Submitted URL: https://unemployment.oregon.gov/fraud#section-1
Effective URL: https://unemployment.oregon.gov/fraud
Submission: On December 22 via manual from US — Scanned from DE

Summary

This website contacted 26 IPs in 7 countries across 29 domains to perform 57 HTTP transactions. The main IP is 138.197.218.83, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is unemployment.oregon.gov.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 10th 2023. Valid for: a year.
This is the only time unemployment.oregon.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 138.197.218.83 14061 (DIGITALOC...)
2 35.204.89.238 396982 (GOOGLE-CL...)
4 2a00:1450:400... 15169 (GOOGLE)
8 104.18.72.113 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
19 25 34.91.62.186 396982 (GOOGLE-CL...)
1 2600:9000:25e... 16509 (AMAZON-02)
2 3 46.228.174.117 56396 (AMOBEE)
1 76.223.111.18 16509 (AMAZON-02)
1 2600:1f18:612... 14618 (AMAZON-AES)
1 2 34.111.113.62 396982 (GOOGLE-CL...)
1 1 52.31.173.222 16509 (AMAZON-02)
1 1 3.120.47.246 16509 (AMAZON-02)
1 52.84.45.27 16509 (AMAZON-02)
2 2 2600:1901:0:8... 396982 (GOOGLE-CL...)
2 35.244.174.68 396982 (GOOGLE-CL...)
1 2 18.198.126.47 16509 (AMAZON-02)
1 52.70.181.24 14618 (AMAZON-AES)
1 92.123.17.8 16625 (AKAMAI-AS)
1 3.248.109.126 16509 (AMAZON-02)
1 216.52.2.86 30282 (AS-INAPCD...)
1 1 142.250.185.130 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 185.89.210.122 29990 (ASN-APPNEX)
1 69.173.144.139 26667 (RUBICONPR...)
1 34.98.64.218 396982 (GOOGLE-CL...)
3 3 142.250.184.226 15169 (GOOGLE)
3 104.16.51.111 13335 (CLOUDFLAR...)
57 26
Apex Domain
Subdomains
Transfer
27 simpli.fi
tag.simpli.fi — Cisco Umbrella Rank: 4333
i.simpli.fi — Cisco Umbrella Rank: 3745
um.simpli.fi — Cisco Umbrella Rank: 780
12 KB
11 oregon.gov
unemployment.oregon.gov
495 KB
8 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2043
ekr.zdassets.com — Cisco Umbrella Rank: 2264
214 KB
5 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 75
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 219
2 KB
4 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2189
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
299 KB
3 zendesk.com
oedhelpdesk.zendesk.com
1 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 229
2 KB
2 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 1661
2 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 408
140 B
2 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2174
854 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 499
d.agkn.com — Cisco Umbrella Rank: 686
1 KB
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 465
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 546
712 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 491
264 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 339
239 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6765
455 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
662 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 138
546 B
1 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 835
311 B
1 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 850
265 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 848
444 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1556
421 B
1 intentiq.com
sync.intentiq.com — Cisco Umbrella Rank: 846
1 tremorhub.com
simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6102
175 B
1 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 372
140 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258
378 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 674
236 B
1 browser-update.org
browser-update.org — Cisco Umbrella Rank: 7895
4 KB
57 29
Domain Requested by
25 um.simpli.fi 19 redirects
11 unemployment.oregon.gov unemployment.oregon.gov
7 static.zdassets.com unemployment.oregon.gov
static.zdassets.com
4 www.googletagmanager.com unemployment.oregon.gov
www.googletagmanager.com
3 oedhelpdesk.zendesk.com static.zdassets.com
3 cm.g.doubleclick.net 3 redirects
2 ib.adnxs.com 1 redirects
2 loadm.exelator.com 1 redirects
2 idsync.rlcdn.com
2 fei.pro-market.net 2 redirects
2 pixel.tapad.com 1 redirects
2 sync.1rx.io 2 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 region1.google-analytics.com www.googletagmanager.com
1 us-u.openx.net
1 pixel.rubiconproject.com
1 www.google.de
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 ce.lijit.com
1 bcp.crwdcntrl.net
1 stags.bluekai.com
1 sync.bfmio.com
1 sync.intentiq.com
1 d.agkn.com 1 redirects
1 aa.agkn.com 1 redirects
1 simplifi.partners.tremorhub.com
1 eb2.3lift.com
1 sync.targeting.unrulymedia.com
1 s.ad.smaato.net
1 i.simpli.fi tag.simpli.fi
1 stats.g.doubleclick.net www.google-analytics.com
1 browser-update.org unemployment.oregon.gov
1 ekr.zdassets.com static.zdassets.com
1 tag.simpli.fi unemployment.oregon.gov
57 36
Subject Issuer Validity Valid
unemployment.oregon.gov
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-10 -
2024-08-05
a year crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-07 -
2024-12-07
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
zdassets.com
E1
2023-10-23 -
2024-01-21
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-06 -
2024-05-05
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
oedhelpdesk.zendesk.com
Cloudflare Inc ECC CA-3
2023-09-30 -
2024-09-29
a year crt.sh

This page contains 2 frames:

Primary Page: https://unemployment.oregon.gov/fraud
Frame ID: 17E117F607B4DE2BFEB6117295235361
Requests: 48 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Frame ID: 8488F6CFC3E88AA1E8F1E3CA2143DD24
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Protect Yourself from Fraud | OED Unemployment Insurance

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

57
Requests

67 %
HTTPS

33 %
IPv6

29
Domains

36
Subdomains

26
IPs

7
Countries

1046 kB
Transfer

2249 kB
Size

25
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24
  • https://um.simpli.fi/smaato HTTP 302
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 25
  • https://um.simpli.fi/nexxen HTTP 302
  • https://sync.1rx.io/usersync/simplifi/0D95F46F77EA420BB1085FEE9D42C1F3 HTTP 302
  • https://sync.1rx.io/usersync/simplifi/0D95F46F77EA420BB1085FEE9D42C1F3?zcc=1&cb=1703273254989 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003
Request Chain 26
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=0D95F46F77EA420BB1085FEE9D42C1F3&dongle=yf3
Request Chain 27
  • https://um.simpli.fi/telaria_p HTTP 302
  • https://simplifi.partners.tremorhub.com/sync?UISF=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 28
  • https://um.simpli.fi/tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=0D95F46F77EA420BB1085FEE9D42C1F3 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 29
  • https://um.simpli.fi/ad_advisor HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=0D95F46F77EA420BB1085FEE9D42C1F3 HTTP 302
  • https://d.agkn.com/pixel/10751/?che=1703273254838&ip=45.141.152.75&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D218943204738004081602 HTTP 302
  • https://um.simpli.fi/aa_px?sk=218943204738004081602 HTTP 302
  • https://um.simpli.fi/empty.gif
Request Chain 30
  • https://um.simpli.fi/intentiq HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 33
  • https://um.simpli.fi/dtnx HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=0D95F46F77EA420BB1085FEE9D42C1F3;mimetype=img; HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=0D95F46F77EA420BB1085FEE9D42C1F3;mimetype=img;sr HTTP 302
  • https://idsync.rlcdn.com/400646.gif?partner_uid=3420427321483805035
Request Chain 34
  • https://um.simpli.fi/exelatem HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=0D95F46F77EA420BB1085FEE9D42C1F3&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=0D95F46F77EA420BB1085FEE9D42C1F3&j=0&xl8blockcheck=1
Request Chain 36
  • https://um.simpli.fi/beachfront HTTP 302
  • https://sync.bfmio.com/sync?pid=141&uid=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 37
  • https://um.simpli.fi/bluekai HTTP 302
  • https://stags.bluekai.com/site/29931?id=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 38
  • https://um.simpli.fi/crwdcntrl HTTP 302
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 39
  • https://um.simpli.fi/lj_match HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 40
  • https://um.simpli.fi/liveramp_match HTTP 302
  • https://idsync.rlcdn.com/419566.gif?partner_uid=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 41
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1703273254646&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&ocp_id=JuOFZfW4K_ub-cAPpJmr2AI&sscte=1&crd=&pscrd=IhMI9eO1quOjgwMV-00eAh2kzAor HTTP 302
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI9eO1quOjgwMV-00eAh2kzAor&is_vtc=1&ocp_id=JuOFZfW4K_ub-cAPpJmr2AI&cid=CAQSKQAvHhf_lfda-9LOxw9aVqsXHZ1Oz9LypWn41KoKJFmOvCb7gKH2rluG&random=3581436080 HTTP 302
  • https://www.google.de/pagead/1p-conversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI9eO1quOjgwMV-00eAh2kzAor&is_vtc=1&ocp_id=JuOFZfW4K_ub-cAPpJmr2AI&cid=CAQSKQAvHhf_lfda-9LOxw9aVqsXHZ1Oz9LypWn41KoKJFmOvCb7gKH2rluG&random=3581436080&ipr=y
Request Chain 43
  • https://um.simpli.fi/an HTTP 302
  • https://ib.adnxs.com/setuid?entity=66&code=0D95F46F77EA420BB1085FEE9D42C1F3 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 44
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0D95F46F77EA420BB1085FEE9D42C1F3&expires=365
Request Chain 45
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=0D95F46F77EA420BB1085FEE9D42C1F3
Request Chain 46
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP 302
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEHetX9IKACPsyv_qXT0f9KU&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0D95F46F77EA420BB1085FEE9D42C1F3 HTTP 302
  • https://um.simpli.fi/g_match?id=

57 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request fraud
unemployment.oregon.gov/
36 KB
10 KB
Document
General
Full URL
https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / Craft CMS, SEOmatic
Resource Hash
7e56d80a4d13a11b49c7e29f4b3cacfd6704ac48b5b15229927c936417040864

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=1, private, must-revalidate
content-encoding
gzip
content-length
9505
content-type
text/html; charset=UTF-8
date
Fri, 22 Dec 2023 19:27:33 GMT
expires
Fri, 22 Dec 2023 19:27:34 GMT
link
<https://unemployment.oregon.gov/fraud>; rel='canonical'
referrer-policy
no-referrer-when-downgrade
server
nginx
vary
Accept-Encoding
x-powered-by
Craft CMS, SEOmatic
x-robots-tag
all
app.css
unemployment.oregon.gov/assets/css/
176 KB
41 KB
Stylesheet
General
Full URL
https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b76f5d03d8927e3bfecf09728bb67ebef0950af6d4afe669cca9d43953cdeb3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:33 GMT
content-encoding
gzip
last-modified
Thu, 09 Nov 2023 02:58:45 GMT
server
nginx
etag
"2c050-609af61cd3888-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
41694
expires
Fri, 29 Dec 2023 19:27:33 GMT
f29f788d-8539-46ee-bec8-207b9649be2a
tag.simpli.fi/sifitag/
3 KB
2 KB
Script
General
Full URL
https://tag.simpli.fi/sifitag/f29f788d-8539-46ee-bec8-207b9649be2a
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
238.89.204.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
5f9ed130450373c89d763cc4750572a63805cf743d5051a02d066deb24f4e88f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:33 GMT
content-encoding
gzip
server
openresty
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id
F6M-AAmNqA-aIF1DnAtC
expires
Thu, 01 Jan 1970 00:00:00 GMT
js
www.googletagmanager.com/gtag/
244 KB
84 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4Q5VLGJDNQ
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bedf41e75a016da88ca2cac4fb06086dcaaf910684d419d949c23aa865bef6ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
86186
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 22 Dec 2023 19:27:34 GMT
oed-logo-color.svg
unemployment.oregon.gov/assets/images/
18 KB
7 KB
Image
General
Full URL
https://unemployment.oregon.gov/assets/images/oed-logo-color.svg
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
279c2c5d69a923b5c3206506cabb6f249c7e36b5bb41bc115f869b636382e376

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:33 GMT
content-encoding
br
last-modified
Wed, 28 Jun 2023 04:11:45 GMT
server
nginx
etag
W/"47c1-5ff28c82edb85"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000
expires
Sun, 21 Jan 2024 19:27:33 GMT
icon-chevron-down-alt.svg
unemployment.oregon.gov/assets/images/
536 B
496 B
Image
General
Full URL
https://unemployment.oregon.gov/assets/images/icon-chevron-down-alt.svg
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
fa215ab0322cd48da944c0067181a5b7df53e737305e9853a58af2ff8553c256

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:33 GMT
content-encoding
br
last-modified
Wed, 28 Jun 2023 04:11:44 GMT
server
nginx
etag
W/"218-5ff28c8185571"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000
expires
Sun, 21 Jan 2024 19:27:33 GMT
oed-logo-white.svg
unemployment.oregon.gov/assets/images/
17 KB
7 KB
Image
General
Full URL
https://unemployment.oregon.gov/assets/images/oed-logo-white.svg
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
2d584ff6d59ca7d43929f99c9bd1a64adf81b01ea56cfac3cdf00f8b5517d2df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
last-modified
Wed, 28 Jun 2023 04:11:46 GMT
server
nginx
etag
W/"45a1-5ff28c833503c"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000
expires
Sun, 21 Jan 2024 19:27:34 GMT
app.js
unemployment.oregon.gov/assets/js/
2 KB
1 KB
Script
General
Full URL
https://unemployment.oregon.gov/assets/js/app.js?id=6f09dd871f97d27dc0d9109393d5f4de
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
443f15d8d32004039c99ad2d0de39175bd85a95d741a38ca38b8e4606201c0b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
gzip
last-modified
Thu, 09 Nov 2023 02:58:46 GMT
server
nginx
etag
"8c4-609af61e88137-gzip"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=604800, private
accept-ranges
bytes
content-length
1022
expires
Fri, 29 Dec 2023 19:27:34 GMT
snippet.js
static.zdassets.com/ekr/
10 KB
5 KB
Script
General
Full URL
https://static.zdassets.com/ekr/snippet.js?key=527b2dc9-1f88-4381-b2a2-0c11974d1837
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
x-amz-version-id
hKEbdq289Xo7bHrM.yPFOdJ37r5nFwfe
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
VJNSTS6NH24VGZXW
age
0
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ZaA0/pNyb81iWefpjGS4Q1RaRzQbA+fGKlK3Mf/p7f/BJNjQ5D4umJJ3DA6PSAUaVAklKLutfM8=
last-modified
Wed, 09 Aug 2023 01:01:02 GMT
server
cloudflare
etag
W/"42d94c325a0b012e41f9c3907853625a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCXK9JulDaZWsZDAVWiwFRn9Ic6NQn0uMKbf96QasoXZVa8xKna4ME9JcyG4m4Z27zaTCEjevohDybIrP%2BPTbfxufYGJ8H7c4cEY8snofPbakWOP7Gx%2Fd0JEMfU4PbR6Vy%2B0mQc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
839ac34f880d690d-FRA
js
www.googletagmanager.com/gtag/
186 KB
68 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-172413525-1
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
54c856982f4cab3c8627e541ed35565aeebe0b4224dc712acbb5b1b5da0b76ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68998
x-xss-protection
0
last-modified
Fri, 22 Dec 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 22 Dec 2023 19:27:34 GMT
sprite.svg
unemployment.oregon.gov/assets/images/
2 KB
712 B
Other
General
Full URL
https://unemployment.oregon.gov/assets/images/sprite.svg
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
78edf47a3df31643e07a78c647d10074042ef32123d9b2a703324c657980b0fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
last-modified
Wed, 28 Jun 2023 04:11:48 GMT
server
nginx
etag
W/"7ad-5ff28c852deff"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000
expires
Sun, 21 Jan 2024 19:27:34 GMT
icon-share.svg
unemployment.oregon.gov/assets/images/
571 B
417 B
Image
General
Full URL
https://unemployment.oregon.gov/assets/images/icon-share.svg
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
39481db9ac9428b7e0d682300aaca923e17110e17b0d965051a0e92acc011e92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
last-modified
Wed, 28 Jun 2023 04:11:45 GMT
server
nginx
etag
W/"23b-5ff28c82a572e"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000
expires
Sun, 21 Jan 2024 19:27:34 GMT
fa-sharp-regular-400.woff2
unemployment.oregon.gov/assets/webfonts/
317 KB
318 KB
Font
General
Full URL
https://unemployment.oregon.gov/assets/webfonts/fa-sharp-regular-400.woff2
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
feee9b240727b77cac9d17fd7151d267259a6ec5115f62bdd13d391079172770

Request headers

Referer
https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
Origin
https://unemployment.oregon.gov
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
last-modified
Wed, 28 Jun 2023 04:12:07 GMT
server
nginx
etag
"4f4ec-5ff28c97db902"
content-type
font/woff2
cache-control
max-age=300
accept-ranges
bytes
content-length
324844
expires
Fri, 22 Dec 2023 19:32:34 GMT
bebas-neue-v9-latin-regular.woff2
unemployment.oregon.gov/assets/webfonts/
13 KB
13 KB
Font
General
Full URL
https://unemployment.oregon.gov/assets/webfonts/bebas-neue-v9-latin-regular.woff2
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
5b4101d4a007ce5231c65dd082b9542ffd40b6e12cc9ea67de9b54063bbbf073

Request headers

Referer
https://unemployment.oregon.gov/assets/css/app.css?id=92339ea43619cc51267749075495f014
Origin
https://unemployment.oregon.gov
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
last-modified
Wed, 28 Jun 2023 04:11:55 GMT
server
nginx
etag
"3468-5ff28c8bd33e2"
content-type
font/woff2
cache-control
max-age=300
accept-ranges
bytes
content-length
13416
expires
Fri, 22 Dec 2023 19:32:34 GMT
Fraud-800.jpg
unemployment.oregon.gov/uploads/images/Oregon/_1200xAUTO_crop_center-center_80_none/
96 KB
96 KB
Image
General
Full URL
https://unemployment.oregon.gov/uploads/images/Oregon/_1200xAUTO_crop_center-center_80_none/Fraud-800.jpg
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.218.83 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
e007761206ede4ebfc3bbde2fb7261de323f0d3b076a6bf058a669bc372bb634

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
last-modified
Tue, 09 May 2023 20:29:09 GMT
server
nginx
etag
"17f4c-5fb489b877e39"
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
98124
expires
Fri, 29 Dec 2023 19:27:34 GMT
collect
region1.google-analytics.com/g/
0
260 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4Q5VLGJDNQ&gtm=45je3bt0v869609167&_p=1703273254154&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=23246193.1703273254&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1703273254&sct=1&seg=0&dl=https%3A%2F%2Funemployment.oregon.gov%2Ffraud&dt=Protect%20Yourself%20from%20Fraud%20%7C%20OED%20Unemployment%20Insurance&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.anonymize_ip=false&ep.link_attribution=false&tfd=2096
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Q5VLGJDNQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://unemployment.oregon.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
527b2dc9-1f88-4381-b2a2-0c11974d1837
ekr.zdassets.com/compose/
1 KB
1 KB
Fetch
General
Full URL
https://ekr.zdassets.com/compose/527b2dc9-1f88-4381-b2a2-0c11974d1837
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=527b2dc9-1f88-4381-b2a2-0c11974d1837
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d1f438734e7681d03b0961da4c2ebf3f25b1e8c7b70a923617d4d92596b4b03
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
8308f906ab1dc6e5-SEA, 8308f906ab1dc6e5-SEA
x-runtime
0.010178
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"1d1f438734e7681d03b0961da4c2ebf3"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDBv7VVg48jtYKzqsyIQJU0pkmdQf0Rn0pfPUbK6Tw1gKI%2BKA9SG8XJbSlgyYMkUIUPbqZn0n3%2BFGBm3C%2FtMRqe1NbH4qzY%2BNyI36t110SaaD5R6nitKKqP%2F1QOaiIKgFeo%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
839ac34fea57365f-FRA
js
www.googletagmanager.com/gtag/
186 KB
67 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-172413525-1&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Q5VLGJDNQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6c101cc2e2bdd0bc4ca72c720750c6a51542fafa235ac538b9f7a3fb86048132
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68974
x-xss-protection
0
last-modified
Fri, 22 Dec 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 22 Dec 2023 19:27:34 GMT
update.min.js
browser-update.org/
9 KB
4 KB
Script
General
Full URL
https://browser-update.org/update.min.js
Requested by
Host: unemployment.oregon.gov
URL: https://unemployment.oregon.gov/fraud
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:6b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cb9f9d47e18ef669548ba9d6bbe331494dcfa81059e1d5e9343a552fe95df32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 13 Dec 2023 08:24:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
817399
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qW1jtvPW%2FDUK1638gRknHi9BDihy5PnugTg7Fzvcb2hgbFcdpV5lh5mByXoaiSFSM66Idqu%2F2ues8flIeDg3k6nMNUHOkfOmW6V2Ry4HZ12hy8HmPepwDD8o13zfGH%2BriulWUXxmYa37aPnjflYEWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
content-disposition
inline; filename=update.min.js
cf-ray
839ac34feb8135e2-FRA
expires
Thu, 14 Dec 2023 08:24:15 GMT
js
www.googletagmanager.com/gtag/
224 KB
79 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0SDMYFW31G&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-172413525-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d9f633d138d213fd349bf3b3757dcaf594c12f03aa5fa2c9361e6ec0b4aa5a42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81196
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 22 Dec 2023 19:27:34 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-172413525-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 22 Dec 2023 17:48:17 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
5957
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 22 Dec 2023 19:48:17 GMT
collect
www.google-analytics.com/j/
2 B
213 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=288663429&t=pageview&_s=1&dl=https%3A%2F%2Funemployment.oregon.gov%2Ffraud&ul=en-us&de=UTF-8&dt=Protect%20Yourself%20from%20Fraud%20%7C%20OED%20Unemployment%20Insurance&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=977312773&gjid=1982862778&cid=23246193.1703273254&tid=UA-172413525-1&_gid=658956565.1703273254&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=894257954
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://unemployment.oregon.gov/fraud
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://unemployment.oregon.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-0SDMYFW31G&gtm=45je3bt0v9118798985&_p=1703273254154&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=23246193.1703273254&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1703273254&sct=1&seg=0&dl=https%3A%2F%2Funemployment.oregon.gov%2Ffraud&dt=Protect%20Yourself%20from%20Fraud%20%7C%20OED%20Unemployment%20Insurance&en=page_view&_fv=1&_ss=1&tfd=2275
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0SDMYFW31G&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://unemployment.oregon.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
352 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-172413525-1&cid=23246193.1703273254&jid=977312773&gjid=1982862778&_gid=658956565.1703273254&_u=YADAAUAAAAAAACAAI~&z=1919369851
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://unemployment.oregon.gov/fraud
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 22 Dec 2023 19:27:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://unemployment.oregon.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
p
i.simpli.fi/
809 B
770 B
Script
General
Full URL
https://i.simpli.fi/p?cid=463752&cb=sifi_att_3112830763523654._hp
Requested by
Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/f29f788d-8539-46ee-bec8-207b9649be2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
238.89.204.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
ef844927074e2a8b8b10f534c1cd0868da75ebb429e0c1c3e6f33117efcbdb86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
content-encoding
gzip
server
openresty
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
s.ad.smaato.net/c/
Redirect Chain
  • https://um.simpli.fi/smaato
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=0D95F46F77EA420BB1085FEE9D42C1F3
0
236 B
Image
General
Full URL
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
2600:9000:25e8:6a00:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
cache-control
no-cache, must-revalidate
via
1.1 7cbec639ed3557aac04425ec5a5f177a.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
AMS1-P3
x-amz-cf-id
2ONSu6h-o6dcHIclneCNn-D3tyeTOuA3kkowQ7-yemHLgHUqXZM-9w==
x-cache
Miss from cloudfront

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain
  • https://um.simpli.fi/nexxen
  • https://sync.1rx.io/usersync/simplifi/0D95F46F77EA420BB1085FEE9D42C1F3
  • https://sync.1rx.io/usersync/simplifi/0D95F46F77EA420BB1085FEE9D42C1F3?zcc=1&cb=1703273254989
  • https://sync.targeting.unrulymedia.com/csync/RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003
43 B
378 B
Image
General
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003
Protocol
H2
Server
46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
content-length
43
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location
https://sync.targeting.unrulymedia.com/csync/RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003
pragma
no-cache
date
Fri, 22 Dec 2023 19:27:35 GMT
cache-control
no-store, no-cache, must-revalidate
expires
0
content-type
text/html
xuid
eb2.3lift.com/
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=0D95F46F77EA420BB1085FEE9D42C1F3&dongle=yf3
37 B
140 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=7969&xuid=0D95F46F77EA420BB1085FEE9D42C1F3&dongle=yf3
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://eb2.3lift.com/xuid?mid=7969&xuid=0D95F46F77EA420BB1085FEE9D42C1F3&dongle=yf3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
sync
simplifi.partners.tremorhub.com/
Redirect Chain
  • https://um.simpli.fi/telaria_p
  • https://simplifi.partners.tremorhub.com/sync?UISF=0D95F46F77EA420BB1085FEE9D42C1F3
43 B
175 B
Image
General
Full URL
https://simplifi.partners.tremorhub.com/sync?UISF=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
2600:1f18:612b:4216:17ab:830b:3ca7:8552 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Fri, 22 Dec 2023 19:27:35 GMT
server
nginx
content-type
image/gif

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://simplifi.partners.tremorhub.com/sync?UISF=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain
  • https://um.simpli.fi/tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=0D95F46F77EA420BB1085FEE9D42C1F3
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=0D95F46F77EA420BB1085FEE9D42C1F3
95 B
427 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=0D95F46F77EA420BB1085FEE9D42C1F3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
empty.gif
um.simpli.fi/
Redirect Chain
  • https://um.simpli.fi/ad_advisor
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=0D95F46F77EA420BB1085FEE9D42C1F3
  • https://d.agkn.com/pixel/10751/?che=1703273254838&ip=45.141.152.75&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D218943204738004081602
  • https://um.simpli.fi/aa_px?sk=218943204738004081602
  • https://um.simpli.fi/empty.gif
43 B
361 B
Image
General
Full URL
https://um.simpli.fi/empty.gif
Protocol
H2
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
/empty.gif
access-control-allow-origin
*
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain
  • https://um.simpli.fi/intentiq
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=0D95F46F77EA420BB1085FEE9D42C1F3
0
0
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
52.84.45.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-84-45-27.mrs52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
pubmatic
um.simpli.fi/
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/pubmatic
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Thu, 21 Dec 2023 19:27:34 GMT
freewheel
um.simpli.fi/
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/freewheel
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Thu, 21 Dec 2023 19:27:34 GMT
400646.gif
idsync.rlcdn.com/
Redirect Chain
  • https://um.simpli.fi/dtnx
  • https://fei.pro-market.net/engine?du=24;csync=0D95F46F77EA420BB1085FEE9D42C1F3;mimetype=img;
  • https://fei.pro-market.net/engine?du=24;csync=0D95F46F77EA420BB1085FEE9D42C1F3;mimetype=img;sr
  • https://idsync.rlcdn.com/400646.gif?partner_uid=3420427321483805035
0
42 B
Image
General
Full URL
https://idsync.rlcdn.com/400646.gif?partner_uid=3420427321483805035
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0

Redirect headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
via
1.1 google
server
Apache-Coyote/1.1
anserver
gapp-eu-5.c.datonics-gcp-01.internal
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin
*
location
https://idsync.rlcdn.com/400646.gif?partner_uid=3420427321483805035
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
expires
Mon, 1 Jan 1990 0:0:0 GMT
/
loadm.exelator.com/load/
Redirect Chain
  • https://um.simpli.fi/exelatem
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=0D95F46F77EA420BB1085FEE9D42C1F3&j=0
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=0D95F46F77EA420BB1085FEE9D42C1F3&j=0&xl8blockcheck=1
0
771 B
Image
General
Full URL
https://loadm.exelator.com/load/?p=204&g=2191&simid=0D95F46F77EA420BB1085FEE9D42C1F3&j=0&xl8blockcheck=1
Protocol
H2
Server
18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://loadm.exelator.com/load/?p=204&g=2191&simid=0D95F46F77EA420BB1085FEE9D42C1F3&j=0&xl8blockcheck=1
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
content-length
0
yahoo
um.simpli.fi/
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/yahoo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Thu, 21 Dec 2023 19:27:34 GMT
sync
sync.bfmio.com/
Redirect Chain
  • https://um.simpli.fi/beachfront
  • https://sync.bfmio.com/sync?pid=141&uid=0D95F46F77EA420BB1085FEE9D42C1F3
0
421 B
Image
General
Full URL
https://sync.bfmio.com/sync?pid=141&uid=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
HTTP/1.1
Server
52.70.181.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-70-181-24.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Connection
keep-alive
Date
Fri, 22 Dec 2023 19:27:34 GMT

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://sync.bfmio.com/sync?pid=141&uid=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
29931
stags.bluekai.com/site/
Redirect Chain
  • https://um.simpli.fi/bluekai
  • https://stags.bluekai.com/site/29931?id=0D95F46F77EA420BB1085FEE9D42C1F3
62 B
444 B
Image
General
Full URL
https://stags.bluekai.com/site/29931?id=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
92.123.17.8 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-17-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date
Fri, 22 Dec 2023 19:27:35 GMT
content-length
62
content-type
image/gif

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://stags.bluekai.com/site/29931?id=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
tpid=0D95F46F77EA420BB1085FEE9D42C1F3
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/
Redirect Chain
  • https://um.simpli.fi/crwdcntrl
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0D95F46F77EA420BB1085FEE9D42C1F3
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
3.248.109.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-109-126.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.22.23
content-length
49
expires
0

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
merge
ce.lijit.com/
Redirect Chain
  • https://um.simpli.fi/lj_match
  • https://ce.lijit.com/merge?pid=2&3pid=0D95F46F77EA420BB1085FEE9D42C1F3
0
311 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=2&3pid=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
HTTP/1.1
Server
216.52.2.86 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Expires
Fri, 20 Mar 2009 00:00:00 GMT
Pragma
no-cache
Date
Fri, 22 Dec 2023 19:27:34 GMT
X-MERGE
GDPR Optout true
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ams1
P3P
CP="CUR ADM OUR NOR STA NID"

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://ce.lijit.com/merge?pid=2&3pid=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
419566.gif
idsync.rlcdn.com/
Redirect Chain
  • https://um.simpli.fi/liveramp_match
  • https://idsync.rlcdn.com/419566.gif?partner_uid=0D95F46F77EA420BB1085FEE9D42C1F3
0
98 B
Image
General
Full URL
https://idsync.rlcdn.com/419566.gif?partner_uid=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://idsync.rlcdn.com/419566.gif?partner_uid=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1703273254646&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&ocp_id=...
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI9eO1q...
  • https://www.google.de/pagead/1p-conversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI9eO1qu...
42 B
455 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI9eO1quOjgwMV-00eAh2kzAor&is_vtc=1&ocp_id=JuOFZfW4K_ub-cAPpJmr2AI&cid=CAQSKQAvHhf_lfda-9LOxw9aVqsXHZ1Oz9LypWn41KoKJFmOvCb7gKH2rluG&random=3581436080&ipr=y
Protocol
H2
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/1026675585/?random=1102975977&cv=7&fst=1703273254646&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI9eO1quOjgwMV-00eAh2kzAor&is_vtc=1&ocp_id=JuOFZfW4K_ub-cAPpJmr2AI&cid=CAQSKQAvHhf_lfda-9LOxw9aVqsXHZ1Oz9LypWn41KoKJFmOvCb7gKH2rluG&random=3581436080&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
spotx_match
um.simpli.fi/
0
272 B
Image
General
Full URL
https://um.simpli.fi/spotx_match
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
bounce
ib.adnxs.com/
Redirect Chain
  • https://um.simpli.fi/an
  • https://ib.adnxs.com/setuid?entity=66&code=0D95F46F77EA420BB1085FEE9D42C1F3
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0D95F46F77EA420BB1085FEE9D42C1F3
43 B
902 B
Image
General
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
an-x-request-uuid
12148e6e-e13d-43f4-99ca-f63eef5638ed
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
45.141.152.75; 45.141.152.75; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
an-x-request-uuid
ac403f7d-abc7-4380-9046-8cf9168df68a
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D0D95F46F77EA420BB1085FEE9D42C1F3
cache-control
no-store, no-cache, private
x-proxy-origin
45.141.152.75; 45.141.152.75; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0D95F46F77EA420BB1085FEE9D42C1F3&expires=365
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0D95F46F77EA420BB1085FEE9D42C1F3&expires=365
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
1f4afaf10c6b5898421df1cdca3fc7f5
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=0D95F46F77EA420BB1085FEE9D42C1F3&expires=365
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=0D95F46F77EA420BB1085FEE9D42C1F3
43 B
264 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072966&val=0D95F46F77EA420BB1085FEE9D42C1F3
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://us-u.openx.net/w/1.0/sd?id=537072966&val=0D95F46F77EA420BB1085FEE9D42C1F3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 21 Dec 2023 19:27:34 GMT
g_match
um.simpli.fi/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEHetX9IKACPsyv_qXT0f9KU&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0D95F46F77EA420BB1085FEE9D42C1F3
  • https://um.simpli.fi/g_match?id=
0
320 B
Image
General
Full URL
https://um.simpli.fi/g_match?id=
Protocol
H2
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://unemployment.oregon.gov/fraud
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:34 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 21 Dec 2023 19:27:34 GMT

Redirect headers

pragma
no-cache
date
Fri, 22 Dec 2023 19:27:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://um.simpli.fi/g_match?id=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
229
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
web-widget-main-1bfc6fa.js
static.zdassets.com/web_widget/messenger/latest/ Frame 8488
435 KB
137 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=527b2dc9-1f88-4381-b2a2-0c11974d1837
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c8557fabe455b2a528bb3bc78a1586c880f14936fcec7d6d4293b7716073982
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
x-amz-version-id
RqZIDjLbqQCJse5.5YPoIz6l3bVKH2F9
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
4FSF5803D2MZ177K
age
1528719
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
s6NVEjlxQ0X409+93Y+AyzPpDVdCnUzkj58R435QREy4lvYOga3kZ8DuxKYs3kScc5mlXhydQ7o=
last-modified
Tue, 05 Dec 2023 00:28:36 GMT
server
cloudflare
etag
W/"531e7cd49856ceac1ab739dee1bd9825"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVkXnPzp0UGFlEfNFf0IW6j2eud4rFVLzi8mgCPBCoEvmG%2Bu6UmsCxcMEwRcu4DPDwvql9tWZ22jn23xEeqzUgieMfPjJGHDXGLryEMd1gcmrxLYXud3t7n5lwRm4X4%2FDSUb4lw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
839ac353bc1b690d-FRA
expires
Wed, 04 Dec 2024 00:28:35 GMT
en-us-json-1bfc6fa.js
static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/ Frame 8488
16 KB
3 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7cb8909e7bd8908268de5793534d73028ccceed62364ef9d1b04bf1e40e41ad
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
x-amz-version-id
0TD6PAWfsyxN8kJamulTpqLVZArSSWuB
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
4FS8D41MZJZMYG1B
age
1528719
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
MlQYiQ2dqb9h/OIVYc60rdAWwzi2m98faLu/nzTPmQXpoeHOhtgWXpnmexReeLW5Qx210z3PGrY=
last-modified
Tue, 05 Dec 2023 00:28:38 GMT
server
cloudflare
etag
W/"2d7a163ff937b4b9ea7ab13e6c8dfadf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9XodEGgKrLs2UjYs0eCyeZVI8PSwDMRuegQJRFd2fLg6lKcZQctV2NUEbItIY1us5RORx3ljaOMU8I4zATy69zCIW6mmtQTt3vs4Jd%2FVBLLKP1OeiuoLbuEl1ZnVt3ZoMsMWNU4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
839ac3543c85690d-FRA
expires
Wed, 04 Dec 2024 00:28:37 GMT
web-widget-4852-1bfc6fa.js
static.zdassets.com/web_widget/messenger/latest/ Frame 8488
139 KB
47 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-4852-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e53f18a73c934fe1c7f3c4aa74c209a907f0ac4bd954d1747a4e82207591917
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
x-amz-version-id
rgQyDw8mO5OrfYenQWJeUHQhMhROhIV.
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
4FS6K6N3BED5C9DX
age
1528718
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
mZYDmVwtmpMlbyBFUcvQAyVxK3nKNxXriZZENjdf3EjmZopRc63mtrIJzjjk+FTJoP0ZDs3BETM=
last-modified
Tue, 05 Dec 2023 00:28:36 GMT
server
cloudflare
etag
W/"ea51d3eb674c1f286144bbe26ba05c86"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CmpugGKZ%2FfK%2FVO4VXlLQatlhYfVWw2BRB1N5qw8JuBnhyUAWmBLDJ%2FE7YeJX6RyeYKy%2FzDwCcM1q%2B5JaDJB9MLiIga%2BuXxgboaOJAhBWvHMuqv%2B158RCXEmTK5Yc6CwJUxFfly4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
839ac3543c86690d-FRA
expires
Wed, 04 Dec 2024 00:28:35 GMT
web-widget-519-1bfc6fa.js
static.zdassets.com/web_widget/messenger/latest/ Frame 8488
24 KB
8 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-519-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d0142e7dd8eee7b1776ce44b79a5aa7b292d3a509bae832fb438afb2534bbc7
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
x-amz-version-id
GVsqCvOfUiBJYIwZLFLTQX5MyDUCOwc2
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
4FS3V2M4QJ2ZK33P
age
1528719
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ZcwJ01puBTNkg0AiqHh4Jwsz8eTxW4l9Gmz7kmYejNT5ylWWy39mTLN7KSZvvQMqOIGQL7p8G4s=
last-modified
Tue, 05 Dec 2023 00:28:36 GMT
server
cloudflare
etag
W/"1c9884a2069c7bec6b20dac62004eb1b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wq4Tq%2BmQxRFNaxArcjh%2B0Ub78M6%2FNf7tKPTQqpKaR9TYSjj4DVvEfqzGtOlfAnFcAbSunhKSygDFKcV6XrlhkbzoEMDzmDDh4C499NkeYLQhidpcgKfsMnMLOlHTMfxODTYzjlg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
839ac3543c88690d-FRA
expires
Wed, 04 Dec 2024 00:28:35 GMT
web-widget-5178-1bfc6fa.js
static.zdassets.com/web_widget/messenger/latest/ Frame 8488
24 KB
7 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-5178-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5936ea748776aa9d35f5e748d18c78366ef81a770699ca8765457ba8717fd92
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
x-amz-version-id
NLi469M1WczuGaqZLXtxIgWwTh.1j.zh
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
4FS7C58SVHM9XWRN
age
1528716
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
UHe8in2/NNlJQ8+xqDERT39dCXeKxCJVrG2UC/shLH4h+ZNVARF4OnkmVkfqjVmg/Z5Cp8G4Dco=
last-modified
Tue, 05 Dec 2023 00:28:36 GMT
server
cloudflare
etag
W/"11034f049f5eef05b26ed292ac59e1fc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wBwQPKYoZ7JO0i9L%2F85wgnJ%2BnstWFifhrvLnQ%2BbdThMQ2p29OzdKu9YvK4wUBVbinNLZn%2B6mSv%2Bc0Bq7wt4Mhuoj99ILozi1TOpjrjixzdXo0rkbGDsA50AueNx1P%2BB8Upk2%2Bo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
839ac3543c89690d-FRA
expires
Wed, 04 Dec 2024 00:28:35 GMT
web-widget-9535-1bfc6fa.js
static.zdassets.com/web_widget/messenger/latest/ Frame 8488
15 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-9535-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0349bc9b3c076b695b88acbf7ef9f770cc1975608d83c51fde327c5e9df3e391
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
x-amz-version-id
ty1N93CTNGjm.TymHP.kwa5RR_YIsyxf
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
4FS0JNEYMFMYAKH2
age
1528719
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
KZ6JU9UjGIwkXQxX79VJPt5IBQz+RyTOOPzgoaj8Fyg4FIN4CX5ErJSJSDOj+qVg7hRI7zO5uEc=
last-modified
Tue, 05 Dec 2023 00:28:36 GMT
server
cloudflare
etag
W/"d46547a6c79c8800ac99ed5408528a12"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWPqZoH3qykp4pusxLDw6lVbxLRZIztvVLUeqDRT3ZCS5LbkexWHqP0NlHu6iM6x7hoNVs2apLN9pF6RST9oG%2FQvy7VleriFz%2BW4SzBJS%2FdDGBsni2ry1GbSa%2BKr0QCs17sLIls%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
839ac3543c8a690d-FRA
expires
Wed, 04 Dec 2024 00:28:35 GMT
pv
oedhelpdesk.zendesk.com/frontendevents/ Frame
0
0
Preflight
General
Full URL
https://oedhelpdesk.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://unemployment.oregon.gov
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-origin
*
access-control-max-age
600
cache-control
max-age=600
cf-cache-status
DYNAMIC
cf-ray
839ac354afaebbd4-FRA
date
Fri, 22 Dec 2023 19:27:35 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WoSNR6ZLqqICTj1rrsMR4dNVOEeufV3c10Inmv6jbOuvUZ3TD5fdxZK45NcMUZbuAWEqjpUCLLU9935hCSZDLn9cvFs1uajzzTUWlWXpHki1tS%2BtcsPGeVpPFqwda8D1ieirjyKal9h"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
x-request-id
839ac354afaebbd4-FRA
x-zendesk-zorg
yes
pv
oedhelpdesk.zendesk.com/frontendevents/ Frame 8488
0
0
Fetch
General
Full URL
https://oedhelpdesk.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-zendesk-zorg
yes
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9r%2BHrbbADN%2FbJu8KUvFH%2B7lS4vS996dEZs05t3SSppPC4O%2BsknYWzSkYHk6hzkvZPekhzVydeAJmF9U7JEW62zrv9MMrCuTS5HSxRViQ%2Fi68MOnkvpFBOZTJ9cjwFhNpPEaoe5Hdhav6"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
839ac35578d6bbd4-FRA
content-length
0
x-request-id
839ac35578d6bbd4-FRA
config
oedhelpdesk.zendesk.com/embeddable/ Frame 8488
838 B
1 KB
Fetch
General
Full URL
https://oedhelpdesk.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6386e2bd322a37af45148f479a8606c09c23756bede63be9113c1d628ebd6301

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 19:27:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-6c58497b58-vf7p7
x-cached
MISS
x-request-id
839ac354afacbbd4-FRA
x-runtime
0.002405
last-modified
Fri, 22 Dec 2023 19:27:35 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2F1qd9ExQ4JQhQzbmkblTGDOSRHCbnE6jLuPnYdRdqQ%2BMAGiVSEje99lKaVK5fONZS%2F5R%2FAJ4qm%2BeNQUk7BI%2FVUGNwng9VnZm%2FECX3di9Nfjic%2F1Ai%2BrjD5zzElYIV1H2R6EEU9dKNS7"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
839ac354afacbbd4-FRA

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| documentPictureInPicture object| sifi_att_3112830763523654 function| gtag object| dataLayer object| $buoop function| $buo_f object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| zEWebpackACJsonp function| zE function| zEmbed object| webpackChunkOEDCOVID19 string| GoogleAnalyticsObject function| ga object| gaplugins object| gaData object| $bu_ function| $buo function| $bu_getBrowser object| _buorgres boolean| zEACLoaded

25 Cookies

Domain/Path Name / Value
.simpli.fi/ Name: suid
Value: 0D95F46F77EA420BB1085FEE9D42C1F3
.oregon.gov/ Name: _ga_4Q5VLGJDNQ
Value: GS1.1.1703273254.1.0.1703273254.0.0.0
.oregon.gov/ Name: _gid
Value: GA1.2.658956565.1703273254
.oregon.gov/ Name: _gat_gtag_UA_172413525_1
Value: 1
.oregon.gov/ Name: _ga_0SDMYFW31G
Value: GS1.1.1703273254.1.0.1703273254.0.0.0
.oregon.gov/ Name: _ga
Value: GA1.1.23246193.1703273254
.simpli.fi/ Name: uid_syncd_secure
Value: true
.doubleclick.net/ Name: IDE
Value: AHWqTUkzIBycFCHpQrv9NpWZ_1aps7IqifLjhu3ehNqvzuUC8eB6wtr8e44yFxWoRro
.tapad.com/ Name: TapAd_TS
Value: 1703273254769
.tapad.com/ Name: TapAd_DID
Value: e727331c-e8e8-4661-a240-7ac8bc817e63
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.pro-market.net/ Name: anProfile
Value: "pziwaj4r2uej+1+1f=1+1g=1+1j=41+rs=s+rt=20010AC800203A0010116B9A337A9FF9+s2=(s6321y)+vm=24-0D95F46F77EA420BB1085FEE9D42C1F3"
.pro-market.net/ Name: anHistory
Value: "pziwaj4r2uej+2+!#7%/%~#erk"
.adnxs.com/ Name: uuid2
Value: 5780110815730652687
.agkn.com/ Name: ab
Value: 0001%3ARZqlYG7J7NqItUZj9VpjVlfRjuCC0Y5E
.adnxs.com/ Name: anj
Value: dTM7k!M4.FE:2jUF']wIg2E>xFHn<a!@wnfH8KW.dG5<#Z0w7oG%O?Bp'<R!qAf]?n<jIcCy(CdqB$UrDhZDmEm>4Ukcv'?(j#iP(Md+>)fy*0I^Q4M
.exelator.com/ Name: EE
Value: "892b358e4581eee785038f74dacacb34"
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcHC0ijJ2NQi1cTUwjA1NdXcwtTA2CLN3CQlMTkxOcnYZHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIYEl%252BUWb6IhfXxUUpaQyLSopPBR%252FzbAAAn2YqLw%253D%253D"
.agkn.com/ Name: u
Value: C|0AAAAAAAALRifpgAAAAAA
.bluekai.com/ Name: bku
Value: blx99YqMCVDTGSAa
.bluekai.com/ Name: bkpa
Value: KJy9nyexd02pSUHknp/8mE1hwtkAwEOWmEPsBejsBp5axEx01WJY1E9TBDjaHEkWBeJe1DRp9y9oh9r8
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003%22%7D
.bfmio.com/ Name: __141_cid
Value: 0D95F46F77EA420BB1085FEE9D42C1F3
.bfmio.com/ Name: __io_cid
Value: e408297553a91c2637121939707feb6bc6840134
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-3b02a9e6-7ace-4f84-ad1a-38f778c7649e-003%22%7D

4 Console Messages

Source Level URL
Text
network error URL: https://idsync.rlcdn.com/419566.gif?partner_uid=0D95F46F77EA420BB1085FEE9D42C1F3
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://idsync.rlcdn.com/400646.gif?partner_uid=3420427321483805035
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=0D95F46F77EA420BB1085FEE9D42C1F3
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=0D95F46F77EA420BB1085FEE9D42C1F3
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
bcp.crwdcntrl.net
browser-update.org
ce.lijit.com
cm.g.doubleclick.net
d.agkn.com
eb2.3lift.com
ekr.zdassets.com
fei.pro-market.net
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
loadm.exelator.com
oedhelpdesk.zendesk.com
pixel.rubiconproject.com
pixel.tapad.com
region1.google-analytics.com
s.ad.smaato.net
simplifi.partners.tremorhub.com
stags.bluekai.com
static.zdassets.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
tag.simpli.fi
um.simpli.fi
unemployment.oregon.gov
us-u.openx.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.16.51.111
104.18.72.113
138.197.218.83
142.250.184.226
142.250.185.130
18.198.126.47
185.89.210.122
2001:4860:4802:32::36
216.52.2.86
2600:1901:0:8eee::
2600:1f18:612b:4216:17ab:830b:3ca7:8552
2600:9000:25e8:6a00:1b:5138:8a40:93a1
2606:4700:20::681a:6b4
2a00:1450:4001:803::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:80f::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:400c:c0c::9d
3.120.47.246
3.248.109.126
34.111.113.62
34.91.62.186
34.98.64.218
35.204.89.238
35.244.174.68
46.228.174.117
52.31.173.222
52.70.181.24
52.84.45.27
69.173.144.139
76.223.111.18
92.123.17.8
0349bc9b3c076b695b88acbf7ef9f770cc1975608d83c51fde327c5e9df3e391
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
1d1f438734e7681d03b0961da4c2ebf3f25b1e8c7b70a923617d4d92596b4b03
279c2c5d69a923b5c3206506cabb6f249c7e36b5bb41bc115f869b636382e376
2d584ff6d59ca7d43929f99c9bd1a64adf81b01ea56cfac3cdf00f8b5517d2df
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
39481db9ac9428b7e0d682300aaca923e17110e17b0d965051a0e92acc011e92
3e53f18a73c934fe1c7f3c4aa74c209a907f0ac4bd954d1747a4e82207591917
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
443f15d8d32004039c99ad2d0de39175bd85a95d741a38ca38b8e4606201c0b4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
54c856982f4cab3c8627e541ed35565aeebe0b4224dc712acbb5b1b5da0b76ca
5b4101d4a007ce5231c65dd082b9542ffd40b6e12cc9ea67de9b54063bbbf073
5d0142e7dd8eee7b1776ce44b79a5aa7b292d3a509bae832fb438afb2534bbc7
5f9ed130450373c89d763cc4750572a63805cf743d5051a02d066deb24f4e88f
6386e2bd322a37af45148f479a8606c09c23756bede63be9113c1d628ebd6301
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c101cc2e2bdd0bc4ca72c720750c6a51542fafa235ac538b9f7a3fb86048132
78edf47a3df31643e07a78c647d10074042ef32123d9b2a703324c657980b0fd
7c8557fabe455b2a528bb3bc78a1586c880f14936fcec7d6d4293b7716073982
7cb9f9d47e18ef669548ba9d6bbe331494dcfa81059e1d5e9343a552fe95df32
7e56d80a4d13a11b49c7e29f4b3cacfd6704ac48b5b15229927c936417040864
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
b76f5d03d8927e3bfecf09728bb67ebef0950af6d4afe669cca9d43953cdeb3e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bedf41e75a016da88ca2cac4fb06086dcaaf910684d419d949c23aa865bef6ce
c7cb8909e7bd8908268de5793534d73028ccceed62364ef9d1b04bf1e40e41ad
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d9f633d138d213fd349bf3b3757dcaf594c12f03aa5fa2c9361e6ec0b4aa5a42
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e007761206ede4ebfc3bbde2fb7261de323f0d3b076a6bf058a669bc372bb634
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef844927074e2a8b8b10f534c1cd0868da75ebb429e0c1c3e6f33117efcbdb86
f5936ea748776aa9d35f5e748d18c78366ef81a770699ca8765457ba8717fd92
fa215ab0322cd48da944c0067181a5b7df53e737305e9853a58af2ff8553c256
feee9b240727b77cac9d17fd7151d267259a6ec5115f62bdd13d391079172770