www.bagborroworsteal.com Open in urlscan Pro
162.242.193.45 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_7&ems_l=8697087&i=1&d=NDIzMDExNDcx%7CWlRXRFo1Tko0OA%3D%3D...
Effective URL:
https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Submission: On July 06 via api (July 6th 2021, 12:36:12 pm UTC) from US

Summary HTTP 51 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 22 IPs in 6 countries across 15 domains to perform 51 HTTP transactions. The main IP is 162.242.193.45, located in United States and belongs to RACKSPACE, US. The main domain is www.bagborroworsteal.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 26th 2020. Valid for: 2 years.

This is the only time www.bagborroworsteal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	217.175.192.21 217.175.192.21	199236 (EMARSYS-A...) (EMARSYS-AS Emarsys eMarketing Systems AG)
2 4	162.242.193.45 162.242.193.45	27357 (RACKSPACE) (RACKSPACE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
10	93.184.220.20 93.184.220.20	15133 (EDGECAST) (EDGECAST)
1	13.224.193.85 13.224.193.85	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
10	185.32.241.65 185.32.241.65	30286 (THM) (THM)
1	2600:9000:215... 2600:9000:2156:bc00:0:43cc:80:93a1	16509 (AMAZON-02) (AMAZON-02)
6	13.225.87.124 13.225.87.124	16509 (AMAZON-02) (AMAZON-02)
1	54.235.98.195 54.235.98.195	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
51	22

1 217.175.192.21 (Austria)

ASN199236 (EMARSYS-AS Emarsys eMarketing Systems AG, AT)

visit.bagborroworsteal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.242.193.45 (United States) 2 redirects

ASN27357 (RACKSPACE, US)

www.bagborroworsteal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 93.184.220.20 (London, United Kingdom)

ASN15133 (EDGECAST, US)

secure.avelleassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-85.fra2.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

seal-alaskaoregonwesternwashington.bbb.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.32.241.65 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:bc00:0:43cc:80:93a1 (United States)

ASN16509 (AMAZON-02, US)

iprecon.iglobalstores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.225.87.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-124.fra2.r.cloudfront.net

d1vyngmisxigjx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.98.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

checkout.iglobalstores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

w2txo5aajo4lob4uetgrdp5gt24kgz4f4zgse7ghcf8542454a636a8fam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	signifyd.com cdn-scripts.signifyd.com imgs.signifyd.com	82 KB
10	avelleassets.com secure.avelleassets.com	128 KB
6	cloudfront.net d1vyngmisxigjx.cloudfront.net	20 KB
5	bagborroworsteal.com 2 redirects visit.bagborroworsteal.com www.bagborroworsteal.com	34 KB
3	online-metrix.net h.online-metrix.net w2txo5aajo4lob4uetgrdp5gt24kgz4f4zgse7ghcf8542454a636a8fam1.e.aa.online-metrix.net	15 KB
3	google.de www.google.de	235 B
3	google.com 1 redirects www.google.com	195 B
3	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	iglobalstores.com iprecon.iglobalstores.com checkout.iglobalstores.com	12 KB
2	googleadservices.com www.googleadservices.com	18 KB
2	bbb.org seal-alaskaoregonwesternwashington.bbb.org	3 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	gstatic.com fonts.gstatic.com	28 KB
1	googleapis.com fonts.googleapis.com	591 B
0	Failed function sub() { [native code] }. Failed
51	15

	Domain	Requested by
10	imgs.signifyd.com	cdn-scripts.signifyd.com imgs.signifyd.com www.bagborroworsteal.com
10	secure.avelleassets.com	www.bagborroworsteal.com
6	d1vyngmisxigjx.cloudfront.net	www.bagborroworsteal.com
4	www.bagborroworsteal.com	2 redirects www.bagborroworsteal.com
3	www.google.de	www.bagborroworsteal.com
3	www.google.com	1 redirects www.bagborroworsteal.com
2	h.online-metrix.net	imgs.signifyd.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.googleadservices.com	www.bagborroworsteal.com www.googleadservices.com
2	seal-alaskaoregonwesternwashington.bbb.org	www.bagborroworsteal.com
2	www.google-analytics.com	www.bagborroworsteal.com www.google-analytics.com
1	w2txo5aajo4lob4uetgrdp5gt24kgz4f4zgse7ghcf8542454a636a8fam1.e.aa.online-metrix.net
1	checkout.iglobalstores.com	www.bagborroworsteal.com
1	iprecon.iglobalstores.com	secure.avelleassets.com
1	fonts.gstatic.com	fonts.googleapis.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdn-scripts.signifyd.com	www.bagborroworsteal.com
1	fonts.googleapis.com	www.bagborroworsteal.com
1	visit.bagborroworsteal.com
0	ghbmnnjooekpmoecnnnilnnbdlolhkhi Failed	imgs.signifyd.com
51	20

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.pinterest.com
instagram.com
www.bbb.org

Subject Issuer	Validity	Valid
visit.bagborroworsteal.com R3	`2021-05-12` - `2021-08-10`	3 months	crt.sh
bagborroworsteal.com Go Daddy Secure Certificate Authority - G2	`2020-05-26` - `2022-07-25`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
gp1.wac.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2021-03-10` - `2022-04-06`	a year	crt.sh
cdn-scripts.signifyd.com Amazon	`2020-09-30` - `2021-10-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.bbb.org GeoTrust RSA CA 2018	`2020-05-15` - `2022-07-03`	2 years	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2021-04-02` - `2022-05-04`	a year	crt.sh
*.iglobalstores.com Amazon	`2020-10-05` - `2021-11-05`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-01-21` - `2022-01-21`	a year	crt.sh
*.e.aa.online-metrix.net Go Daddy Secure Certificate Authority - G2	`2019-09-13` - `2021-09-13`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Frame ID: A4F0583B8805EEC7E5BA1C4901FA58EB
Requests: 37 HTTP requests in this frame

Frame: https://www.bagborroworsteal.com/blank_for_iframe.html
Frame ID: 08639685D2FCD7F6E3E55E5558E2300B
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/fp/check.js;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&jb=333524246a736f75354c69667d70266a716f354c696c7770266a71623f4360706d6f672732323a3b
Frame ID: 6AE19CAC6C1C43D756F44DB32CD69997
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/fp/ls_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f
Frame ID: 44D7CCB674CFAE0F5A2AD4B5C20F6CEB
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f
Frame ID: 5E6CA5B2321995466F55E6A4E6EC6081
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/fp/top_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f
Frame ID: 20710D8E01AB1356CE64DC5288C428CA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_7&ems_l=8697087&i=1&d=NDIzMDExNDcx%7C... Page URL
https://www.bagborroworsteal.com/sell/configInfo?sc_src=email_7092609&sc_lid=423011471&sc_uid=ZTWDZ5NJ48&sc_l... HTTP 302
https://www.bagborroworsteal.com/failedPermission HTTP 302
https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination= Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

51
Requests

98 %
HTTPS

52 %
IPv6

15
Domains

20
Subdomains

22
IPs

6
Countries

361 kB
Transfer

1008 kB
Size

10
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.facebook.com/bagborroworsteal

Search URL Search Domain Scan URL

URL: http://twitter.com/bagborrowsteal

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/bagborroworsteal/
Title:

Search URL Search Domain Scan URL

URL: http://instagram.com/bagborroworsteal
Title:

Search URL Search Domain Scan URL

URL: http://www.bbb.org/western-washington/business-reviews/handbags/bag-borrow-or-steal-in-seattle-wa-22027217#bbbseal

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_7&ems_l=8697087&i=1&d=NDIzMDExNDcx%7CWlRXRFo1Tko0OA%3D%3D%7CNy42LjIxX1NpdGV3aWRl%7CMjk4MzQzOA%3D%3D%7C&_esuh=_9_2ef65eb13281a607fa0681d49c3ac6a472431259a33f6a9820b0392dcc561519 Page URL
https://www.bagborroworsteal.com/sell/configInfo?sc_src=email_7092609&sc_lid=423011471&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438 HTTP 302
https://www.bagborroworsteal.com/failedPermission HTTP 302
https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070221345/?random=1182059726&cv=9&fst=1625574959405&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=L07kYK_kI4mmgAfMj6TQAg&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-user-list/1070221345/?random=1182059726&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=147963084&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/1070221345/?random=1182059726&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=147963084&resp=GooglemKTybQhCsO&ipr=y

51 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK nrd.php Show response
visit.bagborroworsteal.com/u/ 847 B
809 B 199ms
198ms Document
text/html 217.175.192.21
EMARSYS-AS Emarsy...

General

Check archive.org

Show headers Download Go to

Full URL

https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_7&ems_l=8697087&i=1&d=NDIzMDExNDcx%7CWlRXRFo1Tko0OA%3D%3D%7CNy42LjIxX1NpdGV3aWRl%7CMjk4MzQzOA%3D%3D%7C&_esuh=_9_2ef65eb13281a607fa0681d49c3ac6a472431259a33f6a9820b0392dcc561519

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.175.192.21 , Austria, ASN199236 (EMARSYS-AS Emarsys eMarketing Systems AG, AT),

Reverse DNS

Software

Apache /

Resource Hash

8e698be6783795b6473d3179d5f78fff218d72d02cc39ab15090398338309593

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Host: visit.bagborroworsteal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:52 GMT
server: Apache
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
content-encoding: gzip
x-af: suite16-web1
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 431
content-type: text/html; charset=utf-8
x-hf: suite-haproxy01e

GET
H/1.1

200
OK

Primary Request signinInput Show response
www.bagborroworsteal.com/
Redirect Chain

https://www.bagborroworsteal.com/sell/configInfo?sc_src=email_7092609&sc_lid=423011471&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2...
https://www.bagborroworsteal.com/failedPermission
https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

31 KB
32 KB

435ms
434ms

Document
text/html

162.242.193.45
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.242.193.45 , United States, ASN27357 (RACKSPACE, US),

Reverse DNS

Software

Apache-Coyote/1.1 /

Resource Hash

fccc573456ac877ef776ec803e6a52cf657bca305487f286efc94a83a8cbc3b1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.bagborroworsteal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://visit.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: JSESSIONID=C21D20E1A7BB21ABA45CD51EFFC22FDF.workerA; UBID=""; SESSION=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263; adTrackId=null; destination="/sell/configInfo?sc_src=email_7092609&sc_lid=423011471&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_7&ems_l=8697087&i=1&d=NDIzMDExNDcx%7CWlRXRFo1Tko0OA%3D%3D%7CNy42LjIxX1NpdGV3aWRl%7CMjk4MzQzOA%3D%3D%7C&_esuh=_9_2ef65eb13281a607fa0681d49c3ac6a472431259a33f6a9820b0392dcc561519

Response headers

Date: Tue, 06 Jul 2021 12:35:56 GMT
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=5, max=498
Connection: Keep-Alive
Transfer-Encoding: chunked

Redirect headers

Date: Tue, 06 Jul 2021 12:35:56 GMT
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
Location: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Content-Length: 0
Keep-Alive: timeout=5, max=499
Connection: Keep-Alive

GET
H2 200 css
fonts.googleapis.com/ 1 KB
591 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Playfair+Display

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9d83121a5242fd08642d5791a2c7536b9f20291498977184992a6a1db5808f05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 12:02:52 GMT
server: ESF
date: Tue, 06 Jul 2021 12:35:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Jul 2021 12:35:57 GMT

GET
H2 200 global.min.css
secure.avelleassets.com/TNT1930/css/ 29 KB
7 KB 101ms
40ms Stylesheet
text/css 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/css/global.min.css

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B90) /

Resource Hash

87755777f5ef22d9f1963138aec8eff9577c8d6c4dacfbc208ff4842194999fa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 04 May 2020 16:34:51 GMT
server: ECS (amb/6B90)
age: 441032
etag: "73cc-5a4d51c2920c0+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/css
content-length: 6894

GET
H2 200 concat_global.min.js Show response
secure.avelleassets.com/TNT1930/js_prod/ 118 KB
39 KB 115ms
55ms Script
text/javascript 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/js_prod/concat_global.min.js

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B89) /

Resource Hash

df095f2eeccde5bd77d3d845d3c1a077d9f72f2c757d7a77bd2ef540af9c234f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 10 Mar 2016 19:20:10 GMT
server: ECS (amb/6B89)
age: 441032
etag: "1d940-52db6b3f48e80+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/javascript
content-length: 39856

GET
H2 200 ig_welcome_mat_bagborrowsteal.css
secure.avelleassets.com/TNT1930/css/ 4 KB
2 KB 114ms
54ms Stylesheet
text/css 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/css/ig_welcome_mat_bagborrowsteal.css

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B88) /

Resource Hash

01708dc7992dc288a868c11571d919e7d474d4936cac11735c2f7d363f3d2d6f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 03 Jun 2019 21:43:27 GMT
server: ECS (amb/6B88)
age: 441032
etag: "f14-58a72411eddc0+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/css
content-length: 1456

GET
H2 200 ig_welcome_mat_bagborrowsteal.js Show response
secure.avelleassets.com/TNT1930/js_dev/ 30 KB
10 KB 79ms
19ms Script
text/javascript 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/js_dev/ig_welcome_mat_bagborrowsteal.js

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B90) /

Resource Hash

63302d1db7161aa5add476568458cccf5d85ed30a615b8a29df686deb5d42245

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 01 Aug 2019 20:27:21 GMT
server: ECS (amb/6B90)
age: 441032
etag: "7790-58f14119a5c40+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/javascript
content-length: 9951

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 7 KB
7 KB 392ms
65ms Script
application/javascript 13.224.193.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-85.fra2.r.cloudfront.net
Software: /
Resource Hash: e17857cb74ff8bb8c18929844a2d0ff42bd36dee42113f85a8831ad42ef6eb79

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:26:44 GMT
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
age: 553
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-cf-pop: FRA2-C1
content-length: 7199
x-amz-cf-id: plOoK7Abggc3JipupaTrwQOVd-5imuG9zQyh7nag_R_bIVI7yzXIYw==

GET
H2 200 spacer.gif
secure.avelleassets.com/images/ 43 B
149 B 49ms
48ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/spacer.gif

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BBD) /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
last-modified: Wed, 30 Nov 2005 01:15:09 GMT
server: ECS (amb/6BBD)
age: 350517
etag: "2b-406be1133c140"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 43

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 4212
date: Tue, 06 Jul 2021 11:25:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Tue, 06 Jul 2021 13:25:45 GMT

GET
H2 200 global_sprites.png
secure.avelleassets.com/TNT1930/css/sprites/ 62 KB
62 KB 35ms
34ms Image
image/png 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/TNT1930/css/sprites/global_sprites.png

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B8B) /

Resource Hash

1fa823896b863bc6bf90a0e3b122db129a337a98b16364fd72018549e1184600

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
last-modified: Mon, 03 Jun 2019 21:43:27 GMT
server: ECS (amb/6B8B)
age: 71142
etag: "f748-58a72411eddc0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/png
accept-ranges: bytes
content-length: 63304

GET
H2 200 search_vert.gif
secure.avelleassets.com/images/navigation/mainnav/ 1 KB
1 KB 81ms
80ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/navigation/mainnav/search_vert.gif

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B97) /

Resource Hash

91ddf1744d48128e8279b661f1c36bcae9eed12b542c420ae8de883a6d2002c9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:57 GMT
last-modified: Fri, 10 Jan 2014 02:00:08 GMT
server: ECS (amb/6B97)
age: 9197
etag: "452-4ef9415df5a00"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 1106

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 27ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=663161757&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&dr=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&dp=Sign%20In&ul=en-us&de=UTF-8&dt=Account%20Sign%20In&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1705682196&gjid=1327894297&cid=730589905.1625574958&tid=UA-238171-1&_gid=1116942701.1625574958&_r=1&_slc=1&z=1915158744

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bagborroworsteal.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
94 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-238171-1&cid=730589905.1625574958&jid=1705682196&gjid=1327894297&_gid=1116942701.1625574958&_u=IEBAAEAAAAAAAC~&z=1525881312

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 06 Jul 2021 12:35:57 GMT
content-type: text/plain
access-control-allow-origin: https://www.bagborroworsteal.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 25ms
24ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-238171-1&cid=730589905.1625574958&jid=1705682196&_u=IEBAAEAAAAAAAC~&z=1075542187

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
31ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-238171-1&cid=730589905.1625574958&jid=1705682196&_u=IEBAAEAAAAAAAC~&z=1075542187

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sign_in_pink.gif
secure.avelleassets.com/images/icons/buttons/ 2 KB
2 KB 401ms
400ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/icons/buttons/sign_in_pink.gif

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache/2.4.41 (IUS) /

Resource Hash

3276b3d1db11c0bf2d0115055682512dc39716d2f1dccf07f529ddae440e3317

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:58 GMT
last-modified: Wed, 07 Aug 2019 21:29:43 GMT
server: Apache/2.4.41 (IUS)
etag: "77d-58f8da3b0ffc0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 1917

GET
H2 200 search_arrow.gif
secure.avelleassets.com/images/navigation/mainnav/ 68 B
182 B 21ms
21ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/navigation/mainnav/search_arrow.gif

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B79) /

Resource Hash

1319095e503185318684b65d6a8eda0cf1efb19028b35d3f966c154019df9c69

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:58 GMT
last-modified: Wed, 08 Jan 2014 23:28:21 GMT
server: ECS (amb/6B79)
age: 9198
etag: "44-4ef7dd9362f40"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 68

GET
H2 200 nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
fonts.gstatic.com/s/playfairdisplay/v22/ 28 KB
28 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v22/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Playfair+Display

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c5348e4d76366efc13f2bcb5a5ce138e581e90d570a09d0ec66a8cab4920be6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.bagborroworsteal.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 01:54:51 GMT
x-content-type-options: nosniff
age: 38467
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28568
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 20:30:38 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 01:54:51 GMT

GET
H2 200 accessibility.gif
secure.avelleassets.com/images/icons/ 5 KB
6 KB 20ms
19ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/icons/accessibility.gif

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B90) /

Resource Hash

d61f1e577b16aefc5029d0642694c25da422759e1ba766ca6d675dcc47d02ddc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:58 GMT
last-modified: Fri, 10 Jan 2020 23:14:59 GMT
server: ECS (amb/6B90)
age: 583974
etag: "15bc-59bd14b6602c0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 5564

GET
H2 200 bag-borrow-or-steal-22027217.png
seal-alaskaoregonwesternwashington.bbb.org/logo/rbvtbas/ 2 KB
2 KB 150ms
11ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seal-alaskaoregonwesternwashington.bbb.org/logo/rbvtbas/bag-borrow-or-steal-22027217.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine / ASP.NET
Resource Hash: cec1bbe9694e8380d5d11e528292f347622be1e2fac7064d2dd987aa8ccda177

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:58 GMT
last-modified: Tue, 06 Jul 2021 10:02:40 GMT
server: keycdn-engine
x-aspnet-version: 4.0.30319
x-edge-location: defr
x-powered-by: ASP.NET
x-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-shield: active
content-length: 2073
expires: Tue, 06 Jul 2021 16:35:58 GMT

GET
H2 200 bag-borrow-or-steal-22027217.js Show response
seal-alaskaoregonwesternwashington.bbb.org/logo/ 3 KB
981 B 146ms
11ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://seal-alaskaoregonwesternwashington.bbb.org/logo/bag-borrow-or-steal-22027217.js
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine / ASP.NET
Resource Hash: 716c18fda50474e76ea9e81fd08eb20024fe490ccb77b21b22e513bf8b673d78

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 06 Jul 2021 12:35:58 GMT
content-encoding: gzip
x-edge-location: defr
x-powered-by: ASP.NET
x-cache: HIT
content-length: 659
last-modified: Tue, 08 Dec 2015 18:58:11 GMT
server: keycdn-engine
etag: "80e33162ea31d11:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-shield: active
expires: Tue, 06 Jul 2021 16:35:58 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 37ms
36ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

0f506a0bf099d96a1f34c7c23cb74929b8fa381d4114509f9aef2273f2c852b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17349
x-xss-protection: 0
server: cafe
etag: 3780840205288251298
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 06 Jul 2021 12:35:59 GMT

GET
H/1.1 200
OK blank_for_iframe.html Show response
www.bagborroworsteal.com/ Frame 0863 293 B
619 B 321ms
320ms Document
text/html 162.242.193.45
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bagborroworsteal.com/blank_for_iframe.html

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.242.193.45 , United States, ASN27357 (RACKSPACE, US),

Reverse DNS

Software

Apache/2.4.41 (IUS) /

Resource Hash

56f9b2160d7519c225d7455901a249f231349ee1ab51ba38377370f098d9f46d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.bagborroworsteal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: JSESSIONID=C21D20E1A7BB21ABA45CD51EFFC22FDF.workerA; UBID=""; SESSION=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263; adTrackId=null; destination="/sell/configInfo?sc_src=email_7092609&sc_lid=423011471&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438"; _ga=GA1.2.730589905.1625574958; _gid=GA1.2.1116942701.1625574958; _gat=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Response headers

Date: Tue, 06 Jul 2021 12:35:59 GMT
Server: Apache/2.4.41 (IUS)
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 30 May 2014 19:30:53 GMT
ETag: "125-4faa3156e3540"
Accept-Ranges: bytes
Content-Length: 293
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 / Show response
www.googleadservices.com/pagead/conversion/1070221345/ 2 KB
1 KB 191ms
33ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1070221345/?random=1625574959405&cv=9&fst=1625574959405&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

baa5afda6f7c238f16e30a892ae57b5ef1e29b82ccbbecfa061d03236a8a4adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1179
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/972814219/ 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/972814219/?random=1625574959413&cv=9&fst=1625574959405&num=2&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&data=ecomm_prodid%3D%3Becomm_pagetype%3DsigninInput%3Becomm_totalvalue%3D&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f1aff88c6dbc135447a8856387033e95a321b5e87b8dbc78602d822de252e82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1098
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tags.js Show response
imgs.signifyd.com/fp/ 80 KB
11 KB 346ms
57ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&pageid=2

Requested by

Host: cdn-scripts.signifyd.com
URL: https://cdn-scripts.signifyd.com/api/script-tag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

bf9fa34831524ebf092e894425daadf0f2c08d1f2cbc01bd95294b5c3fec5d90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 iGlobalIp.js Show response
iprecon.iglobalstores.com/ 18 B
440 B 40ms
8ms Script
text/javascript 2600:9000:2156:bc00:0:43cc:80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://iprecon.iglobalstores.com/iGlobalIp.js?p=igcCallback&_1625574959427=
Requested by: Host: secure.avelleassets.com
URL: https://secure.avelleassets.com/TNT1930/js_dev/ig_welcome_mat_bagborrowsteal.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:bc00:0:43cc:80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4406332ec7167767030f8f3f0561af1bc97ce03b13b86370736f1654e742c09b

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:20:44 GMT
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
age: 915
x-amzn-requestid: 7f3c9ac3-0434-458c-bbcb-8f07879500b6
x-cache: Hit from cloudfront
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
x-amzn-trace-id: Root=1-60e44a9c-70bcb4216518ca05735f3c5f;Sampled=0
x-amz-cf-pop: FRA50-C1
access-control-allow-credentials: true
x-amz-apigw-id: CDCYcEodIAMFyfw=
content-length: 18
x-amz-cf-id: nU1kZGvrdELX3nZYiD6vHUhDE-au3RU3eytvNywNDkjkiTRFXdhQsQ==

GET
H/1.1 200
OK close-square.png
d1vyngmisxigjx.cloudfront.net/images/ 1 KB
2 KB 87ms
33ms Image
image/png 13.225.87.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/close-square.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-124.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: c4a749be78ebdf7a12353556c362cd7a5b63fdfdb0b65306e8968576ed1ffe87

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 08:44:57 GMT
Via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:47 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 13862
ETag: "554-59d396f2cb8e5"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
Content-Length: 1364
X-Amz-Cf-Id: ZPJadcNLf2F59aXGvJLueMzkx8X3QE5KzjW9fr1wY233r3JcSfoZWQ==

GET
H/1.1 200
OK bagborroworsteel.png
checkout.iglobalstores.com/images/ 11 KB
12 KB 742ms
146ms Image
image/png 54.235.98.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://checkout.iglobalstores.com/images/bagborroworsteel.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.235.98.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 65dafcdaae3b766bb4cf47d6ff72f49eeda9af3363a7efae97d48ef76cc22d01

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:36:00 GMT
Last-Modified: Tue, 28 Jan 2020 20:54:08 GMT
Server: Apache/2.4.29 (Ubuntu)
ETag: "2d3b-59d396cd56bb4"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11579

GET
H/1.1 200
OK US.png
d1vyngmisxigjx.cloudfront.net/images/flags/96x64/ 3 KB
4 KB 318ms
266ms Image
image/png 13.225.87.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/flags/96x64/US.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-124.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 58cdce9d9fa5d1b29625c051c2976d9914d2ddb70fdc6c83bc5c543816453720

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:15:24 GMT
Via: 1.1 182ef5a8d12abb5df1553676864737b1.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:48 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 1235
ETag: "d23-59d396f3ce581"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
Content-Length: 3363
X-Amz-Cf-Id: 1QZ9kxQkO8K4k4tDSGl6IHN2Cxou5N0ejfv4Z1E1xLuf1pONVi9_3A==

GET
H/1.1 200
OK payment-methods-icon.png
d1vyngmisxigjx.cloudfront.net/images/ 4 KB
4 KB 1448ms
1365ms Image
image/png 13.225.87.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/payment-methods-icon.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-124.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: de6198ebfb4c6f439366c804fa711983cfcbb0c694432d2e5fb1f8e541ecd804

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:36:00 GMT
Via: 1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:46 GMT
Server: Apache/2.4.29 (Ubuntu)
X-Amz-Cf-Pop: FRA2-C2
ETag: "fc4-59d396f228788"
X-Cache: Miss from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4036
X-Amz-Cf-Id: TycWlNGFQL2b9qWExw2Gfnk63EnRB6dMnMQkVHN_7J76Hzun8X0Tfg==

GET
H/1.1 200
OK prepay-duty-tax-icon.png
d1vyngmisxigjx.cloudfront.net/images/ 2 KB
3 KB 370ms
51ms Image
image/png 13.225.87.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/prepay-duty-tax-icon.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-124.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 7446767437b0174b01820e3eb0d2202fa8e67f1753296ab5c97c21bc2dd20147

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:01:36 GMT
Via: 1.1 182ef5a8d12abb5df1553676864737b1.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:50 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 2063
ETag: "9a5-59d396f5e57f7"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
Content-Length: 2469
X-Amz-Cf-Id: lbS3TFMnzstiXUa0fksaTTMd7xYozn5_ODHp6FU_WxYFdD7jMrOh_w==

GET
H/1.1 200
OK shipping-icon.png
d1vyngmisxigjx.cloudfront.net/images/ 4 KB
5 KB 363ms
34ms Image
image/png 13.225.87.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/shipping-icon.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-124.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 4389239d90f66985ca942fc833a14f1f2269581a37b804843846954e056f8036

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:01:36 GMT
Via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:50 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 2063
ETag: "1133-59d396f5c7398"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
Content-Length: 4403
X-Amz-Cf-Id: 0bgPnLuFbnlv-k2V8oe7vxjfIOhkXyxiIga012AXfXn1QHjaFB0uvw==

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/972814219/ 42 B
64 B 37ms
35ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/972814219/?random=1625574959413&cv=9&fst=1625572800000&num=2&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_prodid%3D%3Becomm_pagetype%3DsigninInput%3Becomm_totalvalue%3D&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&fmt=3&is_vtc=1&random=2086865783&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/972814219/ 42 B
64 B 39ms
24ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/972814219/?random=1625574959413&cv=9&fst=1625572800000&num=2&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_prodid%3D%3Becomm_pagetype%3DsigninInput%3Becomm_totalvalue%3D&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&fmt=3&is_vtc=1&random=2086865783&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK DE.png
d1vyngmisxigjx.cloudfront.net/images/flags/96x64/ 1 KB
2 KB 711ms
411ms Image
image/png 13.225.87.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/flags/96x64/DE.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-124.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a02b3ffbb8805d295bb9ef2b5676ac97189736203b6779ab848ceb7b9008e67c

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:36:00 GMT
Via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:48 GMT
Server: Apache/2.4.29 (Ubuntu)
X-Amz-Cf-Pop: FRA2-C2
ETag: "592-59d396f3a7481"
X-Cache: Miss from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1426
X-Amz-Cf-Id: 7eJ--z3PaEz2LauETxg4pnkyhaCIz2ROD7p3LkBKfHouN9YmLoCIHg==

GET
H3-29

200

/
www.google.de/pagead/1p-user-list/1070221345/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070221345/?random=1182059726&cv=9&fst=1625574959405&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&resp=GooglemKTy...
https://www.google.com/pagead/1p-user-list/1070221345/?random=1182059726&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah...
https://www.google.de/pagead/1p-user-list/1070221345/?random=1182059726&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=...

42 B
64 B

25ms
25ms

Image
image/gif

2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1070221345/?random=1182059726&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=147963084&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:59 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/1070221345/?random=1182059726&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2FsigninInput%3FproductId%3D0%26size%3D%26rentalTermId%3D%26destination%3D&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=Account%20Sign%20In&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=147963084&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK check.js;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5 Show response
imgs.signifyd.com/fp/ Frame 6AE1 219 KB
36 KB 57ms
56ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/check.js;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&jb=333524246a736f75354c69667d70266a716f354c696c7770266a71623f4360706d6f672732323a3b

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&pageid=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

d00fd4dc5f8ae337d1c0f0ca3d571594ef6f2ebfa649a0eaa7635c2d537e3f24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: cf8542454a636a8f
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
imgs.signifyd.com/fp/ Frame 6AE1 81 B
475 B 238ms
237ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
imgs.signifyd.com/fp/ Frame 6AE1 81 B
475 B 55ms
18ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&ck=0&m=1

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/signinInput?productId=0&size=&rentalTermId=&destination=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame 6AE1 81 B
540 B 364ms
55ms XHR
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/fp/check.js;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&jb=333524246a736f75354c69667d70266a716f354c696c7770266a71623f4360706d6f672732323a3b

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, w2txo5aa/cf8542454a636a8f0f36aeae-1e99-4e6a-aec2-1dc0f59b7263
Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:36:01 GMT
Last-Modified: Tue, 06 Jul 2021 12:36:01 GMT
Server: Apache
Etag: 72c772e967214e56bc563086657ad71c
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://www.bagborroworsteal.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Sun, 05 Jul 2026 12:36:01 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5 Show response
imgs.signifyd.com/fp/ Frame 44D7 82 KB
13 KB 21ms
21ms Document
text/html 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/ls_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

67b105a4d1caa304945662048dee2026b5894bbc5ad033910b143ee8cc4729a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: imgs.signifyd.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: thx_guid=ed7b638c9dca4f05a71651f4935eaf44
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:36:01 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 200
OK sid_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5 Show response
h.online-metrix.net/fp/ Frame 5E6C 95 KB
14 KB 299ms
20ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

51dc2072a2dad35b94f57d14e23c6b161a8da9738b3f2a7a72459b2c32a1c36e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: h.online-metrix.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:36:01 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 6AE1 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5 Show response
imgs.signifyd.com/fp/ Frame 2071 82 KB
13 KB 250ms
231ms Document
text/html 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/top_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

a977b5b06664a44fbfe6a7b06c47b8a323386502e4c6bb12c5cf620fd8932060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: imgs.signifyd.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: thx_guid=ed7b638c9dca4f05a71651f4935eaf44
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:36:01 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
imgs.signifyd.com/fp/ Frame 6AE1 0
218 B 21ms
19ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&ja=3731332426633d3638267a353e3826663f313e30307a333a30302461643d393432327a33323232247378793d3878302e6c78723d332c393630322e393230322c333638322e333032302e333430302c313a303024393e30302e313a30302e322430267163663d3a36246e6a3f68767672732533412d32462d3a4e7777752e6a6167606d7a726f756f70737c67636e2c616f6f27304673696766696e416678757427334e70726d667d63744b6427334c322730347169786727334425323e7265667c696c54677265496427314c2532346467737c6b6c63766b6f6c2731442664723568747c787b253343253a462530447e69736b742c626965606d70706f756d7073746561642e6367652d32462468603d63303a3f3738663334653c3a33603061323b6134303335386934616a6e693061246a7b6f3d4e6b667578246a716235416a706d6f652730323839266a7b6f753544616e757a266668633f333e266e666d3f382e7678663f4775706d72652532464a6572646166266d637460723d3632383364336330626d613230673463613734303038326964313d3d3c303164643c35383a333c3164346563613a3666613b3661646066373233313b31393e692e703d726c7d67696c5d6e6c6171685c66696e716723726c77656b6e5f776966646f7f7b576d656669695f706e637165725c66636c7b6723726e77676b6c5d61646f626d5f616b7a676261765e6e616c716729706c77676b6e5773776b6169746b6f675e66616c7b652178647d67696c5f7b686f61697f6176675e646164716723726e75656b6c5f72656164706c69716d725e646164736523726475676b6e5d7664615d726e637967705c66616c736d2170647d6f696e5d646d76616e747a5e66636c716529726e77656b6e5d7174675f76696d77657a566e616c716529706c7765616e5f686174615664636e716726677a313d6338346e34376c3f3e396360333f613336613a306530643b316e6435313a3630616335303561346b26636b6c3533&jb=313731246c713d4d677a696464692532443526302530322057696c646d777b2730324c5625303233302e30253b42253a385f696e34342d3342273038783636292732384372726e6757676049697425324e35333f263b36253030204b48564f44253241253030646b69672730304567616b6f29253a3043607a676d6527324e38392c322634333a392c373a27303251636663706b253246353b372e3b3e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:36:01 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
w2txo5aajo4lob4uetgrdp5gt24kgz4f4zgse7ghcf8542454a636a8fam1.e.aa.online-metrix.net/fp/ Frame 6AE1 81 B
438 B 80ms
19ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aajo4lob4uetgrdp5gt24kgz4f4zgse7ghcf8542454a636a8fam1.e.aa.online-metrix.net/fp/clear.png?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5
imgs.signifyd.com/fp/ Frame 6AE1 0
401 B 51ms
21ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/fp/clear1.png;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&jf=343336247369645f7a6e64357c6c725f457149374b67454738746e7041435c4b24716b665f666376653d31363a35353f3c313631247361645f767b78653d7565603a6d6166716324736b665d6b65793d3b3035313b3831333236383732633a3e343861653164383032333234303a3063383634386b65336c383b303132373833343032383034353933336c3133353a3136363666653865623e62323b6a6e303034633e303535643a3162673464353d673433373536646431313833396b62366d6e6a306460623834336636383364353563383c3a6635606036373533653630303c65646b6a3d3439353731656663646c30333a6132633e603b61673138336063333664343a32267b616c5f736b673533303636383232323036613f6034616134393a6166393461303e66666e3d6a62343a623037363b31316538613761656e676466333735676463386236336a6531393f3c633937323e303230323e6339603231656933373b6637613b373b373561303d32326a6d3f353564323e31616437386636343631326c643133613239636060643537326b3033303838642671696e723d32

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=676E3B6F64A78C330AE93EC180B4FFC4
h.online-metrix.net/fp/ Frame 5E6C 0
400 B 21ms
20ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=676E3B6F64A78C330AE93EC180B4FFC4?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&jf=343336247369645f7a6e64357c6c725f4b783144676a776e586c71544c6c614624716b665f666376653d31363a35353f3c313631247361645f767b78653d7565603a6d6166716324736b665d6b65793d3b3035313b3831333236383732633a3e343861653164383032333234303a3063383634386b65336c383b303132373833343032383034636137363a353a66333363353461393462393a63643969306430353331636264673961353b62336339306761333a39363630353231663a3539696b3a636464633b6531313b6b37343564636530326061643162673161336438633e36316d393c643130653d303231616b316660373a323b3132303b3763316634306263313c34267b616c5f736b673533303636383232323163393d3a67636632323b3b37363665363863303d6c6c313361356c653161346b6565356264396c3a37603b6331643437633236616b30363a3b39373831366c303230323b3836366634303a3132303661633a6463353137653866363e3c38363233333d613037333d6534326135363f6361373b3033363a6031656535693062306c3c392671696e723d33

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=AEE56048EDB1FE81F5B0025B815744E5?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
imgs.signifyd.com/fp/ Frame 6AE1 0
387 B 241ms
241ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=0f36aeae-1e99-4e6a-aec2-1dc0f59b7263&nonce=cf8542454a636a8f&jac=1&je=31353424267765627a7463576d707465706e696c5f6b723538322c31323226333b2c33313624756b6d3d77656a72746b57616e74677266616c5d6f6c6e7324706f3d7167712460637471763f7b226c657e656c2a32392e30322c2a737463767d7322382261686970656b6c65227f24637564683d6b65666a696d34373a363f376632306e6262663935333e3335343b306460663b633634353862663d3e3c313634396d626564333d3935636235343d6330333335

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:36:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.bagborroworsteal.com/	1970-01-19 19:42:59	Name: igSplash Value: igSplash
.www.bagborroworsteal.com/	1970-01-20 04:18:30	Name: igCountry Value: DE
.bagborroworsteal.com/	1970-01-19 19:34:21	Name: _gid Value: GA1.2.1116942701.1625574958
.bagborroworsteal.com/	1970-01-20 13:04:06	Name: _ga Value: GA1.2.730589905.1625574958
www.bagborroworsteal.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: C21D20E1A7BB21ABA45CD51EFFC22FDF.workerA
.bagborroworsteal.com/	1969-12-31 23:59:59	Name: destination Value: "/sell/configInfo?sc_src=email_7092609&sc_lid=423011471&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438"
.bagborroworsteal.com/	1969-12-31 23:59:59	Name: adTrackId Value: null
.bagborroworsteal.com/	1970-01-30 18:20:54	Name: UBID Value: ""
.bagborroworsteal.com/	1970-01-19 19:32:55	Name: _gat Value: 1
.bagborroworsteal.com/	1969-12-31 23:59:59	Name: SESSION Value: 0f36aeae-1e99-4e6a-aec2-1dc0f59b7263

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-scripts.signifyd.com
checkout.iglobalstores.com
d1vyngmisxigjx.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
googleads.g.doubleclick.net
h.online-metrix.net
imgs.signifyd.com
iprecon.iglobalstores.com
seal-alaskaoregonwesternwashington.bbb.org
secure.avelleassets.com
stats.g.doubleclick.net
visit.bagborroworsteal.com
w2txo5aajo4lob4uetgrdp5gt24kgz4f4zgse7ghcf8542454a636a8fam1.e.aa.online-metrix.net
www.bagborroworsteal.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
13.224.193.85
13.225.87.124
162.242.193.45
172.217.16.130
185.32.241.65
217.175.192.21
2600:9000:2156:bc00:0:43cc:80:93a1
2a00:1450:4001:803::2003
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82f::200a
2a00:1450:400c:c08::9d
2a0b:4d07:101::1
54.235.98.195
91.235.132.130
91.235.134.131
93.184.220.20
01708dc7992dc288a868c11571d919e7d474d4936cac11735c2f7d363f3d2d6f
0f506a0bf099d96a1f34c7c23cb74929b8fa381d4114509f9aef2273f2c852b3
1319095e503185318684b65d6a8eda0cf1efb19028b35d3f966c154019df9c69
1fa823896b863bc6bf90a0e3b122db129a337a98b16364fd72018549e1184600
3276b3d1db11c0bf2d0115055682512dc39716d2f1dccf07f529ddae440e3317
4389239d90f66985ca942fc833a14f1f2269581a37b804843846954e056f8036
4406332ec7167767030f8f3f0561af1bc97ce03b13b86370736f1654e742c09b
4f1aff88c6dbc135447a8856387033e95a321b5e87b8dbc78602d822de252e82
51dc2072a2dad35b94f57d14e23c6b161a8da9738b3f2a7a72459b2c32a1c36e
56f9b2160d7519c225d7455901a249f231349ee1ab51ba38377370f098d9f46d
58cdce9d9fa5d1b29625c051c2976d9914d2ddb70fdc6c83bc5c543816453720
63302d1db7161aa5add476568458cccf5d85ed30a615b8a29df686deb5d42245
65dafcdaae3b766bb4cf47d6ff72f49eeda9af3363a7efae97d48ef76cc22d01
67b105a4d1caa304945662048dee2026b5894bbc5ad033910b143ee8cc4729a5
716c18fda50474e76ea9e81fd08eb20024fe490ccb77b21b22e513bf8b673d78
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7446767437b0174b01820e3eb0d2202fa8e67f1753296ab5c97c21bc2dd20147
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87755777f5ef22d9f1963138aec8eff9577c8d6c4dacfbc208ff4842194999fa
8e698be6783795b6473d3179d5f78fff218d72d02cc39ab15090398338309593
91ddf1744d48128e8279b661f1c36bcae9eed12b542c420ae8de883a6d2002c9
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9c5348e4d76366efc13f2bcb5a5ce138e581e90d570a09d0ec66a8cab4920be6
9d83121a5242fd08642d5791a2c7536b9f20291498977184992a6a1db5808f05
a02b3ffbb8805d295bb9ef2b5676ac97189736203b6779ab848ceb7b9008e67c
a977b5b06664a44fbfe6a7b06c47b8a323386502e4c6bb12c5cf620fd8932060
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
baa5afda6f7c238f16e30a892ae57b5ef1e29b82ccbbecfa061d03236a8a4adf
bf9fa34831524ebf092e894425daadf0f2c08d1f2cbc01bd95294b5c3fec5d90
c4a749be78ebdf7a12353556c362cd7a5b63fdfdb0b65306e8968576ed1ffe87
cec1bbe9694e8380d5d11e528292f347622be1e2fac7064d2dd987aa8ccda177
d00fd4dc5f8ae337d1c0f0ca3d571594ef6f2ebfa649a0eaa7635c2d537e3f24
d61f1e577b16aefc5029d0642694c25da422759e1ba766ca6d675dcc47d02ddc
de6198ebfb4c6f439366c804fa711983cfcbb0c694432d2e5fb1f8e541ecd804
df095f2eeccde5bd77d3d845d3c1a077d9f72f2c757d7a77bd2ef540af9c234f
e17857cb74ff8bb8c18929844a2d0ff42bd36dee42113f85a8831ad42ef6eb79
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fccc573456ac877ef776ec803e6a52cf657bca305487f286efc94a83a8cbc3b1

www.bagborroworsteal.com Open in urlscan Pro 162.242.193.45 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

51 Requests

98 %HTTPS

52 %IPv6

15 Domains

20 Subdomains

22 IPs

6 Countries

361 kBTransfer

1008 kBSize

10 Cookies

5 Outgoing links

Page URL History

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bagborroworsteal.com Open in urlscan Pro
162.242.193.45 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

98 %
HTTPS

52 %
IPv6

15
Domains

20
Subdomains

22
IPs

6
Countries

361 kB
Transfer

1008 kB
Size

10
Cookies

51 HTTP transactions
0 data transactions