urlscan.io logo urlscan.io
SecurityTrails logo

m8qg.com Open in urlscan Pro
156.254.71.198  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Submission: On August 19 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 8 countries across 18 domains to perform 33 HTTP transactions. The main IP is 156.254.71.198, located in Johannesburg, South Africa and belongs to SKHT-AS Shenzhen Katherine Heng Technology Information Co., Ltd., CN. The main domain is m8qg.com.
This is the only time m8qg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
4 156.254.71.198 135357 (SKHT-AS S...)
6 151.101.14.49 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 34.96.102.137 15169 (GOOGLE)
1 184.72.216.220 14618 (AMAZON-AES)
1 13.226.146.194 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 216.58.205.226 15169 (GOOGLE)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2a00:1288:f03... 10310 (YAHOO-1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 34.238.181.251 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 212.82.100.181 34010 (YAHOO-IRD)
33 19
4    156.254.71.198 (Johannesburg, South Africa)

ASN135357 (SKHT-AS Shenzhen Katherine Heng Technology Information Co., Ltd., CN)
m8qg.com
6    151.101.14.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
assets.aweber-static.com
1    2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    34.96.102.137 (United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com
1    184.72.216.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-216-220.compute-1.amazonaws.com
i.kissmetrics.com
1    13.226.146.194 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-146-194.dus51.r.cloudfront.net
scripts.kissmetrics.com
1    2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    216.58.205.226 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s24-in-f2.1e100.net
www.googleadservices.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
s.yimg.com
1    2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
1    2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a05:f500:11:101::b93f:9005 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    34.238.181.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-181-251.compute-1.amazonaws.com
trk.kissmetrics.io
1    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    212.82.100.181 (Switzerland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com
sp.analytics.yahoo.com
Domain Requested by
6 assets.aweber-static.com m8qg.com
assets.aweber-static.com
4 m8qg.com m8qg.com
3 dev.visualwebsiteoptimizer.com 1 redirects m8qg.com
2 www.facebook.com m8qg.com
2 px.ads.linkedin.com 1 redirects m8qg.com
2 www.google.de m8qg.com
2 www.google.com 1 redirects m8qg.com
2 s.yimg.com m8qg.com
s.yimg.com
2 connect.facebook.net m8qg.com
connect.facebook.net
2 bat.bing.com m8qg.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 sp.analytics.yahoo.com s.yimg.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 trk.kissmetrics.io scripts.kissmetrics.com
1 www.linkedin.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 snap.licdn.com m8qg.com
1 www.googleadservices.com www.googletagmanager.com
1 scripts.kissmetrics.com m8qg.com
1 i.kissmetrics.com m8qg.com
1 www.googletagmanager.com m8qg.com
33 21

This site contains no links.

Subject Issuer Validity Valid
o2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-08-18 -
2021-07-02		 10 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2020-06-19 -
2022-07-06		 2 years crt.sh
*.google.com
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
www.bing.com
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-08-06 -
2020-09-20		 a month crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
www.google.de
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-02-05		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-03-04 -
2020-08-31		 6 months crt.sh

This page contains 1 frames:

Primary Page: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Frame ID: B6145C2EFA3B36F5025DA8B9718C117F
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

33
Requests

76 %
HTTPS

64 %
IPv6

18
Domains

21
Subdomains

19
IPs

8
Countries

580 kB
Transfer

1764 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • http://dev.visualwebsiteoptimizer.com/j.php?a=1330&u=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=0.2825177997492523 HTTP 301
  • https://dev.visualwebsiteoptimizer.com/j.php?a=1330&u=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=0.2825177997492523
Request Chain 14
  • http://bat.bing.com/bat.js HTTP 307
  • https://bat.bing.com/bat.js
Request Chain 15
  • http://connect.facebook.net/en_US/fbevents.js HTTP 307
  • https://connect.facebook.net/en_US/fbevents.js
Request Chain 18
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=358348439&t=pageview&_s=1&dl=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&ul=en-us&de=UTF-8&dt=Request%20for%20Quotation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=1423513828&gjid=675878355&cid=1837296474.1597795217&tid=UA-1759093-10&_gid=860946319.1597795217&_r=1&gtm=2wg8715J4XPK&z=754430692 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_gid=860946319.1597795217&gjid=675878355&_v=j83&z=754430692 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_v=j83&z=754430692 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_v=j83&z=754430692&slf_rd=1&random=1554109869
Request Chain 19
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=256865&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&time=1597795216676 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D256865%26url%3Dhttp%253A%252F%252Fm8qg.com%252Fnews%252Fwp-content%252Fplugins%252Fgcizrvf%252Fbbc%252FExcel%252Frfq.php%26time%3D1597795216676%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=256865&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&time=1597795216676&liSync=true

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request rfq.php
m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/ 		11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Server
156.254.71.198 Johannesburg, South Africa, ASN135357 (SKHT-AS Shenzhen Katherine Heng Technology Information Co., Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
b3439248a0ddc569498787cc4d6c8a4c5918988f44fcfa1bd698e0d117968c9e

Request headers

Host
m8qg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Wed, 19 Aug 2020 00:00:16 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip
MaskedPassword.js
m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/MaskedPassword.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Server
156.254.71.198 Johannesburg, South Africa, ASN135357 (SKHT-AS Shenzhen Katherine Heng Technology Information Co., Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:00:16 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Aug 2020 06:07:13 GMT
Server
nginx
ETag
W/"5f3b7011-4208"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Wed, 19 Aug 2020 12:00:16 GMT
main.50315030.css
assets.aweber-static.com/www/assets/css/ 		384 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.aweber-static.com/www/assets/css/main.50315030.css
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4d4e4bf73adea4c9618bd375cbdd5bb1806a9a97bc7834aec68d21bb9c1e7442

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
3HL_eJIQSMN01BwkgDNKXg.F1xGBEMUy
content-encoding
gzip
etag
"78fe02dc37f46aee49d79c51168a10f3"
age
650256
via
1.1 varnish
x-cache
HIT
status
200
content-length
64259
x-amz-id-2
7JmhjESS0jBnNJyQFtVNGWhRfkezBEJ4WCMcL9eTFagfcShCmqHEEUuIxdV45v7GvJwV2eFNPZA=
x-served-by
cache-fra19157-FRA
last-modified
Wed, 03 Jan 2018 20:25:28 GMT
server
AmazonS3
x-timer
S1597795216.388783,VS0,VE1
date
Wed, 19 Aug 2020 00:00:16 GMT
vary
Accept-Encoding
x-amz-request-id
A8DBF78CB0DBC90D
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
text/css
x-cache-hits
1
jquery.5a555b6d.js
assets.aweber-static.com/www/assets/bundles/ 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.aweber-static.com/www/assets/bundles/jquery.5a555b6d.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4bbb02166c3396d0f40fa8ebe151e046e70e00d2d842fe40d4f215a81f0772b3

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
nEC0pXCYIdLlaCFyW.NJp92ITbQ4XtOR
content-encoding
gzip
etag
"5c1504dbb73fcf8cf75abed2d97a0777"
age
2319861
via
1.1 varnish
x-cache
HIT
status
200
content-length
38193
x-amz-id-2
NaSvdR+j6M/myK6CHnnc1h8e04pQDIEhHdrPChY6VtXBs4GD+Ryu8gP0nKmU4psAQtnVUDRmRBQ=
x-served-by
cache-fra19157-FRA
last-modified
Fri, 12 Jan 2018 16:37:55 GMT
server
AmazonS3
x-timer
S1597795216.388930,VS0,VE1
date
Wed, 19 Aug 2020 00:00:16 GMT
vary
Accept-Encoding
x-amz-request-id
C28639070EF1AE35
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
vendor.98010375.js
assets.aweber-static.com/www/assets/bundles/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.aweber-static.com/www/assets/bundles/vendor.98010375.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
88ac03bb60640d37911839e3408fafc1fa5fa9f9c9dbd3de528066ec1b6597aa

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
HdpT90ZK.MNlglIeCa3xNn4ProoohTbL
content-encoding
gzip
etag
"36626a5655ccad577db446555bf4ccd6"
age
756255
via
1.1 varnish
x-cache
HIT
status
200
content-length
27922
x-amz-id-2
bH+gvI3ccrKB8Sx+upiVorht2pLl+W3LNL9DqZwKHaChiYwZLUigV3/dIRlAT0etUCcMdnhmyj4=
x-served-by
cache-fra19157-FRA
last-modified
Fri, 12 Jan 2018 16:37:57 GMT
server
AmazonS3
x-timer
S1597795216.388890,VS0,VE1
date
Wed, 19 Aug 2020 00:00:16 GMT
vary
Accept-Encoding
x-amz-request-id
6835049F49E327DF
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
lib.becade21.js
assets.aweber-static.com/www/assets/bundles/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.aweber-static.com/www/assets/bundles/lib.becade21.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
43c6c415e0250d62b72f26e96e93d7627dd05295cea6dca4f0429e43a91b3aa4

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
5zpXDf6fMIE09AQnekKYv9r0OnbBRWVB
content-encoding
gzip
etag
"554df709b421134fe1de27725d45c116"
age
492627
via
1.1 varnish
x-cache
HIT
status
200
content-length
8850
x-amz-id-2
PnZCaA4jDU+m666g6uXurNvpXOYQM1Jb0bQVp4HGD2QTswLpSDN9jS1htR1Yjh5ddNwzVZT9I0Q=
x-served-by
cache-fra19157-FRA
last-modified
Fri, 05 Jan 2018 20:35:58 GMT
server
AmazonS3
x-timer
S1597795216.388872,VS0,VE0
date
Wed, 19 Aug 2020 00:00:16 GMT
vary
Accept-Encoding
x-amz-request-id
2CCDBEE7BD078B44
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
xls22.png
m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/xls22.png
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Server
156.254.71.198 Johannesburg, South Africa, ASN135357 (SKHT-AS Shenzhen Katherine Heng Technology Information Co., Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
e92ff4ce1146308df78f46cf8c5f1fca84b22acc8422ca77b3120e6733aed692

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:00:16 GMT
Last-Modified
Tue, 18 Aug 2020 06:07:13 GMT
Server
nginx
ETag
"5f3b7011-c32a"
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
49962
Expires
Fri, 18 Sep 2020 00:00:16 GMT
gtm.js
www.googletagmanager.com/ 		146 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5J4XPK&gtm_auth=UYNjOPXi40kADX0ZYRcuvw&gtm_preview=env-50&gtm_cookies_win=x
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
20c7d2c34819d408829c44e9f6c9e5ac2e74dcb1ff61ae1c620034a41d2a0f62
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:00:16 GMT
content-encoding
br
vary
*
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42118
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
j.php
dev.visualwebsiteoptimizer.com/
Redirect Chain
  • http://dev.visualwebsiteoptimizer.com/j.php?a=1330&u=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=0.2825177997492523
  • https://dev.visualwebsiteoptimizer.com/j.php?a=1330&u=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=0.2825177997492523
3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=1330&u=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=0.2825177997492523
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gbel1 /
Resource Hash
76de8edcd58984417a6b196caceed270b83d209da7cefa1e58a90d69c8c5d8b6

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:00:15 GMT
content-encoding
gzip
server
gbel1
content-type
application/javascript; charset=UTF-8
status
200
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via
1.1 google

Redirect headers

Location
https://dev.visualwebsiteoptimizer.com/j.php?a=1330&u=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=0.2825177997492523
Date
Wed, 19 Aug 2020 00:00:16 GMT
Via
1.1 google
server
gbel1
Timing-Allow-Origin
*
Content-Length
182
Content-Type
text/html
SourceSansPro-Regular.967c60da.woff2
assets.aweber-static.com/www/assets/fonts/source-sans-pro/regular/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.aweber-static.com/www/assets/fonts/source-sans-pro/regular/SourceSansPro-Regular.967c60da.woff2
Requested by
Host: assets.aweber-static.com
URL: https://assets.aweber-static.com/www/assets/css/main.50315030.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Origin
http://m8qg.com
Referer
https://assets.aweber-static.com/www/assets/css/main.50315030.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
nUkSREdmXGzdhRK76f3SJORrxKDXSWfy
via
1.1 varnish
etag
"967c60da0742e7f2bdfbde13accaf519"
age
3538480
x-cache
HIT
status
200
content-length
12960
x-amz-id-2
5BYWULJ7PRebcCfIKA0f34R9jfD6WOrjB/0DZLzteqHc/KlsL0KzrwVSJopUPv28ZRZGH+C2qAc=
x-served-by
cache-fra19166-FRA
last-modified
Thu, 30 Nov 2017 16:08:44 GMT
server
AmazonS3
x-timer
S1597795217.653834,VS0,VE0
date
Wed, 19 Aug 2020 00:00:16 GMT
x-amz-request-id
47CEE5FC414C5B12
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
x-cache-hits
1
SourceSansPro-Semibold.5a4f76c9.woff2
assets.aweber-static.com/www/assets/fonts/source-sans-pro/semibold/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.aweber-static.com/www/assets/fonts/source-sans-pro/semibold/SourceSansPro-Semibold.5a4f76c9.woff2
Requested by
Host: assets.aweber-static.com
URL: https://assets.aweber-static.com/www/assets/css/main.50315030.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Origin
http://m8qg.com
Referer
https://assets.aweber-static.com/www/assets/css/main.50315030.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
vPnTVymu2.5ASvwIuzzgIqabBa5WpaNy
via
1.1 varnish
etag
"5a4f76c9cb1886f5682d1093f4fac915"
age
2922364
x-cache
HIT
status
200
content-length
12916
x-amz-id-2
9fHafv6IcaQAb9rSs54tnQMqxN8HL/8Ywwf5l4VBbpdfAnH8tfaqERl8JRl1AZe/3LKg3nGCkmc=
x-served-by
cache-fra19166-FRA
last-modified
Thu, 30 Nov 2017 16:08:44 GMT
server
AmazonS3
x-timer
S1597795217.653827,VS0,VE0
date
Wed, 19 Aug 2020 00:00:16 GMT
x-amz-request-id
A343254C7979BED5
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
x-cache-hits
1
i.js
i.kissmetrics.com/ 		39 B
321 B 		Script
General
Check archive.org
Download Go to
Full URL
http://i.kissmetrics.com/i.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Server
184.72.216.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-216-220.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2bc18c5e40b439c202bfa5d0a973c2a8c30ccdb6a83c85c5d0b55cd2abcad8b9

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:00:11 GMT
Server
nginx
P3P
CP="NOI CURa ADMa DEVa TAIa OUR IND UNI NAV INT"
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
39
Expires
Fri, 18 Sep 2020 00:00:11 GMT
7380cf13bcddad3f1993fd5b0f313c4c7c679d73.2.js
scripts.kissmetrics.com/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://scripts.kissmetrics.com/7380cf13bcddad3f1993fd5b0f313c4c7c679d73.2.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Server
13.226.146.194 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-146-194.dus51.r.cloudfront.net
Software
nginx/1.6.2 /
Resource Hash
02c30673fb658a2fe42b89fcfa01f3985ea59a10778f89bdf96c426d93c72540

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 18 Aug 2020 23:56:07 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Tue, 18 Aug 2020 15:20:51 GMT
Server
nginx/1.6.2
Age
19
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
P3P
CP="NOI CURa ADMa DEVa TAIa OUR IND UNI NAV INT"
Via
1.1 cddd3e95f67291463f7a95d065c7fcff.cloudfront.net (CloudFront)
Cache-Control
max-age=60
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-C1
Content-Type
application/x-javascript; charset=utf-8
X-Amz-Cf-Id
jo8UgMr5TfCQchu1OSU7oGxw8iCShEo8lkgiq35mIHz1vm5zrcdbDw==
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5J4XPK&gtm_auth=UYNjOPXi40kADX0ZYRcuvw&gtm_preview=env-50&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
2676
date
Tue, 18 Aug 2020 23:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Wed, 19 Aug 2020 01:15:40 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5J4XPK&gtm_auth=UYNjOPXi40kADX0ZYRcuvw&gtm_preview=env-50&gtm_cookies_win=x
Protocol
HTTP/1.1
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s24-in-f2.1e100.net
Software
cafe /
Resource Hash
d792ed2286a3f10ce01ed2c144ef1db80a8273d049b111589539c435ce908f9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Wed, 19 Aug 2020 00:00:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
ETag
16467492975000070780
Vary
Accept-Encoding
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
private, max-age=3600
Content-Disposition
attachment; filename="f.txt"
Content-Type
text/javascript; charset=UTF-8
Content-Length
11318
X-XSS-Protection
0
Expires
Wed, 19 Aug 2020 00:00:16 GMT
bat.js
bat.bing.com/
Redirect Chain
  • http://bat.bing.com/bat.js
  • https://bat.bing.com/bat.js
26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:00:16 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref
Ref A: CCE1147ABDEB41E9AACBC06AF4AC7B71 Ref B: FRAEDGE1419 Ref C: 2020-08-19T00:00:16Z
status
200
etag
"0e0bdafab5bd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8022

Redirect headers

Location
https://bat.bing.com/bat.js
Non-Authoritative-Reason
HSTS
fbevents.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/fbevents.js
  • https://connect.facebook.net/en_US/fbevents.js
134 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34269
x-xss-protection
0
pragma
public
x-fb-debug
fb/hRyIU10b01ytbDTZ7YkuqVCut/FGJCW9BR7SQqk2MUVLFRYhIYXYLKN3s62l4Er1QLem7mDTpXzJ2/iOT6w==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 19 Aug 2020 00:00:16 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/fbevents.js
Non-Authoritative-Reason
HSTS
ytc.js
s.yimg.com/wi/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
88cf2c9a4c4bcef2aa64fb6ea0f337f78e9a7dc61d87993441369fa5cb429d32
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion
1
date
Tue, 18 Aug 2020 23:20:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2390
x-amz-server-side-encryption
AES256
status
200
vary
Origin, Accept-Encoding
content-length
5573
x-amz-id-2
FomJEi63Fs4Ch8zQfwPr5Px5aNflQgXFdkZ7Vm2jGZcYpfhXB/7CNCiuFUvKtn38OvaYFFEbkIY=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Thu, 16 Sep 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Tue, 11 Aug 2020 09:21:22 GMT
server
ATS
etag
"4af30fdfb3f25202fae672877237b12e-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
CB375785F272DC13
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
v0T4VwTcSKojm0k.rRPUA2jezlg4p0ZC
accept-ranges
bytes
content-type
application/javascript
insight.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:00:16 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=19556
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=358348439&t=pageview&_s=1&dl=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&ul=en-us&de=UTF-8&dt=Reque...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_gid=860946319.1597795217&gjid=675878355&_v=j83&z=754430692
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_v=j83&z=754430692
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_v=j83&z=754430692&slf_rd=1&random=1554109869
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_v=j83&z=754430692&slf_rd=1&random=1554109869
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1759093-10&cid=1837296474.1597795217&jid=1423513828&_v=j83&z=754430692&slf_rd=1&random=1554109869
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=256865&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&time=1597795216676
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D256865%26url%3Dhttp%253A%252F%252Fm8qg.com%252Fnews%252Fwp-content%252Fplugins%25...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=256865&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&time=1597795216676&liSync=true
0
81 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=256865&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&time=1597795216676&liSync=true
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:00:17 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
ZpPv0kiCLBYgw8Xz4yoAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
Nep9zEiCLBZAu4PLjisAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: 69C9963FC2F64DB486D4289EEB98C6C6 Ref B: FRAEDGE1111 Ref C: 2020-08-19T00:00:16Z
x-frame-options
sameorigin
date
Wed, 19 Aug 2020 00:00:16 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=256865&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&time=1597795216676&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
137848689911278
connect.facebook.net/signals/config/ 		524 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/137848689911278?v=2.9.23&r=stable
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fd7487a1f5f98c2c2de75e8a914fea8f16504ea5b23bbde1723138e6cb7e43a9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
134849
x-xss-protection
0
pragma
public
x-fb-debug
8cSilz2HXS9IxkZ8mpdTodvCQW/PafcBnqg1qL7rVI1vaFO8LfXIAHZgRXdCB4x6QHK7IAJ3KaduVgMa3CCrYQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 19 Aug 2020 00:00:16 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
e
trk.kissmetrics.io/ 		43 B
376 B 		Other
General
Check archive.org
Download Go to
Full URL
http://trk.kissmetrics.io/e
Requested by
Host: scripts.kissmetrics.com
URL: http://scripts.kissmetrics.com/7380cf13bcddad3f1993fd5b0f313c4c7c679d73.2.js
Protocol
HTTP/1.1
Server
34.238.181.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-181-251.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 19 Aug 2020 00:00:16 GMT
Last-Modified
Thu, 01 Jan 1970 00:00:00 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
43
Expires
Wed, 19 Aug 2020 00:00:15 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071267547/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071267547/?random=1597795216710&cv=9&fst=1597795216710&num=1&label=ZCXGCPv1qgMQ2_3o_gM&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg871&sendb=1&ig=1&frm=0&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&tiba=Request%20for%20Quotation&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78a86f6117cd58b0cb60df5ecd5b923eaf54b219b1f7d3600a32fb2ed5e28087
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1083
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/ 		0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=4010922&Ver=2&mid=f1e0b363-3ea2-f5f0-73cb-e7778877b81e&sid=611a2e196847997f451cb08220a46e45&vid=cb08921c5255e8a889130a356f45f442&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Request%20for%20Quotation&p=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&r=&lt=987&evt=pageLoad&msclkid=N&sv=1&rn=903888
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 5A15BD3685BD447A9600A37640FD95E9 Ref B: FRAEDGE1419 Ref C: 2020-08-19T00:00:16Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=1330&d=m8qg.com&u=D71259546ACEC69E3F9C68F071C519304&h=b8ba415c592f5a054de55ca146ca597a&t=false&r=0.4741565777721233
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/2+QUIC/46
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
status
200
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
440422.json
s.yimg.com/wi/config/ 		2 B
494 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/440422.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 23:35:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1477
status
200
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id
1A65434AA467E418
x-amz-id-2
dXKR52MEASfZPSaRWGos7wfeLBt5iHBwwOKymeDsXu2MjcHSsBJeHMBuPXZMLuG1W8HFe6t6lz0=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
22
default.jpg
m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/ 		81 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/default.jpg
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
HTTP/1.1
Server
156.254.71.198 Johannesburg, South Africa, ASN135357 (SKHT-AS Shenzhen Katherine Heng Technology Information Co., Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
a5b1e114bf054a8b54d7af52fdd1a1f8d778d77ba39fb8ff5542ab8d92cdd41f

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:00:16 GMT
Last-Modified
Tue, 18 Aug 2020 06:07:13 GMT
Server
nginx
ETag
"5f3b7011-1454f"
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
83279
Expires
Fri, 18 Sep 2020 00:00:16 GMT
/
www.facebook.com/tr/ 		44 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=137848689911278&ev=PageView&dl=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&rl=&if=false&ts=1597795216739&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1597795216738.586837866&it=1597795216685&coo=false&rqm=GET
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:00:16 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 19 Aug 2020 00:00:16 GMT
/
www.google.com/pagead/1p-user-list/1071267547/ 		42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1071267547/?random=1597795216710&cv=9&fst=1597795200000&num=1&label=ZCXGCPv1qgMQ2_3o_gM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg871&sendb=1&frm=0&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&tiba=Request%20for%20Quotation&async=1&fmt=3&is_vtc=1&random=4029008682&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1071267547/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1071267547/?random=1597795216710&cv=9&fst=1597795200000&num=1&label=ZCXGCPv1qgMQ2_3o_gM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg871&sendb=1&frm=0&url=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&tiba=Request%20for%20Quotation&async=1&fmt=3&is_vtc=1&random=4029008682&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Aug 2020 00:00:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sp.pl
sp.analytics.yahoo.com/ 		0
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2019%20Aug%202020%2000%3A00%3A16%20GMT&n=-2d&b=Request%20for%20Quotation&.yp=440422&f=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&enc=UTF-8&tagmgr=gtm
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 , Switzerland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 19 Aug 2020 00:00:16 GMT
X-Content-Type-Options
nosniff
Age
0
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
ATS
X-Frame-Options
DENY
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Cache-Control
no-cache, private, must-revalidate
Accept-Ranges
bytes
Expires
Wed, 19 Aug 2020 00:00:16 GMT
/
www.facebook.com/tr/ 		44 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=137848689911278&ev=Microdata&dl=http%3A%2F%2Fm8qg.com%2Fnews%2Fwp-content%2Fplugins%2Fgcizrvf%2Fbbc%2FExcel%2Frfq.php&rl=&if=false&ts=1597795217252&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Request%20for%20Quotation%22%2C%22meta%3Adescription%22%3A%22Log%20in%20to%20your%20AWeber%20account%20(or%20AWeber%20affiliate%20account)%20by%20entering%20your%20username%20or%20Affiliate%20ID%20and%20password.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Email%20Marketing%20Software%20%7C%20Email%20Marketing%20Newsletters%20from%20AWeber%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.aweber.com%2Flogin.htm%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fassets.aweber-static.com%2Fwww%2Fassets%2Fimg%2Flogo-og-image.95a2e0b1.jpg%22%2C%22twitter%3Aimage%22%3A%22https%3A%2F%2Fassets.aweber-static.com%2Fwww%2Fassets%2Fimg%2Flogo-og-image.95a2e0b1.jpg%22%2C%22og%3Asite_name%22%3A%22AWeber%22%2C%22og%3Atype%22%3A%22website%22%2C%22twitter%3Acard%22%3A%22summary_large_image%22%2C%22twitter%3Asite%22%3A%22%40aweber%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1597795216738.586837866&it=1597795216685&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: m8qg.com
URL: http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://m8qg.com/news/wp-content/plugins/gcizrvf/bbc/Excel/rfq.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 19 Aug 2020 00:00:17 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 19 Aug 2020 00:00:17 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| MaskedPassword function| webpackJsonp function| jQuery function| $ function| ga object| dataLayer object| _vwo_code number| settings_timer number| _vwo_settings_timer object| _kmq string| _kmk function| _kms object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject object| _vis_opt_queue number| _vis_counter object| uetq function| fbq function| _fbq object| dotq string| _linkedin_partner_id object| _linkedin_data_partner_ids object| gaplugins object| gaGlobal object| gaData function| lintrk boolean| _already_called_lintrk string| KM_KEY number| KM_INCLUDE_HOSTNAME number| KM_SKIP_PAGE_VIEW number| KM_HANDLE_PRERENDER object| KM function| KMQ undefined| KMCTT_SOURCE string| KMCTT_ORIGIN function| _kmil string| KM_COOKIE_DOMAIN function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| UET undefined| b number| _vwo_j_e string| _vwo_mt string| _vwo_tm object| VWO object| vwo_iehack_queue object| YAHOO

12 Cookies

Domain/Path Name / Value
.m8qg.com/ Name: _uetvid
Value: cb08921c5255e8a889130a356f45f442
.m8qg.com/ Name: _uetsid
Value: 611a2e196847997f451cb08220a46e45
.m8qg.com/ Name: km_vs
Value: 1
.m8qg.com/ Name: _vwo_uuid_v2
Value: D71259546ACEC69E3F9C68F071C519304|b8ba415c592f5a054de55ca146ca597a
.m8qg.com/ Name: km_lv
Value: 1597795217
.m8qg.com/ Name: _fbp
Value: fb.1.1597795216738.586837866
.m8qg.com/ Name: km_ai
Value: Pa%2B%2FdOuYyYPNV6%2Fp9NuNU7i6eoM%3D
.m8qg.com/ Name: kvcd
Value: 1597795216699
.m8qg.com/ Name: _gcl_au
Value: 1.1.306504026.1597795217
.m8qg.com/ Name: _gid
Value: GA1.2.860946319.1597795217
.m8qg.com/ Name: _ga
Value: GA1.2.1837296474.1597795217
.m8qg.com/ Name: _gat
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.aweber-static.com
bat.bing.com
connect.facebook.net
dev.visualwebsiteoptimizer.com
googleads.g.doubleclick.net
i.kissmetrics.com
m8qg.com
px.ads.linkedin.com
s.yimg.com
scripts.kissmetrics.com
snap.licdn.com
sp.analytics.yahoo.com
stats.g.doubleclick.net
trk.kissmetrics.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
13.226.146.194
151.101.14.49
156.254.71.198
184.72.216.220
212.82.100.181
216.58.205.226
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:f03d:1fa::2000
2a00:1450:4001:809::2002
2a00:1450:4001:815::200e
2a00:1450:4001:816::200e
2a00:1450:4001:81a::2003
2a00:1450:4001:81d::2004
2a00:1450:4001:821::2008
2a00:1450:400c:c0c::9a
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
34.238.181.251
34.96.102.137
02c30673fb658a2fe42b89fcfa01f3985ea59a10778f89bdf96c426d93c72540
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
20c7d2c34819d408829c44e9f6c9e5ac2e74dcb1ff61ae1c620034a41d2a0f62
2bc18c5e40b439c202bfa5d0a973c2a8c30ccdb6a83c85c5d0b55cd2abcad8b9
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
43c6c415e0250d62b72f26e96e93d7627dd05295cea6dca4f0429e43a91b3aa4
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4bbb02166c3396d0f40fa8ebe151e046e70e00d2d842fe40d4f215a81f0772b3
4d4e4bf73adea4c9618bd375cbdd5bb1806a9a97bc7834aec68d21bb9c1e7442
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
76de8edcd58984417a6b196caceed270b83d209da7cefa1e58a90d69c8c5d8b6
78a86f6117cd58b0cb60df5ecd5b923eaf54b219b1f7d3600a32fb2ed5e28087
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88ac03bb60640d37911839e3408fafc1fa5fa9f9c9dbd3de528066ec1b6597aa
88cf2c9a4c4bcef2aa64fb6ea0f337f78e9a7dc61d87993441369fa5cb429d32
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
a5b1e114bf054a8b54d7af52fdd1a1f8d778d77ba39fb8ff5542ab8d92cdd41f
b3439248a0ddc569498787cc4d6c8a4c5918988f44fcfa1bd698e0d117968c9e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d792ed2286a3f10ce01ed2c144ef1db80a8273d049b111589539c435ce908f9c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e92ff4ce1146308df78f46cf8c5f1fca84b22acc8422ca77b3120e6733aed692
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fd7487a1f5f98c2c2de75e8a914fea8f16504ea5b23bbde1723138e6cb7e43a9