Submitted URL: https://ww1.mysavingsaccount.site/
Effective URL: https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyU...
Submission: On June 14 via automatic, source certstream-suspicious

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 11 HTTP transactions. The main IP is 2606:4700::6812:4695, located in United States and belongs to CLOUDFLARENET, US. The main domain is d.mobirewardscene.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 22nd 2020. Valid for: a year.
This is the only time d.mobirewardscene.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 4 91.195.240.136 47846 (SEDO-AS)
2 205.234.175.175 30081 (CACHENETW...)
2 3.214.69.179 14618 (AMAZON-AES)
1 1 104.18.17.80 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
11 5
Domain Requested by
4 d.mobirewardscene.xyz usa.khurshid-sus.com
d.mobirewardscene.xyz
4 ww1.mysavingsaccount.site 2 redirects ww1.mysavingsaccount.site
2 usa.khurshid-sus.com ww1.mysavingsaccount.site
usa.khurshid-sus.com
2 img.sedoparking.com ww1.mysavingsaccount.site
1 ajax.googleapis.com d.mobirewardscene.xyz
1 www.hudsonvalleytechnology.com 1 redirects
11 6

This site contains no links.

Subject Issuer Validity Valid
ww1.mysavingsaccount.site
Encryption Everywhere DV TLS CA - G1
2020-06-14 -
2021-06-15
a year crt.sh
*.cachefly.net
GlobalSign RSA OV SSL CA 2018
2020-05-22 -
2021-10-29
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-05-22 -
2021-05-22
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh

This page contains 1 frames:

Primary Page: https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Frame ID: BAABC614D2CD927EC092B5FB5E0AA475
Requests: 11 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://ww1.mysavingsaccount.site/ Page URL
  2. https://ww1.mysavingsaccount.site/search/redirect.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa... HTTP 302
    https://ww1.mysavingsaccount.site/search/tcerider.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa... HTTP 302
    http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea... Page URL
  3. http://usa.khurshid-sus.com/zcredirect?visitid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&type=js&browserWidth... Page URL
  4. http://www.hudsonvalleytechnology.com/zp-redirect?target=https%3A%2F%2Fd.mobirewardscene.xyz%2Fnorton%2Fv2%2Findex... HTTP 302
    https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKe... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

11
Requests

73 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

79 kB
Transfer

166 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ww1.mysavingsaccount.site/ Page URL
  2. https://ww1.mysavingsaccount.site/search/redirect.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa80-ae89-11ea-a39f-0ac41b55a777%3Fcampaignid%3Dd580dee0-ae54-11ea-a5d2-12e5dcaa70ed&v=ZWVmOTgyMDA2MTEzYjExMWYxMDIxNmVhZDhiYTg1OWYJMQl3dzEubXlzYXZpbmdzYWNjb3VudC5zaXRlNWVlNjliZDQ2ZjRmNDMuMDUzODg4MDcJd3cxLm15c2F2aW5nc2FjY291bnQuc2l0ZTVlZTY5YmQ0NmY1MzI4LjE4NTY4NDczCTE1OTIxNzE0NzYJYWRfMzFfMA==&l=OAkwYWJlMmNkMzY5M2IyNmUxODBhMzU1ODk2ZjBlOWNkZAkwCTIwCTAJZGZjZjMyMzBiMjA4NGIxMWQ0M2VhZWNjMjVmNTU4MzgJMzQ2NzQ5NjY5CW15c2F2aW5nc2FjY291bnQJMTEwMQkzMQkxCTE0CTE1OTIxNzE0NzYJMC4wMDA3CU4JMAkwCTAJMTIwNQkzMDEyNTU0OTIJODkuMjQ5LjY0LjIxMQkx HTTP 302
    https://ww1.mysavingsaccount.site/search/tcerider.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa80-ae89-11ea-a39f-0ac41b55a777%3Fcampaignid%3Dd580dee0-ae54-11ea-a5d2-12e5dcaa70ed&v=ZWVmOTgyMDA2MTEzYjExMWYxMDIxNmVhZDhiYTg1OWYJMQl3dzEubXlzYXZpbmdzYWNjb3VudC5zaXRlNWVlNjliZDQ2ZjRmNDMuMDUzODg4MDcJd3cxLm15c2F2aW5nc2FjY291bnQuc2l0ZTVlZTY5YmQ0NmY1MzI4LjE4NTY4NDczCTE1OTIxNzE0NzYJYWRfMzFfMA==&l=OAkwYWJlMmNkMzY5M2IyNmUxODBhMzU1ODk2ZjBlOWNkZAkwCTIwCTAJZGZjZjMyMzBiMjA4NGIxMWQ0M2VhZWNjMjVmNTU4MzgJMzQ2NzQ5NjY5CW15c2F2aW5nc2FjY291bnQJMTEwMQkzMQkxCTE0CTE1OTIxNzE0NzYJMC4wMDA3CU4JMAkwCTAJMTIwNQkzMDEyNTU0OTIJODkuMjQ5LjY0LjIxMQkx HTTP 302
    http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed Page URL
  3. http://usa.khurshid-sus.com/zcredirect?visitid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
  4. http://www.hudsonvalleytechnology.com/zp-redirect?target=https%3A%2F%2Fd.mobirewardscene.xyz%2Fnorton%2Fv2%2Findex-t-en.html%3Ftd%3Dwww.hudsonvalleytechnology.com%26cep%3D2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM%26lptoken%3D15c59209176c32417742&caid=e0ea7cd5-8e70-4137-bbec-1b83e88594e5&zpid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&cid=&rt=R HTTP 302
    https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://ww1.mysavingsaccount.site/search/redirect.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa80-ae89-11ea-a39f-0ac41b55a777%3Fcampaignid%3Dd580dee0-ae54-11ea-a5d2-12e5dcaa70ed&v=ZWVmOTgyMDA2MTEzYjExMWYxMDIxNmVhZDhiYTg1OWYJMQl3dzEubXlzYXZpbmdzYWNjb3VudC5zaXRlNWVlNjliZDQ2ZjRmNDMuMDUzODg4MDcJd3cxLm15c2F2aW5nc2FjY291bnQuc2l0ZTVlZTY5YmQ0NmY1MzI4LjE4NTY4NDczCTE1OTIxNzE0NzYJYWRfMzFfMA==&l=OAkwYWJlMmNkMzY5M2IyNmUxODBhMzU1ODk2ZjBlOWNkZAkwCTIwCTAJZGZjZjMyMzBiMjA4NGIxMWQ0M2VhZWNjMjVmNTU4MzgJMzQ2NzQ5NjY5CW15c2F2aW5nc2FjY291bnQJMTEwMQkzMQkxCTE0CTE1OTIxNzE0NzYJMC4wMDA3CU4JMAkwCTAJMTIwNQkzMDEyNTU0OTIJODkuMjQ5LjY0LjIxMQkx HTTP 302
  • https://ww1.mysavingsaccount.site/search/tcerider.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa80-ae89-11ea-a39f-0ac41b55a777%3Fcampaignid%3Dd580dee0-ae54-11ea-a5d2-12e5dcaa70ed&v=ZWVmOTgyMDA2MTEzYjExMWYxMDIxNmVhZDhiYTg1OWYJMQl3dzEubXlzYXZpbmdzYWNjb3VudC5zaXRlNWVlNjliZDQ2ZjRmNDMuMDUzODg4MDcJd3cxLm15c2F2aW5nc2FjY291bnQuc2l0ZTVlZTY5YmQ0NmY1MzI4LjE4NTY4NDczCTE1OTIxNzE0NzYJYWRfMzFfMA==&l=OAkwYWJlMmNkMzY5M2IyNmUxODBhMzU1ODk2ZjBlOWNkZAkwCTIwCTAJZGZjZjMyMzBiMjA4NGIxMWQ0M2VhZWNjMjVmNTU4MzgJMzQ2NzQ5NjY5CW15c2F2aW5nc2FjY291bnQJMTEwMQkzMQkxCTE0CTE1OTIxNzE0NzYJMC4wMDA3CU4JMAkwCTAJMTIwNQkzMDEyNTU0OTIJODkuMjQ5LjY0LjIxMQkx HTTP 302
  • http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
ww1.mysavingsaccount.site/
4 KB
3 KB
Document
General
Full URL
https://ww1.mysavingsaccount.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.195.240.136 , Germany, ASN47846 (SEDO-AS, DE),
Reverse DNS
Software
NginX /
Resource Hash
8cef9773167ce68353cd3120f6310a37646ff7a593e2e2358f974f521d001c09

Request headers

:method
GET
:authority
ww1.mysavingsaccount.site
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 14 Jun 2020 21:51:16 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Sun, 14 Jun 2020 21:51:16 GMT
pragma
no-cache
server
NginX
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_PMkR+gtnIcr3TePdGKzwSOdW6wgeTabciD6YLMazbdt45ksU20LM3akmS7yJa8RGx7JgfKe7zEGZG4akyZu+Qw==
x-cache-miss-from
parking-57bb8848b8-fkzrm
content-length
2883
jquery-1.4.2.min.js
img.sedoparking.com/js/
52 KB
27 KB
Script
General
Full URL
https://img.sedoparking.com/js/jquery-1.4.2.min.js
Requested by
Host: ww1.mysavingsaccount.site
URL: https://ww1.mysavingsaccount.site/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
e186f74c971a978c1daf20bb51a1b71bcb075d8d09d678ee1d12665c136b1487

Request headers

Referer
https://ww1.mysavingsaccount.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 14 Jun 2020 21:51:16 GMT
content-encoding
gzip
x-cf3
H
cf4ttl
31536000.000
x-cfhash
"0d658c3f0a7efaa05a6fcee9758231b3"
x-cf1
11696:fD.fra2:cf:cacheN.fra2-01:H
status
200
content-length
26742
x-cf-tsc
1575156882
x-cf2
H
last-modified
Thu, 28 Jun 2018 13:09:28 GMT
server
CFS 0215
x-cff
B
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
cf4age
389
accept-ranges
bytes
expires
Mon, 15 Jun 2020 21:51:16 GMT
js_preloader.gif
img.sedoparking.com/images/
4 KB
5 KB
Image
General
Full URL
http://img.sedoparking.com/images/js_preloader.gif
Requested by
Host: ww1.mysavingsaccount.site
URL: https://ww1.mysavingsaccount.site/
Protocol
HTTP/1.1
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 21:51:16 GMT
X-CF3
M
CF4ttl
31536000.000
X-CFHash
"90c93102a88c2ab94bff1575b7a6e86e"
X-CF1
11696:fC.fra2:cf:cacheN.fra2-01:H
Connection
keep-alive
Content-Length
4254
x-cf-tsc
1589303905
X-CF2
H
Last-Modified
Fri, 15 Mar 2019 12:24:07 GMT
Server
CFS 0215
X-CFF
B
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
CF4Age
0
Accept-Ranges
bytes
x-cf-rand
73.002
Expires
Sun, 21 Jun 2020 21:51:16 GMT
tsc.php
ww1.mysavingsaccount.site/search/
0
60 B
XHR
General
Full URL
https://ww1.mysavingsaccount.site/search/tsc.php?200=MzQ2NzQ5NjY5&21=ODkuMjQ5LjY0LjIxMQ==&681=MTU5MjE3MTQ3NmUyNjYzMjI1OTE2MTU3ZTVkNGNjM2YwY2NiNDQ2NGY2&crc=d8820116f1d65b5fc4d88c9d07b8e5bfec0d23b3&cv=1
Requested by
Host: ww1.mysavingsaccount.site
URL: https://ww1.mysavingsaccount.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.195.240.136 , Germany, ASN47846 (SEDO-AS, DE),
Reverse DNS
Software
NginX /
Resource Hash

Request headers

Accept
*/*
Referer
https://ww1.mysavingsaccount.site/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 14 Jun 2020 21:51:17 GMT
x-cache-miss-from
parking-57bb8848b8-24dl2
server
NginX
content-length
0
content-type
text/html; charset=UTF-8
2c5daa80-ae89-11ea-a39f-0ac41b55a777
usa.khurshid-sus.com/zcvisitor/
Redirect Chain
  • https://ww1.mysavingsaccount.site/search/redirect.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa80-ae89-11ea-a39f-0ac41b55a777%3Fcampaignid%3Dd580dee0-ae54-11ea-a5d2-12e5dcaa70ed&...
  • https://ww1.mysavingsaccount.site/search/tcerider.php?f=http%3A%2F%2Fusa.khurshid-sus.com%2Fzcvisitor%2F2c5daa80-ae89-11ea-a39f-0ac41b55a777%3Fcampaignid%3Dd580dee0-ae54-11ea-a5d2-12e5dcaa70ed&...
  • http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed
1010 B
2 KB
Document
General
Full URL
http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed
Requested by
Host: ww1.mysavingsaccount.site
URL: https://ww1.mysavingsaccount.site/
Protocol
HTTP/1.1
Server
3.214.69.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-69-179.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
3b561739e1da8860082502ab985e9ff18b358e8431b0253113d02738aea74c16
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
usa.khurshid-sus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ww1.mysavingsaccount.site/

Response headers

Date
Sun, 14 Jun 2020 21:51:17 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server
ZeroPark-Traffic

Redirect headers

status
302
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Sun, 14 Jun 2020 21:51:17 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Sun, 14 Jun 2020 21:51:17 GMT
location
http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed
pragma
no-cache
server
NginX
x-cache-miss-from
parking-57bb8848b8-pvv68
content-length
467
zcredirect
usa.khurshid-sus.com/
2 KB
3 KB
Document
General
Full URL
http://usa.khurshid-sus.com/zcredirect?visitid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Requested by
Host: usa.khurshid-sus.com
URL: http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed
Protocol
HTTP/1.1
Server
3.214.69.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-69-179.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
28dee17ed26b74e43c63646a3c1c0c95584e8c5f5480e6e04b52a982e61aa6b7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
usa.khurshid-sus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://usa.khurshid-sus.com/zcvisitor/2c5daa80-ae89-11ea-a39f-0ac41b55a777?campaignid=d580dee0-ae54-11ea-a5d2-12e5dcaa70ed

Response headers

Date
Sun, 14 Jun 2020 21:51:17 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected
JS
Server
ZeroPark-Traffic
Primary Request index-t-en.html
d.mobirewardscene.xyz/norton/v2/
Redirect Chain
  • http://www.hudsonvalleytechnology.com/zp-redirect?target=https%3A%2F%2Fd.mobirewardscene.xyz%2Fnorton%2Fv2%2Findex-t-en.html%3Ftd%3Dwww.hudsonvalleytechnology.com%26cep%3D2gg4-QDaeNKeMxIpC7L4dOs45d...
  • https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_...
4 KB
2 KB
Document
General
Full URL
https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Requested by
Host: usa.khurshid-sus.com
URL: http://usa.khurshid-sus.com/zcredirect?visitid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cc2d44a5c6047b7b64a77d64fce56727645d17fb950d242a8f731e5c851f753

Request headers

:method
GET
:authority
d.mobirewardscene.xyz
:scheme
https
:path
/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://usa.khurshid-sus.com/zcredirect?visitid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://usa.khurshid-sus.com/zcredirect?visitid=2c5daa80-ae89-11ea-a39f-0ac41b55a777&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

status
200
date
Sun, 14 Jun 2020 21:51:17 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d9bcca282f3c40cd595fdb3dda840a55c1592171477; expires=Tue, 14-Jul-20 21:51:17 GMT; path=/; domain=.d.mobirewardscene.xyz; HttpOnly; SameSite=Lax
vary
Accept-Encoding
last-modified
Thu, 21 May 2020 17:28:29 GMT
cf-cache-status
HIT
age
298180
expires
Mon, 14 Jun 2021 21:51:17 GMT
cache-control
public, max-age=31536000
cf-request-id
035669d2760000d6b567be8200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5a3745972f55d6b5-FRA
content-encoding
br

Redirect headers

Date
Sun, 14 Jun 2020 21:51:17 GMT
Content-Length
0
Connection
keep-alive
Set-Cookie
__cfduid=d7e94e59751d77a82c8c6a0173c8ac9741592171477; expires=Tue, 14-Jul-20 21:51:17 GMT; path=/; domain=.hudsonvalleytechnology.com; HttpOnly; SameSite=Lax e0ea7cd5-8e70-4137-bbec-1b83e88594e5-v4=e0ea7cd5-8e70-4137-bbec-1b83e88594e5; Max-Age=86400; Expires=Mon, 15-Jun-2020 21:51:17 GMT; Domain=www.hudsonvalleytechnology.com; Path=/; HttpOnly cep-v4=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM; Max-Age=86400; Expires=Mon, 15-Jun-2020 21:51:17 GMT; Domain=www.hudsonvalleytechnology.com; Path=/; HttpOnly
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Pragma
no-cache
CF-Cache-Status
DYNAMIC
cf-request-id
035669d21f0000c78d762b4200000001
Server
cloudflare
CF-RAY
5a3745969fc5c78d-AMS
norton_header5.png
d.mobirewardscene.xyz/norton/v2/
4 KB
4 KB
Image
General
Full URL
https://d.mobirewardscene.xyz/norton/v2/norton_header5.png
Requested by
Host: d.mobirewardscene.xyz
URL: https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27f3f8b75e93fe47bba5693bfcaf5bb7ccd480b74b0e0c70d04860be6e96f2da

Request headers

Referer
https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 14 Jun 2020 21:51:17 GMT
cf-cache-status
HIT
age
298180
cf-polished
origFmt=png, origSize=5778
status
200
content-disposition
inline; filename="norton_header5.webp"
content-length
3758
cf-request-id
035669d2940000d6b567be9200000001
last-modified
Thu, 21 May 2020 17:28:30 GMT
server
cloudflare
etag
"631bd-1692-5a62bd7557339"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Mon, 14 Jun 2021 21:51:17 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
5a3745975fcad6b5-FRA
cf-bgj
imgq:85,h2pri
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/
95 KB
34 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: d.mobirewardscene.xyz
URL: https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 12 Jun 2020 00:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
250995
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Jun 2021 00:08:02 GMT
close.js
d.mobirewardscene.xyz/norton/v2/
790 B
485 B
Script
General
Full URL
https://d.mobirewardscene.xyz/norton/v2/close.js
Requested by
Host: d.mobirewardscene.xyz
URL: https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13edd1d2fcdb4199a38d7a36b6918c4ae77d66d3f2004c1e912f67acc6c41b9

Request headers

Referer
https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 14 Jun 2020 21:51:17 GMT
content-encoding
br
cf-cache-status
HIT
age
298180
cf-polished
origSize=1586
status
200
last-modified
Thu, 21 May 2020 17:28:28 GMT
cf-request-id
035669d2950000d6b567beb200000001
cf-bgj
minify
server
cloudflare
etag
W/"631b9-632-5a62bd744fc61"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cf-ray
5a3745975fd0d6b5-FRA
expires
Mon, 14 Jun 2021 21:51:17 GMT
tim.js
d.mobirewardscene.xyz/norton/v2/
357 B
283 B
Script
General
Full URL
https://d.mobirewardscene.xyz/norton/v2/tim.js
Requested by
Host: d.mobirewardscene.xyz
URL: https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
503c3ae7ec0a24b85c2f40b8d4e795a775e25fc8b8f3318edc1ed468214e264e

Request headers

Referer
https://d.mobirewardscene.xyz/norton/v2/index-t-en.html?td=www.hudsonvalleytechnology.com&cep=2gg4-QDaeNKeMxIpC7L4dOs45d-9fNyUD3YzK_yrNCe03errtzOpxPNvYDXngj4WRW2nPe2Vgi8bbVjRnM3UndB1N05BYraIgV9Y-a_gxraicSJiWve6rfF7aZ3IKXTyZxoUcFsDOOa9Kg4kzpqIS8vDKrcSa_nEOTAac9B8ox5qW5BO0p4Xci4ZZ7YD3wZRH3aDKrlnxqtApXH1SORwUoFdAQs8G5Ou4s61o2QN7mKFaUbJLO9UTQ7S-hKMNOYKdhfZtCqjWxLKXenIZCP3b43SVhYMcwbia73I0G5Y7ZhhBv3wTK9fPbdS4Vp3vHd9jVvrw8w2fRNrsNT9ZxsP7jnp0lMs_Dt1eMZr9h1sBNhNOq0JbeydFeIuvYmBQrH1YsC7IA2tUVMK6mXHkJekHPqsaFj3PD_ZunRDm-bPEWpH3qAz6uMJ5ONVvYRFm8YLGsbWJiiBU2Z_Q1xotsKRnkTcqy9bC-LuuZgc_O2GkaRWS3D84NaYS816uRxYcvrZj97RSIxsk66KeMqFURyfwSJBxxxWQs4UGsfXJOLQE7UtKMZujyXgr9eaPGIa3V7VkNTlFStWv48zhF1yIOr0kAyesqBWV4d1mZBbif08oT94MSesr_xR8BXzS07LTeQYOv-7Sbt5PFQe9WPR7Mbn-TDoe8OZjsMe2Q87xS9NnsM&lptoken=15c59209176c32417742
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 14 Jun 2020 21:51:17 GMT
content-encoding
br
cf-cache-status
HIT
age
298180
cf-polished
origSize=687
status
200
last-modified
Thu, 21 May 2020 17:28:30 GMT
cf-request-id
035669d2960000d6b567bec200000001
cf-bgj
minify
server
cloudflare
etag
W/"631be-2af-5a62bd7551961"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cf-ray
5a3745975fd1d6b5-FRA
expires
Mon, 14 Jun 2021 21:51:17 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| contains function| getURLParameter object| dayNames object| monthNames object| now function| loadstart function| $ function| jQuery boolean| validNavigation function| wireUpEvents function| start_timer function| exit_a1

1 Cookies

Domain/Path Name / Value
.d.mobirewardscene.xyz/ Name: __cfduid
Value: d9bcca282f3c40cd595fdb3dda840a55c1592171477