urlscan.io logo urlscan.io
SecurityTrails logo

ws.fraudlogix.com Open in urlscan Pro
64.187.102.169  Public Scan

Go To Rescan Add Verdict Report
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Submission: On September 23 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 5 countries across 21 domains to perform 26 HTTP transactions. The main IP is 64.187.102.169, located in Fort Lauderdale, United States and belongs to INFOLINK-MIA-US - Infolink Global Corporation, US. The main domain is ws.fraudlogix.com.
This is the only time ws.fraudlogix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 64.187.102.169 15083 (INFOLINK-...)
1 2a00:1450:400... 15169 (GOOGLE)
2 209.128.119.143 7151 (BAYAREA-AS)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
1 2.16.186.48 20940 (AKAMAI-ASN1)
3 5 54.217.233.61 16509 (AMAZON-02)
1 2.18.233.40 16625 (AKAMAI-AS)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2 35.157.38.246 16509 (AMAZON-02)
1 2 2.18.234.21 16625 (AKAMAI-AS)
11 12 54.247.110.64 16509 (AMAZON-02)
1 69.173.144.165 26667 (RUBICONPR...)
2 151.101.134.2 54113 (FASTLY)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 2 52.57.86.113 16509 (AMAZON-02)
1 2a00:1288:110... 34010 (YAHOO-IRD)
1 2 18.153.11.20 16509 (AMAZON-02)
1 185.33.223.83 29990 (ASN-APPNEXUS)
2 2 34.203.81.73 14618 (AMAZON-AES)
1 107.178.254.65 15169 (GOOGLE)
1 2 173.241.240.143 36089 (OPENX-AS1)
2 2 172.217.23.130 15169 (GOOGLE)
1 2a03:2880:f12... 32934 (FACEBOOK)
26 21
1    64.187.102.169 (Fort Lauderdale, United States)

ASN15083 (INFOLINK-MIA-US - Infolink Global Corporation, US)
ws.fraudlogix.com
1    2a00:1450:4001:817::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
docs.google.com
2    209.128.119.143 (Tampa, United States)

ASN7151 (BAYAREA-AS - vXchnge Operating, LLC, US)
PTR: 209-128-119-143.bayarea.net
stats.visistat.com
sniff.visistat.com
2    2400:cb00:2048:1::6814:200e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
flx99.lporirxe.com
1    2.16.186.48 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-48.deploy.static.akamaitechnologies.com
a.adroll.com
5    54.217.233.61 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-217-233-61.eu-west-1.compute.amazonaws.com
d.adroll.com
1    2.18.233.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com
s.adroll.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
2    35.157.38.246 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-38-246.eu-central-1.compute.amazonaws.com
pixel.advertising.com
2    2.18.234.21 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
12    54.247.110.64 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-247-110-64.eu-west-1.compute.amazonaws.com
d.adroll.com
1    69.173.144.165 (Smithfield, United States)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
pixel.rubiconproject.com
2    151.101.134.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
sync.outbrain.com
trc.taboola.com
1    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)
simage2.pubmatic.com
2    52.57.86.113 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-57-86-113.eu-central-1.compute.amazonaws.com
eb2.3lift.com
1    2a00:1288:110:833::4000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
ads.yahoo.com
2    18.153.11.20 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-20.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    185.33.223.83 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
ib.adnxs.com
2    34.203.81.73 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-203-81-73.compute-1.amazonaws.com
idsync.rlcdn.com
1    107.178.254.65 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
2    173.241.240.143 (New York, United States)

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org
us-u.openx.net
2    172.217.23.130 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s18-in-f2.1e100.net
cm.g.doubleclick.net
1    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
Domain Requested by
17 d.adroll.com 14 redirects a.adroll.com
2 cm.g.doubleclick.net 2 redirects
2 us-u.openx.net 1 redirects
2 idsync.rlcdn.com 2 redirects
2 x.bidswitch.net 1 redirects
2 eb2.3lift.com 1 redirects
2 dsum-sec.casalemedia.com 1 redirects
2 pixel.advertising.com 1 redirects
2 connect.facebook.net connect.facebook.net
2 flx99.lporirxe.com ws.fraudlogix.com
1 www.facebook.com
1 pippio.com
1 ib.adnxs.com
1 ads.yahoo.com
1 trc.taboola.com
1 simage2.pubmatic.com
1 sync.outbrain.com
1 pixel.rubiconproject.com
1 s.adroll.com
1 a.adroll.com ws.fraudlogix.com
1 sniff.visistat.com ws.fraudlogix.com
1 stats.visistat.com ws.fraudlogix.com
1 docs.google.com ws.fraudlogix.com
1 ws.fraudlogix.com
26 24

This site contains no links.

Subject Issuer Validity Valid
*.google.com
Google Internet Authority G3		 2018-08-28 -
2018-11-20		 3 months crt.sh
*.adroll.com
Amazon		 2018-01-10 -
2019-02-10		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA		 2017-06-14 -
2020-06-18		 3 years crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2018-04-16 -
2019-02-06		 10 months crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2016-01-12 -
2019-03-01		 3 years crt.sh
f2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2018-09-06 -
2019-09-07		 a year crt.sh
*.pubmatic.com
COMODO RSA Organization Validation Secure Server CA		 2016-04-12 -
2019-05-27		 3 years crt.sh
*.3lift.com
Amazon		 2018-07-31 -
2019-08-31		 a year crt.sh
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2018-07-05 -
2019-01-10		 6 months crt.sh
*.bidswitch.net
COMODO RSA Domain Validation Secure Server CA		 2018-03-22 -
2019-05-05		 a year crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2018-01-25 -
2019-01-25		 a year crt.sh
pippio.com
COMODO RSA Domain Validation Secure Server CA		 2017-10-23 -
2020-11-15		 3 years crt.sh
*.openx.net
DigiCert ECC Secure Server CA		 2018-04-03 -
2019-04-08		 a year crt.sh

This page contains 2 frames:

Primary Page: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Frame ID: 86A00DC38F9205BD050FE011BFC11126
Requests: 25 HTTP requests in this frame

Frame: https://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
Frame ID: 6DBB03FA91E52BF2FA54EDC7E7A042B8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
  • env /^adroll_/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Page Statistics

26
Requests

77 %
HTTPS

22 %
IPv6

21
Domains

24
Subdomains

21
IPs

5
Countries

70 kB
Transfer

192 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true HTTP 307
  • https://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
Request Chain 7
  • https://d.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA?pv=50214101020.5599&cookie=&adroll_s_ref=&keyw=&arrfrr=http%3A%2F%2Fws.fraudlogix.com%2Fpdfs%2Fthreat_feed_sample.html HTTP 302
  • https://s.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA/2POQ3ORU3JBE3I56PPARBJ.js
Request Chain 8
  • http://connect.facebook.net/en_US/fbevents.js HTTP 307
  • https://connect.facebook.net/en_US/fbevents.js
Request Chain 10
  • https://d.adroll.com/cm/aol/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
Request Chain 11
  • https://d.adroll.com/cm/index/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expiration=1569269283 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expiration=1569269283&C=1
Request Chain 12
  • https://d.adroll.com/cm/n/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expires=365
Request Chain 13
  • https://d.adroll.com/cm/outbrain/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://sync.outbrain.com/adroll/pixel?user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Request Chain 14
  • https://d.adroll.com/cm/pubmatic/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Request Chain 15
  • https://d.adroll.com/cm/taboola/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Request Chain 16
  • https://d.adroll.com/cm/triplelift/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://eb2.3lift.com/xuid?mid=4714&xuid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&dongle=c85e HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&dongle=c85e&gdpr=1&cmp_cs=
Request Chain 17
  • https://d.adroll.com/cm/r/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 18
  • https://d.adroll.com/cm/b/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Request Chain 19
  • https://d.adroll.com/cm/x/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q%27)
Request Chain 20
  • https://d.adroll.com/cm/l/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://idsync.rlcdn.com/377928.gif?partner_uid=d35903ca7a56123dee503ed4d233097d HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2QQABoNCKTln90FEgUI6AcQAA HTTP 307
  • https://pippio.com/api/sync?pid=5324&_=2
Request Chain 21
  • https://d.adroll.com/cm/o/out?advertisable=TPUHTO67ZVE5LPVBON4QAV HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=d35903ca7a56123dee503ed4d233097d HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d35903ca7a56123dee503ed4d233097d
Request Chain 22
  • https://d.adroll.com/cm/g/out?advertisable=TPUHTO67ZVE5LPVBON4QAV&google_nid=adroll2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=01kDynpWEj3uUD7U0jMJfQ&google_ula=1535926 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=01kDynpWEj3uUD7U0jMJfQ&google_ula=1535926&google_tc= HTTP 302
  • https://d.adroll.com/cm/g/in?google_ula=1535926,0

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request threat_feed_sample.html
ws.fraudlogix.com/pdfs/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
HTTP/1.1
Server
64.187.102.169 Fort Lauderdale, United States, ASN15083 (INFOLINK-MIA-US - Infolink Global Corporation, US),
Reverse DNS
Software
Apache/2.2.3 (CentOS) /
Resource Hash
4ee3353d9559a3ccbde5695c79a2d4d10e733da3eb4163f3f013b5ce29947792

Request headers

Host
ws.fraudlogix.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 23 Sep 2018 20:15:48 GMT
Server
Apache/2.2.3 (CentOS)
Last-Modified
Wed, 05 Sep 2018 20:28:15 GMT
ETag
"3680d3-e76-575259d3095c0"
Accept-Ranges
bytes
Content-Length
3702
Connection
close
Content-Type
text/html; charset=UTF-8
viewer
docs.google.com/ Frame 6DBB
Redirect Chain
  • http://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
  • https://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
Requested by
Host: ws.fraudlogix.com
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
docs.google.com
:scheme
https
:path
/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sun, 23 Sep 2018 20:08:02 GMT
content-encoding
gzip
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy-report-only
script-src 'report-sample' 'nonce-4/m2Z+w6Fme677/ouXpEchhjLIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options
nosniff
x-xss-protection
1; mode=block
server
GSE
set-cookie
NID=139=NDwWz91q0hXfxkU_heaLtmyydBQg4AkVnrvG0wI3fwZolCN4jwu2yfQdaaZ7KIUZ7te262mZqMsZ1BLsZmrOas8-J3hFIVLmpzpSCS1rPORkU_5M9zk70TDQrZ0hKOiE;Domain=.google.com;Path=/;Expires=Mon, 25-Mar-2019 20:08:02 GMT;HttpOnly
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

Location
https://docs.google.com/viewer?url=http://www.fraudlogix.com/pdfs/Threat_Feed_Sample.pdf&embedded=true
Non-Authoritative-Reason
HSTS
live.js
stats.visistat.com/ 		1 KB
983 B 		Script
General
Check archive.org
Download Go to
Full URL
http://stats.visistat.com/live.js
Requested by
Host: ws.fraudlogix.com
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
HTTP/1.1
Server
209.128.119.143 Tampa, United States, ASN7151 (BAYAREA-AS - vXchnge Operating, LLC, US),
Reverse DNS
209-128-119-143.bayarea.net
Software
Apache/2.2.3 (CentOS) /
Resource Hash
a845955307f3071603d4fb128ea3f411465c36a8be5fa2bbd025b413e643b304

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sun, 23 Sep 2018 20:08:00 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jan 2018 18:34:52 GMT
Server
Apache/2.2.3 (CentOS)
ETag
"2230103-57f-56325560a2b00"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
close
Accept-Ranges
bytes
Content-Length
666
index.php
sniff.visistat.com/ 		95 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sniff.visistat.com/index.php?DID=85743&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=Fraudlogix%20Affiliate%20Fraud%20Info&Hst=ws.fraudlogix.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fpdfs%2Fthreat_feed_sample.html&Reff=&FullPage=http%3A%2F%2Fws.fraudlogix.com%2Fpdfs%2Fthreat_feed_sample.html&PMCD=http%3A%2F%2Fws.fraudlogix.com%2Fpdfs%2Fthreat_feed_sample.html&r=0.8814351450671771
Requested by
Host: ws.fraudlogix.com
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
HTTP/1.1
Server
209.128.119.143 Tampa, United States, ASN7151 (BAYAREA-AS - vXchnge Operating, LLC, US),
Reverse DNS
209-128-119-143.bayarea.net
Software
Apache/2.2.3 (CentOS) / PHP/5.1.6
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 23 Sep 2018 20:08:00 GMT
Content-Encoding
gzip
Server
Apache/2.2.3 (CentOS)
X-Powered-By
PHP/5.1.6
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Content-Type
IMAGE/PNG
Content-Length
102
ncvp.js
flx99.lporirxe.com/flp/ 		14 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://flx99.lporirxe.com/flp/ncvp.js?c=99&i=1537733281
Requested by
Host: ws.fraudlogix.com
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6814:200e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
791f2b038331fbed89c1a0702368e60251bc23c3539dc9fa5b2f296f58b3f66a

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sun, 23 Sep 2018 20:08:00 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Wed, 12 Sep 2018 13:22:37 GMT
Server
cloudflare
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
45efa40be3649718-FRA
Content-Length
11218
Expires
Mon, 24 Sep 2018 20:08:00 GMT
flprocv1_56.php
flx99.lporirxe.com/flp/ 		0
174 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://flx99.lporirxe.com/flp/flprocv1_56.php?1=f5.0.8&2=c08d7261c001d782&3=99&4=789&5=http%3A//ws.fraudlogix.com/pdfs/threat_feed_sample.html&6=44e5db4a14ad072c&7=483630615478334d6372496f7067515832425472&8=b3acf2f18f9e3ad236e706b704dba1b568d09fdc29a05dcfca251bae4b2508c92d1d0be21c3927a3e658995392846410bb60408a380883e0&9=&10=&15=1&11=e0f537c224c6dfcd&12=undefined&13=&17=8452728d72c6eaec&18=&19=c9338608a62394b8&21=&WPr4y=eb1caf5ac64515614655ec4128428e2e&14f5fl=b32d0ea9546c82fccbe6ed11b2f29889e28ba8deb48ac98ecb868317eac915aceb7afcb6f66e5bed8e00f8a5e051e1b4a2906b0a763ded95c7e9c62b5636b581e28515d37afb02f573f87bd8bcbf3b270d23ee08dbd50468b35853dfcabd5b2b18b67ce8360c3bed602e1f3bc27f81bf9ff9a9d080be035e164a257d382ff6ac30a40ddaaba2a39ce1c4be41a7c2bb9c049802a848720c85a2906b0a763ded95d370a39388aa7913331e13ea11e3f5e3425d23812f282ebd1cbacebb40d36a091fbdf8d0d73c2860a4521166675397872c7caa22987c3fc6c7b121751339a7d3063a33b5e310ee17dab0b03d57904d09a2906b0a763ded95068627b73fd7f183fd1effaccb60082b51ae202cef94207b1b2938c6737361daa2906b0a763ded954e2f0f381e6575fd998af3e1f8218e59f524bb94afce34e4bd9d8e8e904816c636f2a6e472380efef524bb94afce34e4429663de31f3f75fa2906b0a763ded95ae334209d21e8de36c81048f9d9bc2c7f524bb94afce34e44f712bfa92af3f4e51ae202cef94207b670960fc4a810ff1baedd44ce91806ca01fb7efd825591ee8af81965d82aed74&spfp=1&spfnp=0&sp1=&sp2=
Requested by
Host: ws.fraudlogix.com
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6814:200e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 23 Sep 2018 20:08:01 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
45efa40ea46b9718-FRA
Content-Length
0
Content-Type
image/gif
roundtrip.js
a.adroll.com/j/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://a.adroll.com/j/roundtrip.js
Requested by
Host: ws.fraudlogix.com
URL: http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
Protocol
HTTP/1.1
Server
2.16.186.48 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-48.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8586c89f5ff37a464df366ad65874b6ede5898f94219ee381b67023b5269d99a

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
x-amz-version-id
a5Vr_6GKPFZd3j7Kwg.dAbRnPEJLm0El
Content-Encoding
gzip
Last-Modified
Fri, 21 Sep 2018 18:30:48 GMT
Server
AmazonS3
x-amz-request-id
BE5D88A1A2EFD381
ETag
"c1f4a427cc0e7ce6a43390d1855422a1"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=300, must-revalidate
Date
Sun, 23 Sep 2018 20:08:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9930
x-amz-id-2
MsL/gCFVdpEDEy2Ivf5LZfp8mYsZnOoqJyknIkdu4EOa8AB4Uun7uIV37Kk9DjeUzAyFOWRaOQE=
TPUHTO67ZVE5LPVBON4QAV
d.adroll.com/consent/check/ 		34 B
194 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/TPUHTO67ZVE5LPVBON4QAV?_s=2dbd059d1475bfe3bd9d0b2c14cbe0d5
Requested by
Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.233.61 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-217-233-61.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
c389d2c60cd588381a115d2bad194492123fbd5b73f86a85149ec4e5de8503f6

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
Connection
keep-alive
Content-Length
34
Content-Type
application/javascript
2POQ3ORU3JBE3I56PPARBJ.js
s.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA/
Redirect Chain
  • https://d.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA?pv=50214101020.5599&cookie=&adroll_s_ref=&keyw=&arrfrr=http%3A%2F%2Fws.fraudlogix.com%2Fpdfs%2Fthreat_feed_sample.html
  • https://s.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA/2POQ3ORU3JBE3I56PPARBJ.js
15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA/2POQ3ORU3JBE3I56PPARBJ.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
838b4ba22cc5c658080d7ebd2bcd9fe6ce8e92bdbf774eaae6fb920cb942e7e8

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
q3vCc3AJIJRd3dzUxgq.Z8vWm7o8batY
Content-Encoding
gzip
ETag
"41d2bb96b5f0a80d5c5816f7ff041772"
x-amz-request-id
FD474E2C60C1DD8F
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
4056
x-amz-id-2
cI6Ubb72tS6NyLAeCcucyZx6+tWOOD+IlITnQPckeYQZUT3tLBVPMNGwdjp5EtULFK9MWJhVQGQ=
Last-Modified
Wed, 19 Sep 2018 15:47:03 GMT
Server
AmazonS3
Date
Sun, 23 Sep 2018 20:08:03 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Sun, 23 Sep 2018 20:08:03 GMT
X-Segment-Display-Name
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Connection
keep-alive
Content-Length
0
Pragma
no-cache
X-Conversion-Value
0.0
Server
nginx/1.12.1
X-Rule
*
X-Segment-Eid
2POQ3ORU3JBE3I56PPARBJ
Location
https://s.adroll.com/pixel/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA/2POQ3ORU3JBE3I56PPARBJ.js
Cache-Control
no-store, no-cache, must-revalidate
X-Pixel-Eid
3B7SNWIJRFEDDJ3BAAIFHA
X-Segment-Name
*
X-Advertisable-Eid
TPUHTO67ZVE5LPVBON4QAV
X-Conversion-Currency
fbevents.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/fbevents.js
  • https://connect.facebook.net/en_US/fbevents.js
44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
167cbde7e21233e046dd224a44e9b519057eb04c1fed9995afd48e715503b911
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
13685
x-xss-protection
0
pragma
public
x-fb-debug
HMnNC0m3OGje5FTiwNC1bd1UZx9mSO/mEG8/AbHqX+g6Oynxh4uDhebkqY+X7s/uy39FAQH9sN6sPem03X9cvw==
x-frame-options
DENY
date
Sun, 23 Sep 2018 20:08:03 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/fbevents.js
Non-Authoritative-Reason
HSTS
3B7SNWIJRFEDDJ3BAAIFHA
d.adroll.com/onp/TPUHTO67ZVE5LPVBON4QAV/ 		42 B
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/onp/TPUHTO67ZVE5LPVBON4QAV/3B7SNWIJRFEDDJ3BAAIFHA?pv=50214101020.5599&ev=t%3Dtop%26f%3D0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.233.61 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-217-233-61.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
image/gif
X-Advertisable-Eid
TPUHTO67ZVE5LPVBON4QAV
Content-Length
42
sync
pixel.advertising.com/ups/55980/
Redirect Chain
  • https://d.adroll.com/cm/aol/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://pixel.advertising.com/ups/55980/sync?uid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://pixel.advertising.com/ups/55980/sync?uid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
0
298 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55980/sync?uid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.38.246 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-38-246.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Sun, 23 Sep 2018 20:08:03 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Sun, 23 Sep 2018 20:08:03 GMT
content-length
0
location
https://pixel.advertising.com/ups/55980/sync?uid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://d.adroll.com/cm/index/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expiration=1569269283
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expiration=1569269283&C=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expiration=1569269283&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sun, 23 Sep 2018 20:08:03 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expiration=1569269283&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Sun, 23 Sep 2018 20:08:03 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://d.adroll.com/cm/n/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expires=365
42 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expires=365
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Smithfield, United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
Rubicon Project /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
Rubicon Project
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
X-RPHost
objoafVd_Ky-S5FXjIOdXg
Expires
0

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&expires=365
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
124
pixel
sync.outbrain.com/adroll/
Redirect Chain
  • https://d.adroll.com/cm/outbrain/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://sync.outbrain.com/adroll/pixel?user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
18 B
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/adroll/pixel?user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.134.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains;

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=0; includeSubDomains;
content-encoding
gzip
traffic-path
NYDC1, JFK, MAD, Europe1
x-timer
S1537733284.759364,VS0,VE95
date
Sun, 23 Sep 2018 20:08:03 GMT
x-served-by
cache-jfk8129-JFK, cache-mad9430-MAD
x-cache
MISS, MISS
status
200
backend-ip
104.156.90.29
accept-ranges
bytes, bytes
via
1.1 varnish, 1.1 varnish
x-cache-hits
0, 0

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location
https://sync.outbrain.com/adroll/pixel?user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
96
Pug
simage2.pubmatic.com/AdServer/
Redirect Chain
  • https://d.adroll.com/cm/pubmatic/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...
1 B
817 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Cnection
close
Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
X-lat
Pug22054:0:460
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control
no-store, no-cache, private
Content-Type
text/html; charset=utf-8
Content-Length
1

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
220
/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain
  • https://d.adroll.com/cm/taboola/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
0
321 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.134.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 23 Sep 2018 20:08:03 GMT
via
1.1 varnish
server
nginx
x-timer
S1537733284.768763,VS0,VE28
x-served-by
cache-mad9430-MAD
x-cache
MISS
status
204
x-cache-hits
0
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
111
xuid
eb2.3lift.com/
Redirect Chain
  • https://d.adroll.com/cm/triplelift/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://eb2.3lift.com/xuid?mid=4714&xuid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&dongle=c85e
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&dongle=c85e&gdpr=1&cmp_cs=
37 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&dongle=c85e&gdpr=1&cmp_cs=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.86.113 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-57-86-113.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 23 Sep 2018 20:08:03 GMT
cache-control
no-cache, no-store, must-revalidate
Connection
keep-alive
P3P
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Content-Length
37
content-type
image/gif

Redirect headers

location
/xuid?ld=1&mid=4714&xuid=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q&dongle=c85e&gdpr=1&cmp_cs=
date
Sun, 23 Sep 2018 20:08:03 GMT
cache-control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
P3P
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel
ads.yahoo.com/
Redirect Chain
  • https://d.adroll.com/cm/r/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_con...
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:833::4000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 23 Sep 2018 20:08:03 GMT
X-Content-Type-Options
nosniff
Server
ATS
Age
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security
max-age=31536000
Public-Key-Pins-Report-Only
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
248
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
43 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.153.11.20 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-153-11-20.eu-central-1.compute.amazonaws.com
Software
nginx/1.12.0 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=10
Content-Length
43

Redirect headers

Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=10
Content-Length
0
pxj
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q%27)
0
591 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q%27)
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.83 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:05 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 250.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.72:80
AN-X-Request-Uuid
81883e18-7d1b-49a9-82e4-3772d39749cd
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('ZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2Q')
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
113
sync
pippio.com/api/
Redirect Chain
  • https://d.adroll.com/cm/l/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://idsync.rlcdn.com/377928.gif?partner_uid=d35903ca7a56123dee503ed4d233097d
  • https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogZDM1OTAzY2E3YTU2MTIzZGVlNTAzZWQ0ZDIzMzA5N2QQABoNCKTln90FEgUI6AcQAA
  • https://pippio.com/api/sync?pid=5324&_=2
0
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pippio.com/api/sync?pid=5324&_=2
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.254.65 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
65.254.178.107.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Sun, 23 Sep 2018 20:08:04 GMT
via
1.1 google
alt-svc
clear

Redirect headers

status
307
date
Sun, 23 Sep 2018 20:08:04 GMT
cache-control
no-cache, no-store
timing-allow-origin
*
content-length
0
location
https://pippio.com/api/sync?pid=5324&_=2
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?advertisable=TPUHTO67ZVE5LPVBON4QAV
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=d35903ca7a56123dee503ed4d233097d
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d35903ca7a56123dee503ed4d233097d
43 B
255 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d35903ca7a56123dee503ed4d233097d
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
173.241.240.143 New York, United States, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS
ox-173-241-240-143.xa.dc.openx.org
Software
OXGW/16.80.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 23 Sep 2018 20:08:03 GMT
server
OXGW/16.80.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
status
200
cache-control
private, max-age=0, no-cache
content-type
image/gif
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

status
302
date
Sun, 23 Sep 2018 20:08:03 GMT
server
OXGW/16.80.0
content-length
0
location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d35903ca7a56123dee503ed4d233097d
p3p
CP="CUR ADM OUR NOR STA NID"
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?advertisable=TPUHTO67ZVE5LPVBON4QAV&google_nid=adroll2
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=01kDynpWEj3uUD7U0jMJfQ&google_ula=1535926
  • https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=01kDynpWEj3uUD7U0jMJfQ&google_ula=1535926&google_tc=
  • https://d.adroll.com/cm/g/in?google_ula=1535926,0
42 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/g/in?google_ula=1535926,0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.110.64 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-247-110-64.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Sep 2018 20:08:03 GMT
Server
nginx/1.12.1
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
X-Result
g.-1.-1.1535926.0.-1

Redirect headers

pragma
no-cache
date
Sun, 23 Sep 2018 20:08:03 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in?google_ula=1535926,0
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
246
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
815564841820003
connect.facebook.net/signals/config/ 		83 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/815564841820003?v=2.8.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
22319e45ff0456096a3918843b0a1fe03324833af848c507a04d15f685de44f0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
x-xss-protection
0
pragma
public
x-fb-debug
69vMpvXRnazLuG6RbS9ObMff09tl9iLdsP/G6wdnbhZoiJswXO1pccZ5Fq2wuYPSzfjIYL/Ky4YILW2oU4icIw==
x-frame-options
DENY
date
Sun, 23 Sep 2018 20:08:03 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=815564841820003&ev=PageView&dl=http%3A%2F%2Fws.fraudlogix.com%2Fpdfs%2Fthreat_feed_sample.html&rl=&if=false&ts=1537733283596&cd[segment_eid]=2POQ3ORU3JBE3I56PPARBJ&sw=1600&sh=1200&v=2.8.27&r=stable&ec=0&o=29&it=1537733283535
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
http://ws.fraudlogix.com/pdfs/threat_feed_sample.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 23 Sep 2018 20:08:03 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Sun, 23 Sep 2018 20:08:03 GMT

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| DID string| pcheck function| VSCapture function| VSLT undefined| pagename undefined| MyPageName undefined| MyID undefined| MySearch object| sniffer string| adroll_adv_id string| adroll_pix_id string| _flbtn object| O object| Q object| o number| U object| u number| J object| FLPXobj string| domain boolean| isDNT object| pc2bytes0 object| pc2bytes1 object| pc2bytes2 object| pc2bytes3 object| pc2bytes4 object| pc2bytes5 object| pc2bytes6 object| pc2bytes7 object| pc2bytes8 object| pc2bytes9 object| pc2bytes10 object| pc2bytes11 object| pc2bytes12 object| pc2bytes13 string| result string| tempresult string| spfstr1 string| spfstr2 boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback boolean| __adroll_consent number| adroll_xavier_called object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars function| fbq function| _fbq

3 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 139=RE92A7h7B3kE1v6NASgJ_7fcuuB3R_DieBVRvCpQzSUVEQXYn1cSZ_FRJhukvk7SqiNHyGplj8J3J8FsFNv4dweqb2pjixf3cn9tnDtfKbEwfQcrjiM1vbx0jZh21Eze
.fraudlogix.com/ Name: _u
Value: e57ec6546625e0d110c99522a57b08d1d06883f4421e81bf
.fraudlogix.com/ Name: flv
Value: H60aTx3McrIopgQX2BTr

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.adroll.com
ads.yahoo.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
docs.google.com
dsum-sec.casalemedia.com
eb2.3lift.com
flx99.lporirxe.com
ib.adnxs.com
idsync.rlcdn.com
pippio.com
pixel.advertising.com
pixel.rubiconproject.com
s.adroll.com
simage2.pubmatic.com
sniff.visistat.com
stats.visistat.com
sync.outbrain.com
trc.taboola.com
us-u.openx.net
ws.fraudlogix.com
www.facebook.com
x.bidswitch.net
107.178.254.65
151.101.134.2
172.217.23.130
173.241.240.143
18.153.11.20
185.33.223.83
185.64.189.110
2.16.186.48
2.18.233.40
2.18.234.21
209.128.119.143
2400:cb00:2048:1::6814:200e
2a00:1288:110:833::4000
2a00:1450:4001:817::200e
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.203.81.73
35.157.38.246
52.57.86.113
54.217.233.61
54.247.110.64
64.187.102.169
69.173.144.165
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
167cbde7e21233e046dd224a44e9b519057eb04c1fed9995afd48e715503b911
22319e45ff0456096a3918843b0a1fe03324833af848c507a04d15f685de44f0
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ee3353d9559a3ccbde5695c79a2d4d10e733da3eb4163f3f013b5ce29947792
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
791f2b038331fbed89c1a0702368e60251bc23c3539dc9fa5b2f296f58b3f66a
838b4ba22cc5c658080d7ebd2bcd9fe6ce8e92bdbf774eaae6fb920cb942e7e8
8586c89f5ff37a464df366ad65874b6ede5898f94219ee381b67023b5269d99a
a845955307f3071603d4fb128ea3f411465c36a8be5fa2bbd025b413e643b304
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c389d2c60cd588381a115d2bad194492123fbd5b73f86a85149ec4e5de8503f6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629