urlscan.io logo urlscan.io
SecurityTrails logo

results.ci.security Open in urlscan Pro
207.38.86.153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cybersecurity.ci.security/e/414142/g-nur-202004-utm-content-genit/r4bsj6/1125892772?h=N2LA0GJekBmVXU0vJQThzDqXMpzrU84OSMWg...
Effective URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Submission: On September 14 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 33 IPs in 7 countries across 33 domains to perform 56 HTTP transactions. The main IP is 207.38.86.153, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is results.ci.security.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 31st 2020. Valid for: 3 months.
This is the only time results.ci.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 52.21.178.134 14618 (AMAZON-AES)
9 207.38.86.153 30083 (AS-30083-...)
1 2a00:1450:400... 15169 (GOOGLE)
2 3.23.241.62 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 143.204.215.105 16509 (AMAZON-02)
1 2 23.111.9.38 33438 (HIGHWINDS2)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
2 143.204.215.78 16509 (AMAZON-02)
2 2 52.215.1.63 16509 (AMAZON-02)
1 2 143.204.215.97 16509 (AMAZON-02)
1 6 23.210.248.216 16625 (AKAMAI-AS)
15 18 63.32.63.32 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2 52.59.102.119 16509 (AMAZON-02)
1 2 18.156.0.31 16509 (AMAZON-02)
1 2 23.210.249.164 16625 (AKAMAI-AS)
1 69.173.144.138 26667 (RUBICONPR...)
1 2 64.202.112.191 23352 (SERVERCEN...)
1 185.64.190.80 62713 (AS-PUBMATIC)
1 1 2a00:1288:f03... 10310 (YAHOO-1)
1 141.226.228.48 200478 (TABOOLA-AS)
1 2 18.197.58.103 16509 (AMAZON-02)
1 2 52.58.74.100 16509 (AMAZON-02)
1 2 37.252.172.37 29990 (ASN-APPNEX)
1 35.244.174.68 15169 (GOOGLE)
1 2 34.98.64.218 15169 (GOOGLE)
1 1 172.217.21.194 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f11... 32934 (FACEBOOK)
56 33
4    52.21.178.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-2-ue1.aws.pardot.com
cybersecurity.ci.security
pi.pardot.com
9    207.38.86.153 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: web594.webfaction.com
results.ci.security
1    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    3.23.241.62 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-23-241-62.us-east-2.compute.amazonaws.com
cms.thekraken.xyz
3    2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
2    2a02:26f0:10c:5b5::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
1    143.204.215.105 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-105.fra53.r.cloudfront.net
tag.demandbase.com
2    23.111.9.38 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
cdn.mouseflow.com
1    2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s.ytimg.com
2    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
2    143.204.215.78 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-78.fra53.r.cloudfront.net
api.company-target.com
2    52.215.1.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-1-63.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
2    143.204.215.97 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-97.fra53.r.cloudfront.net
segments.company-target.com
6    23.210.248.216 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com
s.adroll.com
18    63.32.63.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
d.adroll.mgr.consensu.org
d.adroll.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    52.59.102.119 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-102-119.eu-central-1.compute.amazonaws.com
pixel.advertising.com
2    18.156.0.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
1    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    64.202.112.191 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
ads.yahoo.com
1    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
2    18.197.58.103 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-58-103.eu-central-1.compute.amazonaws.com
eb2.3lift.com
2    52.58.74.100 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-74-100.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    37.252.172.37 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    34.98.64.218 (United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
1    172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f2.1e100.net
cm.g.doubleclick.net
1    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cm.g.doubleclick.net
1    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
23 adroll.com
s.adroll.com
d.adroll.com
29 KB
11 ci.security
cybersecurity.ci.security
results.ci.security
285 KB
4 company-target.com
api.company-target.com
segments.company-target.com
3 KB
3 yahoo.com
ups.analytics.yahoo.com
ads.yahoo.com
1 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
2 KB
3 doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
493 B
3 google-analytics.com
www.google-analytics.com
18 KB
3 google.com
www.google.com
1 KB
2 openx.net
us-u.openx.net
340 B
2 adnxs.com
ib.adnxs.com
2 KB
2 bidswitch.net
x.bidswitch.net
1004 B
2 3lift.com
eb2.3lift.com
735 B
2 outbrain.com
sync.outbrain.com
832 B
2 casalemedia.com
dsum-sec.casalemedia.com
2 KB
2 advertising.com
pixel.advertising.com
817 B
2 facebook.net
connect.facebook.net
166 KB
2 pardot.com
pi.pardot.com
4 KB
2 bidr.io
match.prod.bidr.io
1019 B
2 mouseflow.com
cdn.mouseflow.com
835 B
2 licdn.com
snap.licdn.com
3 KB
2 thekraken.xyz
cms.thekraken.xyz
161 KB
1 facebook.com
www.facebook.com
146 B
1 rlcdn.com
idsync.rlcdn.com
42 B
1 taboola.com
sync.taboola.com
217 B
1 pubmatic.com
simage2.pubmatic.com
1010 B
1 rubiconproject.com
pixel.rubiconproject.com
798 B
1 consensu.org
d.adroll.mgr.consensu.org
137 B
1 ytimg.com
s.ytimg.com
34 KB
1 demandbase.com
tag.demandbase.com
16 KB
1 youtube.com
www.youtube.com
1 KB
1 gstatic.com
www.gstatic.com
132 KB
1 google.de
www.google.de
106 B
1 googletagmanager.com
www.googletagmanager.com
35 KB
56 33
Domain Requested by
17 d.adroll.com 14 redirects
9 results.ci.security results.ci.security
6 s.adroll.com 1 redirects results.ci.security
s.adroll.com
d.adroll.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
results.ci.security
3 www.google.com results.ci.security
www.gstatic.com
2 cm.g.doubleclick.net 2 redirects
2 us-u.openx.net 1 redirects
2 ib.adnxs.com 1 redirects
2 x.bidswitch.net 1 redirects
2 eb2.3lift.com 1 redirects
2 sync.outbrain.com 1 redirects
2 dsum-sec.casalemedia.com 1 redirects
2 ups.analytics.yahoo.com 1 redirects
2 pixel.advertising.com 2 redirects
2 connect.facebook.net d.adroll.com
connect.facebook.net
2 pi.pardot.com results.ci.security
pi.pardot.com
2 segments.company-target.com 1 redirects results.ci.security
2 match.prod.bidr.io 2 redirects
2 api.company-target.com tag.demandbase.com
2 px.ads.linkedin.com 1 redirects results.ci.security
2 cdn.mouseflow.com 1 redirects results.ci.security
2 snap.licdn.com results.ci.security
snap.licdn.com
2 cms.thekraken.xyz results.ci.security
2 cybersecurity.ci.security 1 redirects pi.pardot.com
1 www.facebook.com
1 idsync.rlcdn.com
1 sync.taboola.com
1 ads.yahoo.com 1 redirects
1 simage2.pubmatic.com
1 pixel.rubiconproject.com
1 d.adroll.mgr.consensu.org 1 redirects
1 www.linkedin.com 1 redirects
1 s.ytimg.com www.youtube.com
1 tag.demandbase.com results.ci.security
1 www.youtube.com results.ci.security
1 www.gstatic.com www.google.com
1 www.google.de results.ci.security
1 stats.g.doubleclick.net www.google-analytics.com
1 www.googletagmanager.com results.ci.security
56 39

This site contains no links.

Subject Issuer Validity Valid
results.ci.security
Let's Encrypt Authority X3		 2020-07-31 -
2020-10-29		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.thekraken.xyz
Amazon		 2020-01-23 -
2021-02-23		 a year crt.sh
www.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
*.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2018-09-20 -
2020-11-19		 2 years crt.sh
*.mouseflow.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-12 -
2022-09-14		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-02-05		 6 months crt.sh
*.company-target.com
Go Daddy Secure Certificate Authority - G2		 2019-06-19 -
2021-08-18		 2 years crt.sh
pi.pardot.com
DigiCert SHA2 Secure Server CA		 2019-12-26 -
2020-12-26		 a year crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA		 2020-01-29 -
2021-04-29		 a year crt.sh
adroll.mgr.consensu.org
Amazon		 2019-11-06 -
2020-12-06		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-05-27 -
2020-11-23		 6 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2020-03-02 -
2021-04-01		 a year crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
*.outbrain.com
Thawte RSA CA 2018		 2019-10-29 -
2021-11-23		 2 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA		 2019-02-22 -
2021-02-21		 2 years crt.sh
*.taboola.com
DigiCert SHA2 Secure Server CA		 2020-08-11 -
2021-12-31		 a year crt.sh
*.3lift.com
Amazon		 2020-07-04 -
2021-08-05		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-14 -
2021-04-23		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2020-06-18 -
2021-08-17		 a year crt.sh
cybersecurity.ci.security
Let's Encrypt Authority X3		 2020-08-29 -
2020-11-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Frame ID: 0270283ED60C8216395C5ECBADF3FEE5
Requests: 55 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L&co=aHR0cHM6Ly9yZXN1bHRzLmNpLnNlY3VyaXR5OjQ0Mw..&hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&size=invisible&cb=ltuncfr7673p
Frame ID: A6E6C95035735A74D0390FB6746E193A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cybersecurity.ci.security/e/414142/g-nur-202004-utm-content-genit/r4bsj6/1125892772?h=N2LA0GJekBmVXU0v... HTTP 301
    https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_20... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /cdn\.mouseflow\.com/i

Page Statistics

56
Requests

100 %
HTTPS

41 %
IPv6

33
Domains

39
Subdomains

33
IPs

7
Countries

884 kB
Transfer

1786 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cybersecurity.ci.security/e/414142/g-nur-202004-utm-content-genit/r4bsj6/1125892772?h=N2LA0GJekBmVXU0vJQThzDqXMpzrU84OSMWgLELqaH0 HTTP 301
    https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://cdn.mouseflow.com/projects/8efd0a2e-9dc6-43c6-9380-76589b4cb2ad.js HTTP 301
  • https://cdn.mouseflow.com/projects/8efd0a2e-9dc6-43c6-9380-76589b4cb2ad_eu.js
Request Chain 24
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1600097648652 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fresults.ci.security%252Flog%252Fagency-phishing%253Futm_source%253Dpardot%2526utm_medium%253Demail%2526utm_campaign%253Dg_nur_202004%2526utm_content%253Dgenit%26time%3D1600097648652%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1600097648652&liSync=true
Request Chain 27
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAKR306-vxsAABAL8YxCsg HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAKR306-vxsAABAL8YxCsg&verifyHash=b1b9483fb85a5d01cd39087996453755e356ec5c
Request Chain 31
  • https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 33
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=648641fd30f40ec443127a95e06acf0d&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=648641fd30f40ec443127a95e06acf0d&_b=2
Request Chain 34
  • https://d.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&pv=9159526160.200127&cookie=&adroll_s_ref=&keyw= HTTP 302
  • https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
Request Chain 37
  • https://d.adroll.com/cm/aol/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPbbdce3ff-f69f-11ea-891b-06fd687380e6 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPbbdce3ff-f69f-11ea-891b-06fd687380e6&verify=true
Request Chain 38
  • https://d.adroll.com/cm/index/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expiration=1631633649 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expiration=1631633649&C=1
Request Chain 39
  • https://d.adroll.com/cm/n/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expires=365
Request Chain 40
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&rdrctExp=true
Request Chain 41
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Request Chain 42
  • https://d.adroll.com/cm/r/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 43
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Request Chain 44
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://eb2.3lift.com/xuid?mid=4714&xuid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&dongle=c85e HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Request Chain 45
  • https://d.adroll.com/cm/b/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Request Chain 46
  • https://d.adroll.com/cm/x/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://ib.adnxs.com/setuid?entity=172&code=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Request Chain 47
  • https://d.adroll.com/cm/l/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://idsync.rlcdn.com/377928.gif?partner_uid=1544e497a906f35d700e3e8d56ce8668
Request Chain 48
  • https://d.adroll.com/cm/o/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=1544e497a906f35d700e3e8d56ce8668 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=1544e497a906f35d700e3e8d56ce8668
Request Chain 49
  • https://d.adroll.com/cm/g/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN&google_nid=adroll5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=FUTkl6kG811wDj6NVs6GaA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=FUTkl6kG811wDj6NVs6GaA&google_tc= HTTP 302
  • https://d.adroll.com/cm/g/in

56 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request agency-phishing
results.ci.security/log/
Redirect Chain
  • https://cybersecurity.ci.security/e/414142/g-nur-202004-utm-content-genit/r4bsj6/1125892772?h=N2LA0GJekBmVXU0vJQThzDqXMpzrU84OSMWgLELqaH0
  • https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
5ae6ad43429921df6524ef615e3810608692e9825b8eb4f8561d3f3888241698

Request headers

Host
results.ci.security
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Mon, 14 Sep 2020 15:34:07 GMT
Content-Type
text/html; charset=utf-8
Content-Length
19337
Connection
keep-alive

Redirect headers

Date
Mon, 14 Sep 2020 15:34:06 GMT
Set-Cookie
pardot=k8hp806stf7808du5ojslu25a8; path=/ visitor_id414142=859958228; expires=Thu, 08-Apr-2021 15:34:07 GMT; Max-Age=17798400; path=/; SameSite=None; secure visitor_id414142-hash=3b2368a56669b47e8634541e7a4fa0d7cabcde00f6f6fdbd0365fd828c7cc6a3499bfff2b097ae2060c27c83010c6e52f18f80d8; expires=Thu, 08-Apr-2021 15:34:07 GMT; Max-Age=17798400; path=/; SameSite=None; secure
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Location
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
171
Content-Type
text/html; charset=UTF-8
X-Pardot-Route
32427ff3465437d362f61c790f7d2406
Server
PardotServer
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Connection
keep-alive
js
www.googletagmanager.com/gtag/ 		88 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-72734021-3
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3002e0f4047351bb87cd9c80ce4b284e8a6147593144c8bf357d7ab73c6c068a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35656
x-xss-protection
0
last-modified
Mon, 14 Sep 2020 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 14 Sep 2020 15:34:08 GMT
kraken.min.css
results.ci.security/static/ 		92 KB
92 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/static/kraken.min.css?v4.1
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
f6205c3211139244ebbf1a4bfd6e34794e011a968a4c43044edf3c1b1d026aad

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Wed, 19 Feb 2020 22:17:53 GMT
Server
nginx
ETag
"1582150673.694962-94360-3162839808"
Content-Type
text/css; charset=utf-8
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
94360
Expires
Tue, 15 Sep 2020 03:34:08 GMT
CISecurityLogoReversed.svg
results.ci.security/static/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://results.ci.security/static/img/CISecurityLogoReversed.svg
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
e406990fbc4b2b959d7ae7bdeebe2b0e64226cf99451ca89fd9710d01df5ff4b

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Thu, 24 Jan 2019 23:41:40 GMT
Server
nginx
ETag
"1548373300.5364592-3034-2641043770"
Content-Type
image/svg+xml
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3034
Expires
Tue, 15 Sep 2020 03:34:08 GMT
188.jpg
cms.thekraken.xyz/storage/uploads/thumbs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.thekraken.xyz/storage/uploads/thumbs/188.jpg
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.23.241.62 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-23-241-62.us-east-2.compute.amazonaws.com
Software
Apache /
Resource Hash
5f9d6814ed3e2cdefade5d3de75782947d9643fcd8a0738d5b3a1dcf1a56c9de
Security Headers
Name Value
Strict-Transport-Security strict-transport-security: max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.youtube.com/
X-Xss-Protection 1; mode=block

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
referrer-policy
strict-origin
last-modified
Thu, 21 Jun 2018 22:22:46 GMT
server
Apache
etag
"1ac5-56f2e5ad337a7"
x-frame-options
ALLOW-FROM https://www.youtube.com/
content-type
image/jpeg
status
200
x-xss-protection
1; mode=block
cache-control
max-age=1209600, public, public
strict-transport-security
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
6853
x-content-type-options
nosniff
api.js
www.google.com/recaptcha/ 		770 B
583 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
4f8675269352f57527ee5d1026ce95f85fd0a921bd9a25bd36e0241094502138
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
495
x-xss-protection
1; mode=block
expires
Mon, 14 Sep 2020 15:34:08 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72734021-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Aug 2020 20:46:40 GMT
server
Golfe2
age
1108
date
Mon, 14 Sep 2020 15:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18323
expires
Mon, 14 Sep 2020 17:15:40 GMT
phishing_background.jpg
cms.thekraken.xyz/storage/uploads/ 		153 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.thekraken.xyz/storage/uploads/phishing_background.jpg
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.23.241.62 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-23-241-62.us-east-2.compute.amazonaws.com
Software
Apache /
Resource Hash
24f606eed1215d8878cd6bf97e1cfbd514ad7758237968495d153a317bfc0687
Security Headers
Name Value
Strict-Transport-Security strict-transport-security: max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.youtube.com/
X-Xss-Protection 1; mode=block

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
referrer-policy
strict-origin
last-modified
Fri, 22 Feb 2019 16:01:50 GMT
server
Apache
etag
"26405-5827db570ea13"
x-frame-options
ALLOW-FROM https://www.youtube.com/
content-type
image/jpeg
status
200
x-xss-protection
1; mode=block
cache-control
max-age=1209600, public, public
strict-transport-security
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
156677
x-content-type-options
nosniff
collect
www.google-analytics.com/j/ 		2 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j85&a=845536532&t=pageview&_s=1&dl=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&ul=en-us&de=UTF-8&dt=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=381879513&gjid=932787494&cid=2121753784.1600097648&tid=UA-72734021-3&_gid=1182356971.1600097648&_r=1&gtm=2ou920&z=545737623
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://results.ci.security
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j85&tid=UA-72734021-3&cid=2121753784.1600097648&jid=381879513&gjid=932787494&_gid=1182356971.1600097648&_u=IEBAAUAAAAAAAC~&z=696198672
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 14 Sep 2020 15:34:08 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://results.ci.security
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-72734021-3&cid=2121753784.1600097648&jid=381879513&_u=IEBAAUAAAAAAAC~&z=1301025446
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-72734021-3&cid=2121753784.1600097648&jid=381879513&_u=IEBAAUAAAAAAAC~&z=1301025446
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/ 		336 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
854f7a7915f240546d3950dd2b067466da13c013d04a3f8c790880c58ec61151
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 14:05:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5345
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134800
x-xss-protection
0
last-modified
Mon, 07 Sep 2020 04:06:55 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 14 Sep 2021 14:05:03 GMT
iframe_api
www.youtube.com/ 		859 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
7303fd4521b231bad4280672d36b7a4486a47a3bc0248da7df8c28989e462400
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status
200
cache-control
no-cache
content-type
application/javascript
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Tue, 27 Apr 1971 19:44:06 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		964 B
759 B 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:5b5::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 20:41:55 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=12445
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
446
97379541.min.js
tag.demandbase.com/ 		58 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/97379541.min.js
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
edc149977c51b1a68ca9871cc433ed1cec625ceac21c5dc06a768c8c82e859db

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:30:27 GMT
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 14:19:56 GMT
server
AmazonS3
age
222
etag
W/"654ea94ad6ea9295a89201fac6a4af67"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
urzAWu_nIscW3PG7Dt4FSZ8biwopbeVe
status
200
cache-control
public, max-age=3600
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
uCjNncyFDYkZNe8ofmG9l2Y2wDdHNoz7iZ5_OKcIsuGVn4dzeZGl4Q==
via
1.1 f2db75b601dc30df73b1beb29596a375.cloudfront.net (CloudFront)
8efd0a2e-9dc6-43c6-9380-76589b4cb2ad_eu.js
cdn.mouseflow.com/projects/
Redirect Chain
  • https://cdn.mouseflow.com/projects/8efd0a2e-9dc6-43c6-9380-76589b4cb2ad.js
  • https://cdn.mouseflow.com/projects/8efd0a2e-9dc6-43c6-9380-76589b4cb2ad_eu.js
802 B
683 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.mouseflow.com/projects/8efd0a2e-9dc6-43c6-9380-76589b4cb2ad_eu.js
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.38 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
03abf24869fdb7dabfa3c74dfa142840d34ee0ff0c7fd5412e4a62f1f6643a72

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 18:30:37 GMT
server
NetDNA-cache/2.2
etag
W/"503b9512082d61:0"
status
200
x-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400

Redirect headers

status
301
date
Mon, 14 Sep 2020 15:34:08 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
content-length
178
location
https://cdn.mouseflow.com/projects/8efd0a2e-9dc6-43c6-9380-76589b4cb2ad_eu.js
content-type
text/html
RobotoSlab-Regular-webfont.woff
results.ci.security/static/fonts/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/static/fonts/RobotoSlab-Regular-webfont.woff
Requested by
Host: results.ci.security
URL: https://results.ci.security/static/kraken.min.css?v4.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

Request headers

Origin
https://results.ci.security
Referer
https://results.ci.security/static/kraken.min.css?v4.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Mon, 16 Mar 2020 21:09:33 GMT
Server
nginx
ETag
"1584392973.4641879-23872-2494112748"
Content-Type
application/font-woff
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23872
Expires
Tue, 15 Sep 2020 03:34:08 GMT
Roboto-Light-webfont.woff
results.ci.security/static/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/static/fonts/Roboto-Light-webfont.woff
Requested by
Host: results.ci.security
URL: https://results.ci.security/static/kraken.min.css?v4.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6

Request headers

Origin
https://results.ci.security
Referer
https://results.ci.security/static/kraken.min.css?v4.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Mon, 16 Mar 2020 21:09:33 GMT
Server
nginx
ETag
"1584392973.463188-20904-3255312784"
Content-Type
application/font-woff
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20904
Expires
Tue, 15 Sep 2020 03:34:08 GMT
soc@0,75x.jpg
results.ci.security/static/img/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://results.ci.security/static/img/soc@0,75x.jpg
Requested by
Host: results.ci.security
URL: https://results.ci.security/static/kraken.min.css?v4.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
4763add2b1bf912ec1e9bf5f9103dc6430b321fa9cdb7d54be6846699624b265

Request headers

Referer
https://results.ci.security/static/kraken.min.css?v4.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Thu, 24 Jan 2019 23:41:40 GMT
Server
nginx
ETag
"1548373300.542459-70179-136256315"
Content-Type
image/jpeg
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
70179
Expires
Tue, 15 Sep 2020 03:34:08 GMT
Roboto-Bold-webfont.woff
results.ci.security/static/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/static/fonts/Roboto-Bold-webfont.woff
Requested by
Host: results.ci.security
URL: https://results.ci.security/static/kraken.min.css?v4.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307

Request headers

Origin
https://results.ci.security
Referer
https://results.ci.security/static/kraken.min.css?v4.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Mon, 16 Mar 2020 21:09:33 GMT
Server
nginx
ETag
"1584392973.463188-21320-2673811737"
Content-Type
application/font-woff
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21320
Expires
Tue, 15 Sep 2020 03:34:08 GMT
Roboto-Regular-webfont.woff
results.ci.security/static/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/static/fonts/Roboto-Regular-webfont.woff
Requested by
Host: results.ci.security
URL: https://results.ci.security/static/kraken.min.css?v4.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895

Request headers

Origin
https://results.ci.security
Referer
https://results.ci.security/static/kraken.min.css?v4.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Mon, 16 Mar 2020 21:09:33 GMT
Server
nginx
ETag
"1584392973.463188-20924-128393834"
Content-Type
application/font-woff
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20924
Expires
Tue, 15 Sep 2020 03:34:08 GMT
BlackTie-Light-webfont.woff2
results.ci.security/static/fonts/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://results.ci.security/static/fonts/BlackTie-Light-webfont.woff2?v=1.0.0
Requested by
Host: results.ci.security
URL: https://results.ci.security/static/kraken.min.css?v4.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS
web594.webfaction.com
Software
nginx /
Resource Hash
ef5a9bcf285628ae58ecf928a18fee3e352df13d7a941e15d4b7e67004a5894c

Request headers

Origin
https://results.ci.security
Referer
https://results.ci.security/static/kraken.min.css?v4.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Last-Modified
Mon, 16 Mar 2020 21:09:33 GMT
Server
nginx
ETag
"1584392973.454188-13260-593371724"
Content-Type
application/octet-stream
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13260
Expires
Tue, 15 Sep 2020 03:34:08 GMT
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:5b5::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 20:29:41 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=11697
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflOyhzcj/ 		93 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflOyhzcj/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f03e882b29d452040b26578e5612d8708fe2940d5009d6ba60988413275562de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 23:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56135
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33990
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 18:21:18 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Mon, 21 Sep 2020 23:58:33 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26ut...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fresults.ci.security%252Flog%252Fagency-phishin...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26ut...
0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1600097648652&liSync=true
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
0
x-li-uuid
t2ELgVWwNBaQuKX4eisAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
T37HfFWwNBZgT58LNysAAA==
pragma
no-cache
x-li-pop
afd-prod-lva1
x-msedge-ref
Ref A: 5EDF9A245F964FE8BF1AD3EFC6B8A829 Ref B: FRAEDGE1416 Ref C: 2020-09-14T15:34:08Z
x-frame-options
sameorigin
date
Mon, 14 Sep 2020 15:34:08 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1600097648652&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
anchor
www.google.com/recaptcha/api2/ Frame A6E6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L&co=aHR0cHM6Ly9yZXN1bHRzLmNpLnNlY3VyaXR5OjQ0Mw..&hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&size=invisible&cb=ltuncfr7673p
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-1Ud5Tcx2vD6VVcAzTIbJsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L&co=aHR0cHM6Ly9yZXN1bHRzLmNpLnNlY3VyaXR5OjQ0Mw..&hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&size=invisible&cb=ltuncfr7673p
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 14 Sep 2020 15:34:08 GMT
content-security-policy
script-src 'report-sample' 'nonce-1Ud5Tcx2vD6VVcAzTIbJsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9873
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ip.json
api.company-target.com/api/v2/ 		429 B
938 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&page_title=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&mas_integrations=eyJwYXJkb3QiOnt9fQ%3D%3D&src=tag&key=ef6f04d2df1cbefc03f9dae82644e767
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/97379541.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.78 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-78.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:08 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
request-id
33f02401-544e-46b7-9e0e-28247ac6622e
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://results.ci.security
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 7d89b6cf83f15400102bd86c47585040.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wY8PHLeshLm9EAjbx3xOx-AaK0oq8EmNTgioIsax5RnH7thfs3nH_w==
expires
Sun, 13 Sep 2020 15:34:08 GMT
validateCookie
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAKR306-vxsAABAL8YxCsg
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAKR306-vxsAABAL8YxCsg&verifyHash=b1b9483fb85a5d01cd39087996453755e356ec5c
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAKR306-vxsAABAL8YxCsg&verifyHash=b1b9483fb85a5d01cd39087996453755e356ec5c
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.97 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-97.fra53.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:09 GMT
Via
1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
2e28f401e9a0808a
X-Amz-Cf-Id
QoE2DCTJhesaFOShodODMHUSj9DLC3JDrd38t4lpw_pbd_H1p8V5Jg==

Redirect headers

Date
Mon, 14 Sep 2020 15:34:09 GMT
Via
1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAKR306-vxsAABAL8YxCsg&verifyHash=b1b9483fb85a5d01cd39087996453755e356ec5c
Connection
keep-alive
trace-id
adb766b0e72235ba
Content-Length
0
X-Amz-Cf-Id
51yMBMJuDRIGzOtA6bCZh2ON-tSDbCwSmUK08aepG-t_uP3TkQS-xw==
collect
www.google-analytics.com/ 		35 B
57 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j85&a=845536532&t=event&ni=1&_s=2&dl=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&ul=en-us&de=UTF-8&dt=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAUABAAAAAC~&jid=&gjid=&cid=2121753784.1600097648&tid=UA-72734021-3&_gid=1182356971.1600097648&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Zurich&cd11=ZH&cd12=Switzerland&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=742010684
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 12:05:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
12503
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pd.js
pi.pardot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:10 GMT
Content-Encoding
gzip
X-Pardot-Route
ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified
Fri, 13 Mar 2020 17:27:19 GMT
Server
PardotServer
ETag
"1442-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=63072000
Accept-Ranges
bytes
Content-Length
1842
Expires
Wed, 14 Sep 2022 15:34:10 GMT
roundtrip.js
s.adroll.com/j/ 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: results.ci.security
URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
b151c43349b3aca0bd8701e90e7b18a2e4cb39d057e4cc869c86af9e48d92a69

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
WXjn0J4rMIJvyhtdmTWR32LQRfF25XbN
Content-Encoding
gzip
ETag
"4a1b094811c51a6baf5ca2dc7f750960"
x-amz-request-id
9FECB7DDCE93DE8D
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
12210
x-amz-id-2
zmm4E72jc8yr4m36aSkMdgXZHurNU+p7y/gpEjMfNERy5jIV3yR8SajuMpm9wrLEqiagDPSON4c=
Last-Modified
Thu, 10 Sep 2020 21:05:32 GMT
Server
AmazonS3
Date
Mon, 14 Sep 2020 15:34:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
0A9DFB41B15EF3A2
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified
Fri, 31 Jul 2020 16:11:15 GMT
Server
AmazonS3
Date
Mon, 14 Sep 2020 15:34:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Mon, 14 Sep 2020 15:34:09 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/ 		0
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
WXB9WtMHb2HDmg.kDtgTR0vnbDqg9MUZ
Content-Encoding
gzip
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id
EZ5T7S2Z1V0KEY6T
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
x-amz-id-2
GGcSpUO6DpOOEOqLPzeKDexjZdgsajGZUBejpL98/ARcJzuOQv6l9vTgLVT6jKSEEkWtc49evmw=
Last-Modified
Mon, 14 Sep 2020 01:48:37 GMT
Server
AmazonS3
Date
Mon, 14 Sep 2020 15:34:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=648641fd30f40ec443127a95e06acf0d&_b=2
  • https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=648641fd30f40ec443127a95e06acf0d&_b=2
395 B
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=648641fd30f40ec443127a95e06acf0d&_b=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
4667a761f2ad8ca4823f043cad1016fe125a2374484b05e8decc35438a4a6c01

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:09 GMT
server
nginx/1.16.1
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
application/javascript
content-length
395

Redirect headers

status
302
date
Mon, 14 Sep 2020 15:34:09 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=648641fd30f40ec443127a95e06acf0d&_b=2
536ODFE4MFHZHICGAUOOMU.js
s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/
Redirect Chain
  • https://d.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3...
  • https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
29d69e5b5754cf89215e86286a079b84ea38e17db0643d3bafad40a957e4d632

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
gdjkKTu.MMk2u73PuKNeeYj5RCsW.tvf
Content-Encoding
gzip
ETag
"ec7803648982d68f3bb10d7f757dc9b5"
x-amz-request-id
1C95873E52B68413
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
1827
x-amz-id-2
+gSAMlp8KEYmMN8mpT4lEjiT1x1L4KTsgPFo/EruECKL3Fa/1As7ZYlWocvFGLBZiV1WqJ0CUsI=
Last-Modified
Wed, 29 Jul 2020 14:36:49 GMT
Server
AmazonS3
Date
Mon, 14 Sep 2020 15:34:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

date
Mon, 14 Sep 2020 15:34:09 GMT
x-segment-display-name
Visitors to Unsegmented Pages
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
302
content-length
0
pragma
no-cache
x-conversion-value
0.00
server
nginx/1.16.1
x-rule
*
x-segment-eid
536ODFE4MFHZHICGAUOOMU
location
https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
cache-control
no-store, no-cache, must-revalidate
x-pixel-eid
TSOEJUVR2RDQTK7UULEUDW
x-segment-name
*
x-advertisable-eid
PVQ657GQDFFXLFGCNQJYZN
x-conversion-currency
fbevents.js
connect.facebook.net/en_US/ 		135 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: d.adroll.com
URL: https://d.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&pv=9159526160.200127&cookie=&adroll_s_ref=&keyw=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34302
x-xss-protection
0
pragma
public
x-fb-debug
TsqH5XvV2gmim+fwa8WanmDeTGkn7iKn/eRzRL1lLL1Y7WLSDVW7JL276Crmbh8WGfQGcvPMgufZ94LeYyJDHQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Mon, 14 Sep 2020 15:34:09 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
sendrolling.js
s.adroll.com/j/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/sendrolling.js
Requested by
Host: d.adroll.com
URL: https://d.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&xid_ch=f&pv=9159526160.200127&cookie=&adroll_s_ref=&keyw=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding
gzip
ETag
"15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id
E2F067B4E9F95C64
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2039
x-amz-id-2
zahNXUrZcHvPMHZ5OZzeA/pmU+ThIaY+/c27IjCJ/f8DH693VdK16PYXiwNkUgRleJPaNozozcA=
Last-Modified
Mon, 03 Feb 2020 20:32:06 GMT
Server
AmazonS3
Date
Mon, 14 Sep 2020 15:34:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain
  • https://d.adroll.com/cm/aol/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail...
  • https://pixel.advertising.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://pixel.advertising.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPbbdce3ff-f69f-11ea-891b-06...
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPbbdce3ff-f69f-11ea-891b-06...
0
506 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPbbdce3ff-f69f-11ea-891b-06fd687380e6&verify=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.113 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:10 GMT
Server
ATS/7.1.2.113
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date
Mon, 14 Sep 2020 15:34:10 GMT
Server
ATS/7.1.2.113
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://ups.analytics.yahoo.com/ups/55980/sync?uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPbbdce3ff-f69f-11ea-891b-06fd687380e6&verify=true
Connection
keep-alive
Content-Length
0
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://d.adroll.com/cm/index/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Dema...
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expiration=1631633649
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expiration=1631633649&C=1
43 B
1003 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expiration=1631633649&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-249-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 14 Sep 2020 15:34:10 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expiration=1631633649&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Mon, 14 Sep 2020 15:34:10 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://d.adroll.com/cm/n/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expires=365
42 B
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expires=365
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:09 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&expires=365
cache-control
no-store, no-cache, must-revalidate
content-length
124
cookie-sync
sync.outbrain.com/
Redirect Chain
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3D...
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&rdrctExp=true
0
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&rdrctExp=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 14 Sep 2020 15:34:10 GMT
Cache-Control
no-cache
X-TraceId
2487dc122b988cadf2e8d58ffbced6d9
Content-Length
0

Redirect headers

Location
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&rdrctExp=true
Date
Mon, 14 Sep 2020 15:34:10 GMT
X-TraceId
30f7c32f19e935abaceb766e6a8ad4b5
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/
Redirect Chain
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3D...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENA...
1 B
1010 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection
close
Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
X-lat
Pug23001:0:356
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control
no-store, no-cache, private
Content-Type
text/html; charset=utf-8
Content-Length
1

Redirect headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:09 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control
no-store, no-cache, must-revalidate
content-length
220
in
d.adroll.com/cm/r/
Redirect Chain
  • https://d.adroll.com/cm/r/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
42 B
500 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:10 GMT
server
nginx/1.16.1
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42

Redirect headers

date
Mon, 14 Sep 2020 15:34:10 GMT
referrer-policy
no-referrer-when-downgrade
server
ATS
age
0
status
302
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location
https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3De...
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
tbl-x-upstream
10.41.24.10:10213
date
Mon, 14 Sep 2020 15:34:10 GMT
server
nginx
x-fastly-to-nlb-rtt
26617

Redirect headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:10 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
cache-control
no-store, no-cache, must-revalidate
content-length
111
xuid
eb2.3lift.com/
Redirect Chain
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%...
  • https://eb2.3lift.com/xuid?mid=4714&xuid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&dongle=c85e
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
37 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.58.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-58-103.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Mon, 14 Sep 2020 15:34:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status
302
date
Mon, 14 Sep 2020 15:34:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
/xuid?ld=1&mid=4714&xuid=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
43 B
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.74.100 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-74-100.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Mon, 14 Sep 2020 15:34:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status
302
date
Mon, 14 Sep 2020 15:34:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
bounce
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://ib.adnxs.com/setuid?entity=172&code=MTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
X-Proxy-Origin
185.156.175.107; 185.156.175.107; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.16:80
AN-X-Request-Uuid
19654f2c-fa5a-4ca6-91e0-0e00cb2864ca
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
X-Proxy-Origin
185.156.175.107; 185.156.175.107; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.239:80
AN-X-Request-Uuid
72e27fea-e8a1-4a48-99f0-111e0480894d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMTU0NGU0OTdhOTA2ZjM1ZDcwMGUzZThkNTZjZTg2Njg
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
377928.gif
idsync.rlcdn.com/
Redirect Chain
  • https://d.adroll.com/cm/l/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://idsync.rlcdn.com/377928.gif?partner_uid=1544e497a906f35d700e3e8d56ce8668
0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/377928.gif?partner_uid=1544e497a906f35d700e3e8d56ce8668
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
451
date
Mon, 14 Sep 2020 15:34:10 GMT
via
1.1 google
alt-svc
clear
content-length
0

Redirect headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:10 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://idsync.rlcdn.com/377928.gif?partner_uid=1544e497a906f35d700e3e8d56ce8668
cache-control
no-store, no-cache, must-revalidate
content-length
86
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=1544e497a906f35d700e3e8d56ce8668
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=1544e497a906f35d700e3e8d56ce8668
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=1544e497a906f35d700e3e8d56ce8668
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.193.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:10 GMT
via
1.1 google
server
OXGW/16.193.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
status
200
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Mon, 14 Sep 2020 15:34:10 GMT
via
1.1 google
server
OXGW/16.193.0
status
302
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=1544e497a906f35d700e3e8d56ce8668
alt-svc
clear
content-length
0
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?adroll_fpc=38f0131e8dbd676aae6ab660b13bbf2b-1600097649777&arrfrr=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%2...
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=FUTkl6kG811wDj6NVs6GaA
  • https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=FUTkl6kG811wDj6NVs6GaA&google_tc=
  • https://d.adroll.com/cm/g/in
42 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/g/in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:10 GMT
server
nginx/1.16.1
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
x-result
g.-1.-1.-1

Redirect headers

pragma
no-cache
date
Mon, 14 Sep 2020 15:34:10 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
225
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
174543373979347
connect.facebook.net/signals/config/ 		524 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/174543373979347?v=2.9.24&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f7b7d768583e0c1a4e41d766a90f01fee26e526bc1d3b94fd068934c1d1f536a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
/0H9DXoM/Up/o2kfZ1D//bx+avHvaGrmaSC5N0ai78Xe27NZFBISgpHgVmZNlRlw+1bUQvVnCYKeq4eN6asW2g==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Mon, 14 Sep 2020 15:34:10 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=174543373979347&ev=PageView&dl=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&rl=&if=false&ts=1600097650096&cd[segment_eid]=536ODFE4MFHZHICGAUOOMU&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=29&fbp=fb.1.1600097650095.369625160&it=1600097649967&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:10 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 14 Sep 2020 15:34:10 GMT
analytics
pi.pardot.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&referrer=&utm_campaign=g_nur_202004&utm_medium=email&utm_source=pardot&utm_content=genit
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
560327ebf6078cf5b54021788312008d062ca5004299ac7348e0f653fbeb8c29

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
Content-Encoding
gzip
X-Pardot-Route
13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp
16/63/97
Vary
Accept-Encoding,User-Agent
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Content-Length
856
Server
PardotServer
Expires
Thu, 19 Nov 1981 08:52:00 GMT
analytics
cybersecurity.ci.security/ 		52 B
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cybersecurity.ci.security/analytics?conly=true&visitor_id=859958276&visitor_id_sign=424b4a15f6eef8601e926da126de963a6e81dfd410f1a42c976ce30848fe4686d28a4106b58160c7c870ca161a6820d9e25a7728&pi_opt_in=&campaign_id=20750&account_id=415142&title=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&referrer=&utm_campaign=g_nur_202004&utm_medium=email&utm_source=pardot&utm_content=genit
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&referrer=&utm_campaign=g_nur_202004&utm_medium=email&utm_source=pardot&utm_content=genit
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 14 Sep 2020 15:34:10 GMT
X-Pardot-Route
13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp
16/32/235
Vary
User-Agent
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Content-Length
52
Server
PardotServer
Expires
Thu, 19 Nov 1981 08:52:00 GMT
ip.json
api.company-target.com/api/v2/ 		429 B
939 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fresults.ci.security%2Flog%2Fagency-phishing%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&page_title=Public%20Agency%20Fends%20Off%20Phish%20After%20Employee%20Tricked%20%7C%20CI%20Security&mas_integrations=eyJwYXJkb3QiOnsidmlzaXRvcl9pZDQxNDE0MiI6Ijg1OTk1ODI3NiJ9fQ%3D%3D&src=tag&key=ef6f04d2df1cbefc03f9dae82644e767
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/97379541.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.78 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-78.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957

Request headers

Referer
https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Sep 2020 15:34:10 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
request-id
80da3bae-cbed-496e-8fc0-57575d1f8674
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://results.ci.security
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 7d89b6cf83f15400102bd86c47585040.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
KUNX-Wgf3jaXbZsd1XpanhHW5zf-SnQ8kT6crqwPN2mrCxpzf-T3iQ==
expires
Sun, 13 Sep 2020 15:34:10 GMT

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| formSubmit object| scrollB function| getElementY function| doScrolling function| YoutubeVideoPlayer object| tag object| firstScriptTag string| vidid function| onYouTubeIframeAPIReady string| piAId string| piCId string| _linkedin_partner_id object| _linkedin_data_partner_ids string| adroll_adv_id string| adroll_pix_id object| _mfq object| YT object| YTConfig function| onYTReady function| lintrk boolean| _already_called_lintrk object| recaptcha object| closure_lm_318186 object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportLogPayloadsQueue_ object| ytLoggingTransportGELQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingGelSequenceIdObj_ function| __extends object| Demandbase object| __db function| DBSegment boolean| mouseflowDisableKeyLogging object| mouseflow boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback boolean| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country number| adroll_xavier_called number| __adroll_xid_ch object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars function| fbq function| _fbq boolean| adroll_sendrolling_hashed_only object| adroll_exp_list function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie string| piVersion number| piScriptNum object| piScriptObj object| pi number| c_start string| property function| piResponse

3 Cookies

Domain/Path Name / Value
.ci.security/ Name: _gat_gtag_UA_72734021_3
Value: 1
.ci.security/ Name: _gid
Value: GA1.2.1182356971.1600097648
.ci.security/ Name: _ga
Value: GA1.2.2121753784.1600097648

1 Console Messages

Source Level URL
Text
console-api log URL: https://results.ci.security/log/agency-phishing?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit(Line 19)
Message:
Production GA Script

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
api.company-target.com
cdn.mouseflow.com
cm.g.doubleclick.net
cms.thekraken.xyz
connect.facebook.net
cybersecurity.ci.security
d.adroll.com
d.adroll.mgr.consensu.org
dsum-sec.casalemedia.com
eb2.3lift.com
ib.adnxs.com
idsync.rlcdn.com
match.prod.bidr.io
pi.pardot.com
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
results.ci.security
s.adroll.com
s.ytimg.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
tag.demandbase.com
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.youtube.com
x.bidswitch.net
141.226.228.48
143.204.215.105
143.204.215.78
143.204.215.97
172.217.21.194
18.156.0.31
18.197.58.103
185.64.190.80
207.38.86.153
23.111.9.38
23.210.248.216
23.210.249.164
2620:1ec:21::14
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2004
2a00:1450:4001:802::2003
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:81a::200e
2a00:1450:4001:81b::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:400c:c00::9c
2a02:26f0:10c:5b5::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
3.23.241.62
34.98.64.218
35.244.174.68
37.252.172.37
52.21.178.134
52.215.1.63
52.58.74.100
52.59.102.119
63.32.63.32
64.202.112.191
69.173.144.138
03abf24869fdb7dabfa3c74dfa142840d34ee0ff0c7fd5412e4a62f1f6643a72
072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
24f606eed1215d8878cd6bf97e1cfbd514ad7758237968495d153a317bfc0687
29d69e5b5754cf89215e86286a079b84ea38e17db0643d3bafad40a957e4d632
3002e0f4047351bb87cd9c80ce4b284e8a6147593144c8bf357d7ab73c6c068a
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4667a761f2ad8ca4823f043cad1016fe125a2374484b05e8decc35438a4a6c01
4763add2b1bf912ec1e9bf5f9103dc6430b321fa9cdb7d54be6846699624b265
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f8675269352f57527ee5d1026ce95f85fd0a921bd9a25bd36e0241094502138
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
560327ebf6078cf5b54021788312008d062ca5004299ac7348e0f653fbeb8c29
5ae6ad43429921df6524ef615e3810608692e9825b8eb4f8561d3f3888241698
5f9d6814ed3e2cdefade5d3de75782947d9643fcd8a0738d5b3a1dcf1a56c9de
7303fd4521b231bad4280672d36b7a4486a47a3bc0248da7df8c28989e462400
7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
854f7a7915f240546d3950dd2b067466da13c013d04a3f8c790880c58ec61151
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b151c43349b3aca0bd8701e90e7b18a2e4cb39d057e4cc869c86af9e48d92a69
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e406990fbc4b2b959d7ae7bdeebe2b0e64226cf99451ca89fd9710d01df5ff4b
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
edc149977c51b1a68ca9871cc433ed1cec625ceac21c5dc06a768c8c82e859db
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5a9bcf285628ae58ecf928a18fee3e352df13d7a941e15d4b7e67004a5894c
f03e882b29d452040b26578e5612d8708fe2940d5009d6ba60988413275562de
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6205c3211139244ebbf1a4bfd6e34794e011a968a4c43044edf3c1b1d026aad
f7b7d768583e0c1a4e41d766a90f01fee26e526bc1d3b94fd068934c1d1f536a
faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed