fraud-fp.ypsilon.net Open in urlscan Pro
195.4.70.9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fraud-fp.ypsilon.net/iframe?1580854845939
Submission: On February 05 via manual (February 5th 2020, 1:43:12 pm UTC) from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 33 IPs in 6 countries across 34 domains to perform 45 HTTP transactions. The main IP is 195.4.70.9, located in Germany and belongs to FREENETDE freenet Datenkommunikations GmbH, DE. The main domain is fraud-fp.ypsilon.net.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 29th 2018. Valid for: 2 years.

This is the only time fraud-fp.ypsilon.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	195.4.70.9 195.4.70.9	5430 (FREENETDE...) (FREENETDE freenet Datenkommunikations GmbH)
1	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	74.122.190.83 74.122.190.83	15211 (SQUARE) (SQUARE)
1	104.244.42.193 104.244.42.193	13414 (TWITTER) (TWITTER)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:825::200d	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE)
1 1	52.138.209.16 52.138.209.16	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	40.90.23.154 40.90.23.154	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 4	2600:1901:1:b... 2600:1901:1:b6d::	15169 (GOOGLE) (GOOGLE)
1 2	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
1	152.199.21.147 152.199.21.147	15133 (EDGECAST) (EDGECAST)
1	104.111.215.55 104.111.215.55	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:100:6022... 2620:100:6022:1::a27d:4201	19679 (DROPBOX) (DROPBOX)
1	2.18.233.29 2.18.233.29	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.12.84 151.101.12.84	54113 (FASTLY) (FASTLY)
1	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 2	37.244.28.102 37.244.28.102	57976 (BLIZZARD) (BLIZZARD)
1	104.111.236.24 104.111.236.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.247.118.82 54.247.118.82	16509 (AMAZON-02) (AMAZON-02)
1	140.82.118.3 140.82.118.3	36459 (GITHUB) (GITHUB)
1	2606:4700::68... 2606:4700::6810:7a7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	209.216.230.240 209.216.230.240	21581 (M5HOSTING) (M5HOSTING)
1	2600:9000:214... 2600:9000:214f:800:5:d344:2380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	107.23.242.160 107.23.242.160	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.214.159 143.204.214.159	16509 (AMAZON-02) (AMAZON-02)
1	151.101.113.42 151.101.113.42	54113 (FASTLY) (FASTLY)
1	23.210.248.226 23.210.248.226	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	13.35.253.56 13.35.253.56	16509 (AMAZON-02) (AMAZON-02)
1	13.35.253.61 13.35.253.61	16509 (AMAZON-02) (AMAZON-02)
1	151.101.13.254 151.101.13.254	54113 (FASTLY) (FASTLY)
1	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY)
1	2406:da00:ff0... 2406:da00:ff00::6b17:d1f5	14618 (AMAZON-AES) (AMAZON-AES)
1	169.45.207.201 169.45.207.201	36351 (SOFTLAYER) (SOFTLAYER)
1	87.240.137.158 87.240.137.158	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
45	33

10 195.4.70.9 (Germany)

ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE)
PTR: f1-ab-orchestra1.infosys.de

fraud-fp.ypsilon.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.122.190.83 (United States)

ASN15211 (SQUARE, US)
PTR: redhilltaxi.com

squareup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.193 (United States)

ASN13414 (TWITTER, US)

twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

plus.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.138.209.16 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.skype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.90.23.154 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:1:b6d:: (United States) 3 redirects

ASN15169 (GOOGLE, US)

www.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
accounts.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.140 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.21.147 (United States)

ASN15133 (EDGECAST, US)

www.tumblr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.55 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-55.deploy.static.akamaitechnologies.com

www.expedia.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:6022:1::a27d:4201 (United States)

ASN19679 (DROPBOX, US)

www.dropbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.29 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-29.deploy.static.akamaitechnologies.com

www.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.84 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

de.foursquare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.244.28.102 (Netherlands) 1 redirects

ASN57976 (BLIZZARD, US)

eu.battle.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.236.24 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-236-24.deploy.static.akamaitechnologies.com

store.steampowered.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.247.118.82 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-118-82.eu-west-1.compute.amazonaws.com

www.academia.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 140.82.118.3 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-118-3-ams.github.com

github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7a7f (United States)

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.216.230.240 (San Diego, United States)

ASN21581 (M5HOSTING, US)
PTR: news.ycombinator.com

news.ycombinator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:800:5:d344:2380:93a1 (United States)

ASN16509 (AMAZON-02, US)

carbonmade.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.23.242.160 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-242-160.compute-1.amazonaws.com

courses.edx.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.214.159 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-159.fra53.r.cloudfront.net

slack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.42 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.khanacademy.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.226 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.56 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-56.fra6.r.cloudfront.net

500px.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.61 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-61.fra6.r.cloudfront.net

web.500px.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.254 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.airbnb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

secure.meetup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:da00:ff00::6b17:d1f5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

bitbucket.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.45.207.201 (Ashburn, United States)

ASN36351 (SOFTLAYER, US)
PTR: c9.cf.2da9.ip4.static.sl-reverse.com

secure.indeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.240.137.158 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv158-137-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ypsilon.net fraud-fp.ypsilon.net	56 KB
5	google.com 1 redirects accounts.google.com plus.google.com	1 KB
4	spotify.com 3 redirects www.spotify.com accounts.spotify.com	2 KB
2	500px.com 1 redirects 500px.com web.500px.com	1 KB
2	battle.net 1 redirects eu.battle.net	431 B
2	reddit.com 1 redirects www.reddit.com	495 B
1	vk.com vk.com
1	indeed.com secure.indeed.com
1	bitbucket.org bitbucket.org	86 B
1	meetup.com secure.meetup.com
1	disqus.com disqus.com
1	airbnb.com www.airbnb.com
1	paypal.com www.paypal.com
1	khanacademy.org www.khanacademy.org
1	slack.com slack.com
1	edx.org courses.edx.org
1	carbonmade.com carbonmade.com
1	ycombinator.com news.ycombinator.com
1	medium.com medium.com
1	github.com github.com
1	academia.edu www.academia.edu
1	steampowered.com store.steampowered.com
1	foursquare.com de.foursquare.com
1	pinterest.com www.pinterest.com
1	amazon.com www.amazon.com
1	dropbox.com www.dropbox.com
1	expedia.de www.expedia.de
1	tumblr.com www.tumblr.com
1	live.com login.live.com
1	skype.com 1 redirects login.skype.com	892 B
1	facebook.com www.facebook.com
1	twitter.com twitter.com
1	squareup.com squareup.com
1	cloudflare.com cdnjs.cloudflare.com	20 KB
45	34

	Domain	Requested by
10	fraud-fp.ypsilon.net	fraud-fp.ypsilon.net cdnjs.cloudflare.com
4	accounts.google.com
3	www.spotify.com	3 redirects
2	eu.battle.net	1 redirects
2	www.reddit.com	1 redirects
1	vk.com
1	secure.indeed.com
1	bitbucket.org
1	secure.meetup.com
1	disqus.com
1	www.airbnb.com
1	web.500px.com
1	500px.com	1 redirects
1	www.paypal.com
1	www.khanacademy.org
1	slack.com
1	courses.edx.org
1	carbonmade.com
1	news.ycombinator.com
1	medium.com
1	github.com
1	www.academia.edu
1	store.steampowered.com
1	de.foursquare.com
1	www.pinterest.com
1	www.amazon.com
1	www.dropbox.com
1	www.expedia.de
1	www.tumblr.com
1	accounts.spotify.com
1	login.live.com
1	login.skype.com	1 redirects
1	plus.google.com	1 redirects
1	www.facebook.com
1	twitter.com
1	squareup.com
1	cdnjs.cloudflare.com	fraud-fp.ypsilon.net
45	37

This site contains no links.

Subject Issuer	Validity	Valid
*.ypsilon.net Go Daddy Secure Certificate Authority - G2	`2018-08-29` - `2020-08-29`	2 years	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
www.squareup.com Entrust Certification Authority - L1M	`2019-07-09` - `2020-08-01`	a year	crt.sh
twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2020-01-14` - `2020-04-07`	3 months	crt.sh
login.live.com Microsoft IT TLS CA 1	`2019-11-05` - `2021-11-05`	2 years	crt.sh
*.spotify.com DigiCert SHA2 Secure Server CA	`2017-05-16` - `2020-07-29`	3 years	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
tumblr.com DigiCert SHA2 Extended Validation Server CA	`2019-08-08` - `2021-08-12`	2 years	crt.sh
www.expedia.com GeoTrust RSA CA 2018	`2020-01-23` - `2020-09-05`	7 months	crt.sh
www.dropbox.com DigiCert SHA2 Extended Validation Server CA	`2020-01-07` - `2022-03-23`	2 years	crt.sh
www.amazon.com DigiCert Global CA G2	`2020-01-23` - `2020-12-31`	a year	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2019-06-05` - `2020-07-22`	a year	crt.sh
n2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-11-29` - `2020-06-13`	6 months	crt.sh
www.battle.net DigiCert SHA2 Extended Validation Server CA	`2018-09-05` - `2020-11-11`	2 years	crt.sh
store.steampowered.com DigiCert SHA2 Extended Validation Server CA	`2019-03-13` - `2021-03-12`	2 years	crt.sh
*.academia.edu Sectigo RSA Domain Validation Secure Server CA	`2019-10-11` - `2021-10-18`	2 years	crt.sh
github.com DigiCert SHA2 Extended Validation Server CA	`2018-05-08` - `2020-06-03`	2 years	crt.sh
medium.com DigiCert SHA2 Extended Validation Server CA	`2019-08-21` - `2021-09-13`	2 years	crt.sh
news.ycombinator.com DigiCert SHA2 Secure Server CA	`2019-07-08` - `2021-09-10`	2 years	crt.sh
carbonmade.com Amazon	`2019-11-12` - `2020-12-12`	a year	crt.sh
*.edx.org Gandi Standard SSL CA 2	`2018-04-02` - `2020-05-06`	2 years	crt.sh
slack.com DigiCert SHA2 Secure Server CA	`2018-02-08` - `2021-02-12`	3 years	crt.sh
khan.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-11-19` - `2020-11-19`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2019-09-10` - `2020-08-18`	a year	crt.sh
web.500px.com Amazon	`2019-03-01` - `2020-04-01`	a year	crt.sh
www.airbnb.com DigiCert SHA2 Extended Validation Server CA	`2019-08-29` - `2021-09-02`	2 years	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-10` - `2020-03-21`	a year	crt.sh
bitbucket.org DigiCert SHA2 Extended Validation Server CA	`2018-04-19` - `2020-04-21`	2 years	crt.sh
*.indeed.com DigiCert SHA2 High Assurance Server CA	`2020-01-09` - `2021-11-21`	2 years	crt.sh
vk.com Sectigo ECC Extended Validation Secure Server CA	`2019-07-11` - `2020-07-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fraud-fp.ypsilon.net/iframe?1580854845939
Frame ID: 9FBDA523A0564C992B7FE1F825A04976
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Python (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:^|\s)Python(?:\/([\d.]+))?/i

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /require.*\.js/i

Fingerprintjs (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /fingerprint(\d)?(?:\.min)?\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

45
Requests

100 %
HTTPS

25 %
IPv6

34
Domains

37
Subdomains

33
IPs

6
Countries

76 kB
Transfer

241 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://plus.google.com/up/accounts/upgrade/?continue=https://plus.google.com/favicon.ico HTTP 302
https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico

Request Chain 15

https://login.skype.com/login?message=signin_continue&redirect_uri=https%3A%2F%2Fsecure.skype.com%2Ffavicon.ico HTTP 302
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1580910176&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.skype.com%252Ffavicon.ico%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67

Request Chain 16

https://www.spotify.com/en/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 301
https://www.spotify.com/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 302
https://www.spotify.com/be-nl/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 302
https://accounts.spotify.com/login/?continue=https%3A//www.spotify.com/favicon.ico&_locale=nl-BE

Request Chain 17

https://www.reddit.com/login?dest=https%3A%2F%2Fwww.reddit.com%2Ffavicon.ico HTTP 301
https://www.reddit.com/login/?dest=https%3A%2F%2Fwww.reddit.com%2Ffavicon.ico

Request Chain 24

https://eu.battle.net/login/de/index?ref=http://eu.battle.net/favicon.ico HTTP 302
https://eu.battle.net/login/de/?ref=http://eu.battle.net/favicon.ico

Request Chain 36

https://500px.com/login?r=%2Ffavicon.ico HTTP 301
https://web.500px.com/login?r=%2Ffavicon.ico

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request iframe Show response
fraud-fp.ypsilon.net/ 376 B
548 B 119ms
29ms Document
text/html 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/iframe?1580854845939
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: bb53d5471aed3aa166044e5ecae747fe0d8580a81f01713b0c061fb15f65da05

Request headers

Host: fraud-fp.ypsilon.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Server: Python/3.6 aiohttp/3.6.1
Accept-Ranges: bytes
X-Mod-Pagespeed: 1.8.31.4-4009
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=0, no-cache
Content-Length: 204
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK fingerprint2-v2.0.6.min.js Show response
fraud-fp.ypsilon.net/static/ 29 KB
11 KB 29ms
28ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/fingerprint2-v2.0.6.min.js
Requested by: Host: fraud-fp.ypsilon.net
URL: https://fraud-fp.ypsilon.net/iframe?1580854845939
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: bf742102ba4d749b1b9af89400a185b8aaae7c1b7691182b76556f54cc4f19b0

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:28 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 10575
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
fraud-fp.ypsilon.net/static/ 90 KB
32 KB 73ms
35ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/jquery-1.9.1.min.js
Requested by: Host: fraud-fp.ypsilon.net
URL: https://fraud-fp.ypsilon.net/iframe?1580854845939
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:27 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 32731
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H/1.1 200
OK fp-v1.0.1.min.js Show response
fraud-fp.ypsilon.net/static/ 11 KB
5 KB 74ms
25ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/fp-v1.0.1.min.js
Requested by: Host: fraud-fp.ypsilon.net
URL: https://fraud-fp.ypsilon.net/iframe?1580854845939
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: 15546f1f73628a11a382a0f4e3a294e0db944b2abaa112ecb499ab3d0cb53e80

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:28 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4371
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H2 200 require.js Show response
cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/ 84 KB
20 KB 14ms
13ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.js

Requested by

Host: fraud-fp.ypsilon.net
URL: https://fraud-fp.ypsilon.net/iframe?1580854845939

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9485f0917f97fcf4f63a5ea365200ffd57f123f451382a2f9a1ad2e2fd51ac9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 05 Feb 2020 13:42:56 GMT
content-encoding: br
cf-cache-status: HIT
age: 8403781
cf-ray: 56054f799fd8dfb7-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Mon, 27 Aug 2018 06:15:48 GMT
server: cloudflare
etag: W/"5b839714-151d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 25 Jan 2021 13:42:56 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.003

GET
H/1.1 200
OK main.js Show response
fraud-fp.ypsilon.net/static/ 460 B
648 B 73ms
24ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/main.js
Requested by: Host: fraud-fp.ypsilon.net
URL: https://fraud-fp.ypsilon.net/iframe?1580854845939
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: 36bffb5b8175c4975186a4216ec61f2109fa298cfe38c1f8b290cdf194dfdee3

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:28 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 258
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H/1.1 200
OK dispatcher.js Show response
fraud-fp.ypsilon.net/static/ 4 KB
1 KB 27ms
27ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/dispatcher.js
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: 96a70b1f54faa8a2277018bec6b10b538d29d78b6856a3912324ba5f6e1644f6

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:28 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H/1.1 200
OK fingerprint.js Show response
fraud-fp.ypsilon.net/static/ 5 KB
2 KB 29ms
29ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/fingerprint.js
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: d7f9e1037728cbf1203b81601c22a9cdba15d8d7b9deb8d29e6726c179940d20

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:27 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1332
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H/1.1 200
OK social_media.js Show response
fraud-fp.ypsilon.net/static/ 10 KB
2 KB 27ms
26ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/social_media.js
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: deef68eb970ec17dd7e2a8118936045ccf49f170cc69061638e606db850a7117

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:27 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2131
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H/1.1 200
OK private_mode.js Show response
fraud-fp.ypsilon.net/static/ 6 KB
2 KB 28ms
28ms Script
application/javascript 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/static/private_mode.js
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: e40cf8786962ceb32f2e7fa70541b8ddbd1293d470fdcd201c2d8b521092067f

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 05 Feb 2020 13:42:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 11:44:28 GMT
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1246
Expires: Thu, 06 Feb 2020 13:42:56 GMT

GET
H2 200 login
squareup.com/ 0
0 525ms
166ms Image
text/html 74.122.190.83
SQUARE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://squareup.com/login?return_to=%2Ffavicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.122.190.83 , United States, ASN15211 (SQUARE, US),
Reverse DNS: redhilltaxi.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 login
twitter.com/ 0
0 182ms
178ms Image
text/html 104.244.42.193
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twitter.com/login?redirect_after_login=%2f..%2ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.42.193 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 login.php
www.facebook.com/ 0
0 233ms
230ms Image
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 81ms
78ms Image
text/html 2a00:1450:4001:825::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 69ms
66ms Image
text/html 2a00:1450:4001:825::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2

200

ServiceLogin
accounts.google.com/
Redirect Chain

https://plus.google.com/up/accounts/upgrade/?continue=https://plus.google.com/favicon.ico
https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com...

0
0

67ms
67ms

Image
text/html

2a00:1450:4001:825::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: ESF
location: https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
date: Wed, 05 Feb 2020 13:42:56 GMT
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 302
x-robots-tag: noindex
content-security-policy: script-src 'report-sample' 'nonce-Ll04K/kZ593QjJ5ZPO4Siw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/PlusAppUi/cspreport;worker-src 'self', script-src 'nonce-Ll04K/kZ593QjJ5ZPO4Siw' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://s.ytimg.com https://www.googleapis.com https://support.google.com https://youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlusAppUi/cspreport
content-type: application/binary
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

https://login.skype.com/login?message=signin_continue&redirect_uri=https%3A%2F%2Fsecure.skype.com%2Ffavicon.ico
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1580910176&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecur...

0
0

297ms
106ms

Image
text/html

40.90.23.154
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1580910176&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.skype.com%252Ffavicon.ico%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 40.90.23.154 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Wed, 05 Feb 2020 13:42:56 GMT
X-Content-Type-Options: nosniff
X-Stratus-Processing-Time: 0.0043
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Skype-Request-Id: db608b17
Content-Type: text/html; charset=UTF-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1580910176&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.skype.com%252Ffavicon.ico%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67
X-Processing-Time: 0.005
Cache-Control: no-store, no-cache, must-revalidate
X-Stratus-Request-Id: db608b17
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 +0000

GET
H2

200

/
accounts.spotify.com/login/
Redirect Chain

https://www.spotify.com/en/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
https://www.spotify.com/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
https://www.spotify.com/be-nl/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
https://accounts.spotify.com/login/?continue=https%3A//www.spotify.com/favicon.ico&_locale=nl-BE

0
0

17ms
16ms

Image
text/html

2600:1901:1:b6d::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.spotify.com/login/?continue=https%3A//www.spotify.com/favicon.ico&_locale=nl-BE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1901:1:b6d:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

date: Wed, 05 Feb 2020 13:42:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-envoy-upstream-service-time: 25
alt-svc: clear
x-xss-protection: 1; mode=block
server: envoy
location: //accounts.spotify.com/login/?continue=https%3A//www.spotify.com/favicon.ico&_locale=nl-BE
strict-transport-security: max-age=31536000
report-to: { "group": "csp-endpoint", "max_age": 86400, "endpoints": [{ "url": "/api/concierge/report-to" }] }
content-type: text/html; charset=UTF-8
via: HTTP/2 edgeproxy, 1.1 google
vary: X-Forwarded-Proto, Accept-Encoding
cache-control: max-age=0, must-revalidate, private
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none';
x-join-the-band: https://www.spotify.com/jobs/

GET
H2

200

/
www.reddit.com/login/
Redirect Chain

https://www.reddit.com/login?dest=https%3A%2F%2Fwww.reddit.com%2Ffavicon.ico
https://www.reddit.com/login/?dest=https%3A%2F%2Fwww.reddit.com%2Ffavicon.ico

0
0

124ms
124ms

Image
text/html

151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reddit.com/login/?dest=https%3A%2F%2Fwww.reddit.com%2Ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

date: Wed, 05 Feb 2020 13:42:56 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 301
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 0
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4026-HHN
pragma: no-cache
server: snooserv
x-timer: S1580910176.449717,VS0,VE104
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://www.reddit.com/login/?dest=https%3A%2F%2Fwww.reddit.com%2Ffavicon.ico
expires: 0
cache-control: private, max-age=0, must-revalidate
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 login
www.tumblr.com/ 0
0 237ms
190ms Image
text/html 152.199.21.147
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tumblr.com/login?redirect_to=%2Ffavicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.147 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 429 login
www.expedia.de/user/ 0
0 340ms
270ms Image
text/html 104.111.215.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.expedia.de/user/login?ckoflag=0&selc=0&uurl=qscr%3Dreds%26rurl%3D%252Ffavicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.55 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-55.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 login
www.dropbox.com/ 0
0 527ms
479ms Image
text/html 2620:100:6022:1::a27d:4201
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Fabout%2Fdropbox_logo_glyph_2015.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:100:6022:1::a27d:4201 , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 178-4417027-1316064
www.amazon.com/ap/signin/ 0
0 201ms
145ms Image
text/html 2.18.233.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.amazon.com/ap/signin/178-4417027-1316064?_encoding=UTF8&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=10000000&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2.18.233.29 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-29.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 /
www.pinterest.com/login/ 0
0 227ms
168ms Image
text/html 151.101.12.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pinterest.com/login/?next=https%3A%2F%2Fwww.pinterest.com%2Ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.84 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 login
de.foursquare.com/ 0
0 158ms
114ms Image
text/html 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de.foursquare.com/login?continue=%2Ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H/1.1

200
OK

/
eu.battle.net/login/de/
Redirect Chain

https://eu.battle.net/login/de/index?ref=http://eu.battle.net/favicon.ico
https://eu.battle.net/login/de/?ref=http://eu.battle.net/favicon.ico

0
0

46ms
46ms

Image
text/html

37.244.28.102
BLIZZARD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu.battle.net/login/de/?ref=http://eu.battle.net/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.244.28.102 , Netherlands, ASN57976 (BLIZZARD, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Wed, 05 Feb 2020 13:42:56 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: DENY
Location: https://eu.battle.net/login/de/?ref=http://eu.battle.net/favicon.ico
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=4000
Content-Length: 0
X-XSS-Protection: 1; mode=block
Retry-After: 600
Expires: 0

GET
H/1.1 200
OK /
store.steampowered.com/login/ 0
0 294ms
251ms Image
text/html 104.111.236.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.steampowered.com/login/?redir=favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.236.24 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-236-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H/1.1 200
OK login
www.academia.edu/ 0
0 195ms
127ms Image
text/html 54.247.118.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.academia.edu/login?cp=/favicon.ico&cs=www
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.118.82 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-247-118-82.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 74ms
74ms Image
text/html 2a00:1450:4001:825::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?service=blogger&hl=de&passive=1209600&continue=https://www.blogger.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H/1.1 200
OK login
github.com/ 0
0 251ms
155ms Image
text/html 140.82.118.3
GITHUB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffavicon.ico%3Fid%3D1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 140.82.118.3 , United States, ASN36459 (GITHUB, US),
Reverse DNS: lb-140-82-118-3-ams.github.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 signin
medium.com/m/ 0
0 164ms
149ms Image
text/html 2606:4700::6810:7a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medium.com/m/signin?redirect=https%3A%2F%2Fmedium.com%2Ffavicon.ico&loginType=default
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:7a7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H/1.1 400
Bad Request login
news.ycombinator.com/ 0
0 458ms
151ms Image
text/html 209.216.230.240
M5HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news.ycombinator.com/login?goto=y18.gif%23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.216.230.240 San Diego, United States, ASN21581 (M5HOSTING, US),
Reverse DNS: news.ycombinator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 403 signin
carbonmade.com/ 0
0 36ms
7ms Image
text/html 2600:9000:214f:800:5:d344:2380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://carbonmade.com/signin?returnTo=favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:800:5:d344:2380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden login
courses.edx.org/ 0
0 455ms
102ms Image
text/html 107.23.242.160
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://courses.edx.org/login?next=/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.242.160 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-242-160.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 checkcookie
slack.com/ 0
0 170ms
125ms Image
text/html 143.204.214.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slack.com/checkcookie?redir=https%3A%2F%2Fslack.com%2Ffavicon.ico%23
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.159 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-159.fra53.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 login
www.khanacademy.org/ 0
0 313ms
247ms Image
text/html 151.101.113.42
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.khanacademy.org/login?continue=https%3A//www.khanacademy.org/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.42 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 signin
www.paypal.com/ 0
0 382ms
339ms Image
text/html 23.210.248.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.paypal.com/signin?returnUri=https://t.paypal.com/ts?v=1.0.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-226.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2

200

https://500px.com/login?r=%2Ffavicon.ico
https://web.500px.com/login?r=%2Ffavicon.ico

0
0

91ms
40ms

Image
text/html

13.35.253.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.500px.com/login?r=%2Ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.61 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-61.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

date: Wed, 05 Feb 2020 13:42:57 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
status: 301, 301 Moved Permanently
access-control-max-age: 1728000
x-xss-protection: 1; mode=block
x-request-id: c10d0d97-91f1-480e-be99-95c6d5766ce8
x-runtime: 0.090010
server: openresty/1.13.6.2
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, HEAD, DELETE, PUT, PATCH
content-type: text/html; charset=utf-8
location: https://web.500px.com/login?r=%2Ffavicon.ico
cache-control: no-cache
access-control-allow-headers: Access-Control-Allow-Origin,Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
x-amz-cf-id: KqvOh8_6AokU1n9XRPsjlbV1_LmP8wmfZ7jxzKvqoNAUsZwjGTX9rQ==
x-rack-cache: miss

GET
H2 200 login
www.airbnb.com/ 0
0 494ms
431ms Image
text/html 151.101.13.254
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.airbnb.com/login?redirect_params[action]=favicon.ico&redirect_params[controller]=home
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.254 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H/1.1 200
OK /
disqus.com/profile/login/ 0
0 252ms
223ms Image
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://disqus.com/profile/login/?next=https%3A%2F%2Fdisqus.com%2Ffavicon.ico
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 /
secure.meetup.com/login/ 0
0 337ms
189ms Image
text/html 151.101.14.110
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.meetup.com/login/?returnUri=https%3A%2F%2Fwww.meetup.com%2Fimg%2Fajax_loader_trans.gif
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 403 /
bitbucket.org/account/signin/ 13 B
86 B 432ms
91ms Image
text/html 2406:da00:ff00::6b17:d1f5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitbucket.org/account/signin/?next=/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2406:da00:ff00::6b17:d1f5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 58404bdf6dc25c24fedd979469e69bfb8dc9ebca64a469929a858a12b12b9c30

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 403
date: Wed, 05 Feb 2020 13:42:57 GMT
content-length: 13
content-type: text/html

GET
H2 404 login
secure.indeed.com/account/ 0
0 365ms
110ms Image
text/html 169.45.207.201
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.indeed.com/account/login?continue=%2ffavicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.45.207.201 Ashburn, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: c9.cf.2da9.ip4.static.sl-reverse.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 login
vk.com/ 0
0 268ms
105ms Image
text/html 87.240.137.158
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vk.com/login?u=2&to=ZmF2aWNvbi5pY28-
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.240.137.158 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),
Reverse DNS: srv158-137-240-87.vk.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

access-control-expose-headers: X-Frontend

POST
H/1.1 200
OK fp Show response
fraud-fp.ypsilon.net/ 17 B
290 B 28ms
27ms XHR
text/plain 195.4.70.9
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to

Full URL: https://fraud-fp.ypsilon.net/fp
Requested by: Host: fraud-fp.ypsilon.net
URL: https://fraud-fp.ypsilon.net/static/dispatcher.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.4.70.9 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: f1-ab-orchestra1.infosys.de
Software: Python/3.6 aiohttp/3.6.1 /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://fraud-fp.ypsilon.net/iframe?1580854845939
Origin: https://fraud-fp.ypsilon.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-type: application/json

Response headers

Date: Wed, 05 Feb 2020 13:42:57 GMT
Content-Encoding: gzip
Server: Python/3.6 aiohttp/3.6.1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 37

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

500px.com
accounts.google.com
accounts.spotify.com
bitbucket.org
carbonmade.com
cdnjs.cloudflare.com
courses.edx.org
de.foursquare.com
disqus.com
eu.battle.net
fraud-fp.ypsilon.net
github.com
login.live.com
login.skype.com
medium.com
news.ycombinator.com
plus.google.com
secure.indeed.com
secure.meetup.com
slack.com
squareup.com
store.steampowered.com
twitter.com
vk.com
web.500px.com
www.academia.edu
www.airbnb.com
www.amazon.com
www.dropbox.com
www.expedia.de
www.facebook.com
www.khanacademy.org
www.paypal.com
www.pinterest.com
www.reddit.com
www.spotify.com
www.tumblr.com
104.111.215.55
104.111.236.24
104.244.42.193
107.23.242.160
13.35.253.56
13.35.253.61
140.82.118.3
143.204.214.159
151.101.113.140
151.101.113.42
151.101.114.49
151.101.12.84
151.101.13.254
151.101.14.110
151.101.64.134
152.199.21.147
169.45.207.201
195.4.70.9
2.18.233.29
209.216.230.240
23.210.248.226
2406:da00:ff00::6b17:d1f5
2600:1901:1:b6d::
2600:9000:214f:800:5:d344:2380:93a1
2606:4700::6810:7a7f
2606:4700::6811:4004
2620:100:6022:1::a27d:4201
2a00:1450:4001:815::200e
2a00:1450:4001:825::200d
2a03:2880:f12d:83:face:b00c:0:25de
37.244.28.102
40.90.23.154
52.138.209.16
54.247.118.82
74.122.190.83
87.240.137.158
15546f1f73628a11a382a0f4e3a294e0db944b2abaa112ecb499ab3d0cb53e80
36bffb5b8175c4975186a4216ec61f2109fa298cfe38c1f8b290cdf194dfdee3
58404bdf6dc25c24fedd979469e69bfb8dc9ebca64a469929a858a12b12b9c30
9485f0917f97fcf4f63a5ea365200ffd57f123f451382a2f9a1ad2e2fd51ac9b
96a70b1f54faa8a2277018bec6b10b538d29d78b6856a3912324ba5f6e1644f6
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
bb53d5471aed3aa166044e5ecae747fe0d8580a81f01713b0c061fb15f65da05
bf742102ba4d749b1b9af89400a185b8aaae7c1b7691182b76556f54cc4f19b0
d7f9e1037728cbf1203b81601c22a9cdba15d8d7b9deb8d29e6726c179940d20
deef68eb970ec17dd7e2a8118936045ccf49f170cc69061638e606db850a7117
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40cf8786962ceb32f2e7fa70541b8ddbd1293d470fdcd201c2d8b521092067f
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

fraud-fp.ypsilon.net Open in urlscan Pro 195.4.70.9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

25 %IPv6

34 Domains

37 Subdomains

33 IPs

6 Countries

76 kBTransfer

241 kBSize

0 Cookies

0 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

fraud-fp.ypsilon.net Open in urlscan Pro
195.4.70.9 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

25 %
IPv6

34
Domains

37
Subdomains

33
IPs

6
Countries

76 kB
Transfer

241 kB
Size

0
Cookies

45 HTTP transactions
0 data transactions