165811.2d6379ed5c0590a01b6d124c4d785c05.PNG i.ontraport.com/	248 KB 249 KB	986ms 912ms	Image image/png	104.16.20.19 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://i.ontraport.com/165811.2d6379ed5c0590a01b6d124c4d785c05.PNG?ops=1920 Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.20.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f09838eba9ab7693b3760f4cea8f5ef1814a0ed9fb79d0d67896220e37b8119c Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:59 GMT via 1.1 999a435eb37a050d3de26fe63534c416.cloudfront.net (CloudFront) cf-cache-status MISS x-amz-request-id DFB012FEC3A71A59 x-cache Miss from cloudfront status 200 content-length 253675 x-amz-id-2 kTTgwo2L67oyGZVMoDW3T/nb6OhoFhbJO6kJ1NDx984C1RupXcmCMJc5RO3uhgOhV0jRJ0PnxTI= last-modified Tue, 30 Apr 2019 19:32:06 GMT server cloudflare etag "d4113c5441a5174770b524787e7d2d98" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET content-type image/png access-control-allow-origin * cache-control public, max-age=86400 x-amz-cf-pop FRA2-C2 accept-ranges bytes cf-ray 50b2a3ca5933ce1f-LHR x-amz-cf-id KSJjDnQ1tBzMIEcDAXBYdRdJbkrpbe6YF2l9PFcntd6Rzc_3aXyvSg== expires Sun, 25 Aug 2019 04:38:59 GMT
GET H2	200	165811.9351eedf07ea7e3808d492abb2029981.JPEG i.ontraport.com/	154 KB 154 KB	988ms 914ms	Image image/jpeg	104.16.20.19 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://i.ontraport.com/165811.9351eedf07ea7e3808d492abb2029981.JPEG?ops=1920 Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.20.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 6149b8625c3635d2789e98617c7809de11a4b34e8d5f1cce92f894fe86b38f73 Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:59 GMT via 1.1 182ef5a8d12abb5df1553676864737b1.cloudfront.net (CloudFront) cf-cache-status MISS x-amz-request-id 49C419D7E20D2BEE x-cache Miss from cloudfront status 200 content-length 157320 x-amz-id-2 16fV4+6czypcdquD7VPu8UrvArV2ZcDCAcRvRYAXkyHOmVddBXvW8HvM/RO2nqF0BT36yKaybV0= last-modified Sat, 08 Jun 2019 08:55:05 GMT server cloudflare etag "9ac70d16c587a96aaeaf7282d8758d65" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET content-type image/jpeg access-control-allow-origin * cache-control public, max-age=86400 x-amz-cf-pop FRA2-C2 accept-ranges bytes cf-ray 50b2a3ca5934ce1f-LHR x-amz-cf-id LACDJtAvPQze5pQwVCb6uf8EuOxc987awL-X5_jIcb-rwdKOiYD1Tw== expires Sun, 25 Aug 2019 04:38:59 GMT
GET H2	200	anime.js Show response optassets.ontraport.com/opt_assets/elements_v3/common/materialize-1-dev/js/	16 KB 16 KB	55ms 53ms	Script text/plain	104.16.21.19 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://optassets.ontraport.com/opt_assets/elements_v3/common/materialize-1-dev/js/anime.js Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.21.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2c2348bbc056a14a9cd62dadb8d461800a192e8ba636f803d0ffddd753977976 Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:59 GMT vary Accept-Encoding cf-cache-status HIT age 6651 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 x-op-ca 10.2.80.206 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-op-release 1 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control public, max-age=14400 access-control-allow-credentials true x-op-class optassets cf-ray 50b2a3cb184535d6-LHR expires Sat, 24 Aug 2019 08:38:59 GMT
GET H2	200	jquery-3.2.1.min.js Show response optassets.ontraport.com/opt_assets/opt_boilerplates/v3/	85 KB 85 KB	55ms 53ms	Script text/plain	104.16.21.19 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://optassets.ontraport.com/opt_assets/opt_boilerplates/v3/jquery-3.2.1.min.js Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.21.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:59 GMT vary Accept-Encoding cf-cache-status HIT age 6023 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 x-op-ca 10.2.80.206 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-op-release 1 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control public, max-age=14400 access-control-allow-credentials true x-op-class optassets cf-ray 50b2a3cb184635d6-LHR expires Sat, 24 Aug 2019 08:38:59 GMT
GET H2	200	opt-assets.js Show response optassets.ontraport.com/opt_assets/	263 KB 263 KB	29ms 28ms	Script text/plain	104.16.21.19 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://optassets.ontraport.com/opt_assets/opt-assets.js?1566497316 Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.21.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 3fd098f546a4831b3cf1a6697070561a23737e235818b0539a92114dda90f42f Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:59 GMT vary Accept-Encoding cf-cache-status HIT age 6651 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 x-op-ca 10.2.80.206 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-op-release 1 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control public, max-age=14400 access-control-allow-credentials true x-op-class optassets cf-ray 50b2a3cb184735d6-LHR expires Sat, 24 Aug 2019 08:38:59 GMT
GET H2	200	tracking.js Show response optassets.ontraport.com/	10 KB 3 KB	55ms 53ms	Script text/html	104.16.21.19 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://optassets.ontraport.com/tracking.js Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.21.19 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 773e13ec062b19e4f7f52f60a622bbd8e7991baf56ad48dbefdcdca464240f73 Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 04:38:59 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT age 6081 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 x-op-ca 10.2.80.206 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-op-release 1 access-control-allow-methods GET, POST, OPTIONS content-type text/html access-control-allow-origin * cache-control public, max-age=14400 access-control-allow-credentials true x-op-class optassets cf-ray 50b2a3cb184935d6-LHR expires Sat, 24 Aug 2019 08:38:59 GMT
GET H2	200	css fonts.googleapis.com/	276 KB 11 KB	31ms 31ms	Stylesheet text/css	2a00:1450:4001:81f::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Nixie+One|Dosis:400,200,300,500,600,800,700|Bubblegum+Sans|Parisienne|Lora:400,700i,700,400i|Fredericka+the+Great|Noto+Serif:400,400i,700,700i|La+Belle+Aurore|Lobster|Engagement|Shadows+Into+Light|Frijole|Alegreya+Sans:400,100,100i,300,300i,400i,500,500i,700,700i,800,900,800i,900i|Monoton|Droid+Serif:400,400i,700,700i|Pacifico|Inconsolata:400,700|Oswald:400,700,300|Special+Elite|Montserrat:400,700|Open+Sans:400,300,300i,400i,600,600i,700,700i,800,800i|Open+Sans+Condensed:300,700,300i|Kranky|Crimson+Text:400,400i,600,700,600i,700i|Indie+Flower|Alegreya:400,400i,700,700i,900i,900|Raleway:100,200,300,500,400,600,700,800,900|Roboto+Condensed:400,300,300i,400i,700,700i|Slabo+27px|Roboto:400,100,100i,300,300i,400i,500,500i,700,700i,900,900i|Lato:400,100,100i,300,300i,400i,700,700i,900,900i|Bentham|Playfair+Display:400,400i,700,700i,900,900i|Paytone+One|Josefin+Slab:400,100,100i,300,300i,400i,600,600i,700,700i|Pinyon+Script|Abril+Fatface|Six+Caps|Londrina+Outline|League+Script|Sacramento|Fjalla+One|Vast+Shadow|Petit+Formal+Script|Libre+Baskerville:400,400i,700|Work+Sans:400,100,200,300,500,600,700,800,900|Economica:400,400i,700,700i|Yellowtail|Niconne|Pompiere|Maiden+Orange|Lateef|Source+Sans+Pro|Anonymous+Pro:400,400i,700,700i|Cormorant:300,300i,400,400i,500,500i,600,600i,700,700i|Karla:400,400i,700,700i|Permanent+Marker|Space+Mono:400,400i,700,700i|Ubuntu:300,300i,400,400i,500,500i,700,700i Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 24f9e2c0e06c1fe8630d0c30b5f037544dbc5eeb4fa4f160a1f8aa224007ba19 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Sat, 24 Aug 2019 04:38:59 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Sat, 24 Aug 2019 04:38:59 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" x-xss-protection 0 expires Sat, 24 Aug 2019 04:38:59 GMT
GET H2	200	QGYpz_wNahGAdqQ43Rh3x4X8mNhNy_r-Kw.woff2 fonts.gstatic.com/s/worksans/v5/	16 KB 16 KB	5ms 5ms	Font font/woff2	2a00:1450:4001:816::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhNy_r-Kw.woff2 Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash a25e14865126cb8fb6fba6ec8e05a94bf93b5f999bcc8785a80b54001d120eb5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Nixie+One|Dosis:400,200,300,500,600,800,700|Bubblegum+Sans|Parisienne|Lora:400,700i,700,400i|Fredericka+the+Great|Noto+Serif:400,400i,700,700i|La+Belle+Aurore|Lobster|Engagement|Shadows+Into+Light|Frijole|Alegreya+Sans:400,100,100i,300,300i,400i,500,500i,700,700i,800,900,800i,900i|Monoton|Droid+Serif:400,400i,700,700i|Pacifico|Inconsolata:400,700|Oswald:400,700,300|Special+Elite|Montserrat:400,700|Open+Sans:400,300,300i,400i,600,600i,700,700i,800,800i|Open+Sans+Condensed:300,700,300i|Kranky|Crimson+Text:400,400i,600,700,600i,700i|Indie+Flower|Alegreya:400,400i,700,700i,900i,900|Raleway:100,200,300,500,400,600,700,800,900|Roboto+Condensed:400,300,300i,400i,700,700i|Slabo+27px|Roboto:400,100,100i,300,300i,400i,500,500i,700,700i,900,900i|Lato:400,100,100i,300,300i,400i,700,700i,900,900i|Bentham|Playfair+Display:400,400i,700,700i,900,900i|Paytone+One|Josefin+Slab:400,100,100i,300,300i,400i,600,600i,700,700i|Pinyon+Script|Abril+Fatface|Six+Caps|Londrina+Outline|League+Script|Sacramento|Fjalla+One|Vast+Shadow|Petit+Formal+Script|Libre+Baskerville:400,400i,700|Work+Sans:400,100,200,300,500,600,700,800,900|Economica:400,400i,700,700i|Yellowtail|Niconne|Pompiere|Maiden+Orange|Lateef|Source+Sans+Pro|Anonymous+Pro:400,400i,700,700i|Cormorant:300,300i,400,400i,500,500i,600,600i,700,700i|Karla:400,400i,700,700i|Permanent+Marker|Space+Mono:400,400i,700,700i|Ubuntu:300,300i,400,400i,500,500i,700,700i Origin https://halifaxthankyoupage.pages.ontraport.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 22 Aug 2019 16:08:47 GMT x-content-type-options nosniff last-modified Mon, 22 Jul 2019 19:25:19 GMT server sffe age 131412 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 16576 x-xss-protection 0 expires Fri, 21 Aug 2020 16:08:47 GMT
GET H2	200	QGYpz_wNahGAdqQ43Rh314L8mNhNy_r-Kw.woff2 fonts.gstatic.com/s/worksans/v5/	16 KB 16 KB	6ms 5ms	Font font/woff2	2a00:1450:4001:816::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh314L8mNhNy_r-Kw.woff2 Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 387a679cdec1f4b30a90e92fceea0b475ab1c50a6b7faf8a7659d4f3caf8a747 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Nixie+One|Dosis:400,200,300,500,600,800,700|Bubblegum+Sans|Parisienne|Lora:400,700i,700,400i|Fredericka+the+Great|Noto+Serif:400,400i,700,700i|La+Belle+Aurore|Lobster|Engagement|Shadows+Into+Light|Frijole|Alegreya+Sans:400,100,100i,300,300i,400i,500,500i,700,700i,800,900,800i,900i|Monoton|Droid+Serif:400,400i,700,700i|Pacifico|Inconsolata:400,700|Oswald:400,700,300|Special+Elite|Montserrat:400,700|Open+Sans:400,300,300i,400i,600,600i,700,700i,800,800i|Open+Sans+Condensed:300,700,300i|Kranky|Crimson+Text:400,400i,600,700,600i,700i|Indie+Flower|Alegreya:400,400i,700,700i,900i,900|Raleway:100,200,300,500,400,600,700,800,900|Roboto+Condensed:400,300,300i,400i,700,700i|Slabo+27px|Roboto:400,100,100i,300,300i,400i,500,500i,700,700i,900,900i|Lato:400,100,100i,300,300i,400i,700,700i,900,900i|Bentham|Playfair+Display:400,400i,700,700i,900,900i|Paytone+One|Josefin+Slab:400,100,100i,300,300i,400i,600,600i,700,700i|Pinyon+Script|Abril+Fatface|Six+Caps|Londrina+Outline|League+Script|Sacramento|Fjalla+One|Vast+Shadow|Petit+Formal+Script|Libre+Baskerville:400,400i,700|Work+Sans:400,100,200,300,500,600,700,800,900|Economica:400,400i,700,700i|Yellowtail|Niconne|Pompiere|Maiden+Orange|Lateef|Source+Sans+Pro|Anonymous+Pro:400,400i,700,700i|Cormorant:300,300i,400,400i,500,500i,600,600i,700,700i|Karla:400,400i,700,700i|Permanent+Marker|Space+Mono:400,400i,700,700i|Ubuntu:300,300i,400,400i,500,500i,700,700i Origin https://halifaxthankyoupage.pages.ontraport.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 22 Aug 2019 11:25:48 GMT x-content-type-options nosniff last-modified Mon, 22 Jul 2019 19:17:58 GMT server sffe age 148391 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 16120 x-xss-protection 0 expires Fri, 21 Aug 2020 11:25:48 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	5ms 5ms	Font font/woff2	2a00:1450:4001:816::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: halifaxthankyoupage.pages.ontraport.net URL: https://halifaxthankyoupage.pages.ontraport.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Nixie+One|Dosis:400,200,300,500,600,800,700|Bubblegum+Sans|Parisienne|Lora:400,700i,700,400i|Fredericka+the+Great|Noto+Serif:400,400i,700,700i|La+Belle+Aurore|Lobster|Engagement|Shadows+Into+Light|Frijole|Alegreya+Sans:400,100,100i,300,300i,400i,500,500i,700,700i,800,900,800i,900i|Monoton|Droid+Serif:400,400i,700,700i|Pacifico|Inconsolata:400,700|Oswald:400,700,300|Special+Elite|Montserrat:400,700|Open+Sans:400,300,300i,400i,600,600i,700,700i,800,800i|Open+Sans+Condensed:300,700,300i|Kranky|Crimson+Text:400,400i,600,700,600i,700i|Indie+Flower|Alegreya:400,400i,700,700i,900i,900|Raleway:100,200,300,500,400,600,700,800,900|Roboto+Condensed:400,300,300i,400i,700,700i|Slabo+27px|Roboto:400,100,100i,300,300i,400i,500,500i,700,700i,900,900i|Lato:400,100,100i,300,300i,400i,700,700i,900,900i|Bentham|Playfair+Display:400,400i,700,700i,900,900i|Paytone+One|Josefin+Slab:400,100,100i,300,300i,400i,600,600i,700,700i|Pinyon+Script|Abril+Fatface|Six+Caps|Londrina+Outline|League+Script|Sacramento|Fjalla+One|Vast+Shadow|Petit+Formal+Script|Libre+Baskerville:400,400i,700|Work+Sans:400,100,200,300,500,600,700,800,900|Economica:400,400i,700,700i|Yellowtail|Niconne|Pompiere|Maiden+Orange|Lateef|Source+Sans+Pro|Anonymous+Pro:400,400i,700,700i|Cormorant:300,300i,400,400i,500,500i,600,600i,700,700i|Karla:400,400i,700,700i|Permanent+Marker|Space+Mono:400,400i,700,700i|Ubuntu:300,300i,400,400i,500,500i,700,700i Origin https://halifaxthankyoupage.pages.ontraport.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 23 Aug 2019 19:18:49 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:50 GMT server sffe age 33610 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11016 x-xss-protection 0 expires Sat, 22 Aug 2020 19:18:49 GMT
GET H/1.1	200 OK	track.php Show response drsonjaenterprises.ontraport.com/	804 B 1012 B	812ms 289ms	Script text/html	209.170.211.179 ViaWest
General Check archive.org Show headers Download Go to Full URL https://drsonjaenterprises.ontraport.com/track.php?mid=165811_lp154.0_2&llc=https://halifaxthankyoupage.pages.ontraport.net/&first_visit=1&referral_page=&s=r64x0dpk6w9f0k99r106&l=halifaxthankyoupage.pages.ontraport.net/&ti=&is_unique=1 Requested by Host: optassets.ontraport.com URL: https://optassets.ontraport.com/tracking.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 209.170.211.179 , United States, ASN13649 (ASN-VINS - ViaWest, US), Reverse DNS mail9.ontramail.com Software ONTRAport / Resource Hash 7348f818829284ee83d62e5d824bca7861eb2cc1e777f8029bf3882f94b0507f Request headers Sec-Fetch-Mode no-cors Referer https://halifaxthankyoupage.pages.ontraport.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 24 Aug 2019 04:39:00 GMT Content-Encoding gzip X-op-class hosted Server ONTRAport X-op-release 1 Vary Accept-Encoding Access-Control-Allow-Methods GET, POST, OPTIONS P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin * Transfer-Encoding chunked Connection keep-alive Access-Control-Allow-Credentials true Content-Type text/html X-op-ca 185.38.150.96

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| _opt_lpid boolean| isONTRApage object| op object| $jscomp object| $jscomp$this function| anime function| $ function| jQuery function| cash object| M object| Materialize function| Hammer object| desExport function| des function| des_createKeys function| stringToHex function| hexToString object| XD string| PROTOCOL string| COUPON_PROCESS_DOMAIN boolean| IN_DEBUG_MODE string| FORM_PROCESS_DOMAIN function| _debugLog function| OPCapcha_filled function| OPCapcha_expired string| _mri string| _mrq string| _mrsess_ undefined| _mr_cid object| _mrd string| _mrl object| _mrct string| _mr_ex string| _linktrack string| _mr_title function| mrtracking function| gC function| parseGetVars function| genmrSess function| _escapeT function| _mrGetLinkTo function| _sanitizeMrLink function| _mrScanLinks function| _mrTrackLink function| _mrReturnXmlHttpObject string| _mr_domain string| session string| possible object| _mrTrackLinks

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			halifaxthankyoupage.pages.ontraport.net/	1970-01-25 20:29:45	Name: lastvisit Value: 1566621539
			halifaxthankyoupage.pages.ontraport.net/	1970-01-25 20:29:45	Name: referral_page Value:
			halifaxthankyoupage.pages.ontraport.net/	1970-01-25 20:29:45	Name: sess_ Value: r64x0dpk6w9f0k99r106
			halifaxthankyoupage.pages.ontraport.net/	1970-01-25 20:29:45	Name: vid Value:
			halifaxthankyoupage.pages.ontraport.net/	1969-12-31 23:59:59	Name: lpsplt_154 Value: 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

drsonjaenterprises.ontraport.com
fonts.googleapis.com
fonts.gstatic.com
halifaxthankyoupage.pages.ontraport.net
i.ontraport.com
optassets.ontraport.com
104.16.20.19
104.16.21.19
209.170.211.179
2a00:1450:4001:816::2003
2a00:1450:4001:81f::200a
09e13bc501877a8383c2661e6fc80187efadbd82ac4d3b0d1ec8a41d8630756c
24f9e2c0e06c1fe8630d0c30b5f037544dbc5eeb4fa4f160a1f8aa224007ba19
2c2348bbc056a14a9cd62dadb8d461800a192e8ba636f803d0ffddd753977976
387a679cdec1f4b30a90e92fceea0b475ab1c50a6b7faf8a7659d4f3caf8a747
3fd098f546a4831b3cf1a6697070561a23737e235818b0539a92114dda90f42f
416741bddabf99798b6578a4d96faafacb54ea38d2cb686fee4538265a5e1c9b
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6149b8625c3635d2789e98617c7809de11a4b34e8d5f1cce92f894fe86b38f73
7348f818829284ee83d62e5d824bca7861eb2cc1e777f8029bf3882f94b0507f
773e13ec062b19e4f7f52f60a622bbd8e7991baf56ad48dbefdcdca464240f73
a25e14865126cb8fb6fba6ec8e05a94bf93b5f999bcc8785a80b54001d120eb5
cd86ad782309657089b4af1445f1c0d90ea3a973ac10c82bf887545b08370143
d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f
f09838eba9ab7693b3760f4cea8f5ef1814a0ed9fb79d0d67896220e37b8119c