www.tdecu.org Open in urlscan Pro
3.17.197.235 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz
Effective URL:
https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content...
Submission: On October 06 via manual (October 6th 2022, 11:30:57 pm UTC) from PH — Scanned from DE

Summary HTTP 137 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 68 IPs in 11 countries across 69 domains to perform 137 HTTP transactions. The main IP is 3.17.197.235, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is www.tdecu.org. The Cisco Umbrella rank of the primary domain is 706475.
TLS certificate: Issued by R3 on August 11th 2022. Valid for: 3 months.

This is the only time www.tdecu.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	18.66.122.38 18.66.122.38	16509 (AMAZON-02) (AMAZON-02)
8	3.17.197.235 3.17.197.235	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6812:7034	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:20:... 2606:4700:20::681a:46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.54.4 192.0.54.4	62659 (Q2HOLDINGS) (Q2HOLDINGS)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::282	54113 (FASTLY) (FASTLY)
7	2600:9000:223... 2600:9000:223d:7000:8:e724:a480:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
2	216.117.88.121 216.117.88.121	62 (CONE) (CONE)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1 5	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	13.32.121.36 13.32.121.36	16509 (AMAZON-02) (AMAZON-02)
2 6	2600:9000:225... 2600:9000:225e:7400:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223d:5a00:12:de4a:40:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
1	3.232.242.170 3.232.242.170	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0b::9c	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	37.157.5.71 37.157.5.71	198622 (ADFORM) (ADFORM)
1	52.222.236.74 52.222.236.74	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	52.48.159.197 52.48.159.197	16509 (AMAZON-02) (AMAZON-02)
1 3	185.167.164.39 185.167.164.39	198622 (ADFORM) (ADFORM)
3	40.76.174.66 40.76.174.66	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 15	37.157.3.28 37.157.3.28	198622 (ADFORM) (ADFORM)
1	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
2 6	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.210.237.106 52.210.237.106	16509 (AMAZON-02) (AMAZON-02)
1	96.16.132.239 96.16.132.239	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	35.156.209.249 35.156.209.249	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.133 185.86.137.133	201081 (SMARTADSE...) (SMARTADSERVER)
1 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	2.16.107.130 2.16.107.130	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	3.120.86.7 3.120.86.7	16509 (AMAZON-02) (AMAZON-02)
2 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
7 8	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
1 1	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
3 3	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	3.127.178.105 3.127.178.105	16509 (AMAZON-02) (AMAZON-02)
2 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	18.203.72.119 18.203.72.119	16509 (AMAZON-02) (AMAZON-02)
2	2.18.232.236 2.18.232.236	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	3.248.26.101 3.248.26.101	16509 (AMAZON-02) (AMAZON-02)
1	52.92.16.104 52.92.16.104	16509 (AMAZON-02) (AMAZON-02)
1 1	141.94.170.64 141.94.170.64	16276 (OVH) (OVH)
3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
5 6	139.162.147.254 139.162.147.254	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	139.162.141.41 139.162.141.41	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	91.210.226.73 91.210.226.73	48314 (IP-PROJECTS) (IP-PROJECTS)
1 1	80.85.85.173 80.85.85.173	63949 (LINODE-AP...) (LINODE-AP Linode)
1	79.125.33.106 79.125.33.106	16509 (AMAZON-02) (AMAZON-02)
2 3	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	52.222.214.81 52.222.214.81	16509 (AMAZON-02) (AMAZON-02)
2 3	52.20.226.248 52.20.226.248	14618 (AMAZON-AES) (AMAZON-AES)
2 2	54.77.143.129 54.77.143.129	16509 (AMAZON-02) (AMAZON-02)
1 1	34.250.137.124 34.250.137.124	16509 (AMAZON-02) (AMAZON-02)
2 2	18.157.92.103 18.157.92.103	16509 (AMAZON-02) (AMAZON-02)
1	162.19.138.82 162.19.138.82	16276 (OVH) (OVH)
2 2	35.190.24.218 35.190.24.218	15169 (GOOGLE) (GOOGLE)
1	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	95.216.101.186 95.216.101.186	24940 (HETZNER-AS) (HETZNER-AS)
1	2600:9000:223... 2600:9000:223f:c00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	46.19.11.36 46.19.11.36	51790 (SIEL) (SIEL)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	18.156.32.70 18.156.32.70	16509 (AMAZON-02) (AMAZON-02)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	46.101.13.61 46.101.13.61	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	52.209.76.227 52.209.76.227	16509 (AMAZON-02) (AMAZON-02)
137	68

2 18.66.122.38 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-38.fra60.r.cloudfront.net

emails1.tdecu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.17.197.235 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-17-197-235.us-east-2.compute.amazonaws.com

www.tdecu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:7034 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.sitescdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
answersstatus.pagescdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:46 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.54.4 (United States)

ASN62659 (Q2HOLDINGS, US)

cds-sdkcfg.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::282 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:223d:7000:8:e724:a480:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.tdecu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.117.88.121 (Richmond, United States)

ASN62 (CONE, US)

ece.tdecu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-36.fra60.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:225e:7400:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223d:5a00:12:de4a:40:93a1 (United States)

ASN16509 (AMAZON-02, US)

162566.tctm.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.232.242.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-242-170.compute-1.amazonaws.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0b::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.5.71 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-74.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.159.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-159-197.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.167.164.39 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

a2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 40.76.174.66 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

d.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 37.157.3.28 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.28 (Denmark)

ASN198622 (ADFORM, DK)

a1.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.233.201 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.237.106 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-237-106.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.132.239 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-132-239.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.209.249 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-209-249.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.133 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.107.130 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-107-130.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.86.7 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-86-7.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (Amsterdam, Netherlands) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 77.243.60.138 (Aalborg, Denmark) 7 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
se.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.38 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.74.194 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.114.159.93 (Schopfheim, Germany) 3 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.178.105 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.203.72.119 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-72-119.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.236 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-236.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.26.101 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-26-101.eu-west-1.compute.amazonaws.com

api.adrtx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.92.16.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1.amazonaws.com

s3-eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.94.170.64 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-7.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 139.162.147.254 (Frankfurt am Main, Germany) 5 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1414-254.members.linode.com

cm.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.141.41 (Frankfurt am Main, Germany) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: tags1.adsafety.net

tags.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.210.226.73 (Germany) 1 redirects

ASN48314 (IP-PROJECTS, DE)

ads.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.85.85.173 (London, United Kingdom) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li749-173.members.linode.com

cm.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.125.33.106 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-33-106.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.250 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-81.fra56.r.cloudfront.net

pdw-adf.userreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.20.226.248 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-226-248.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.77.143.129 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-143-129.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.137.124 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-137-124.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.157.92.103 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-92-103.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.24.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.24.190.35.bc.googleusercontent.com

redirect.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.216.101.186 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.186.101.216.95.clients.your-server.de

sync.1dmp.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:c00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.19.11.36 (Slovenia)

ASN51790 (SIEL, SI)
PTR: ilog.vsn.si

match.contentexchange.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.32.70 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-32-70.eu-central-1.compute.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.101.13.61 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: 529751.cloudwaysapps.com

directory.cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.76.227 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-76-227.eu-west-1.compute.amazonaws.com

log.cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	adform.net 3 redirects s2.adform.net — Cisco Umbrella Rank: 5940 a2.adform.net — Cisco Umbrella Rank: 8191 c1.adform.net — Cisco Umbrella Rank: 989 dmp.adform.net — Cisco Umbrella Rank: 5409	41 KB
19	tdecu.org 2 redirects emails1.tdecu.org www.tdecu.org — Cisco Umbrella Rank: 706475 cdn.tdecu.org — Cisco Umbrella Rank: 864056 ece.tdecu.org — Cisco Umbrella Rank: 941830	2 MB
8	semasio.net 7 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1769 se.semasio.net — Cisco Umbrella Rank: 22498	5 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 804 d.clarity.ms — Cisco Umbrella Rank: 6596 c.clarity.ms — Cisco Umbrella Rank: 1219	28 KB
7	adsafety.net 6 redirects cm.adsafety.net — Cisco Umbrella Rank: 17518 tags.adsafety.net — Cisco Umbrella Rank: 112905	12 KB
7	doubleclick.net 4 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 171 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 304	3 KB
7	adroll.com 2 redirects s.adroll.com — Cisco Umbrella Rank: 3652 d.adroll.com — Cisco Umbrella Rank: 2343	21 KB
6	mathtag.com 2 redirects pixel.mathtag.com — Cisco Umbrella Rank: 1507	5 KB
5	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 665 c.bing.com — Cisco Umbrella Rank: 426	13 KB
5	gstatic.com fonts.gstatic.com	71 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 334 secure.adnxs.com — Cisco Umbrella Rank: 707	4 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 115	252 B
4	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 2307 match.adsrvr.org — Cisco Umbrella Rank: 463 insight.adsrvr.org — Cisco Umbrella Rank: 922	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	21 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 203	60 KB
4	cdn-cookieyes.com cdn-cookieyes.com — Cisco Umbrella Rank: 46282	54 KB
3	audrte.com 2 redirects a.audrte.com — Cisco Umbrella Rank: 3704	3 KB
3	exelator.com 2 redirects loadm.exelator.com — Cisco Umbrella Rank: 2615 load77.exelator.com — Cisco Umbrella Rank: 4275	2 KB
3	adition.com 3 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 2125	1 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3460	628 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3900 www.google.com — Cisco Umbrella Rank: 19	992 B
3	sitescdn.net assets.sitescdn.net — Cisco Umbrella Rank: 17089	206 KB
2	cookieyes.com directory.cookieyes.com — Cisco Umbrella Rank: 58101 log.cookieyes.com — Cisco Umbrella Rank: 50871	466 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 732	581 B
2	1dmp.io 1 redirects sync.1dmp.io — Cisco Umbrella Rank: 12004	809 B
2	weborama.fr 2 redirects redirect.frontend.weborama.fr — Cisco Umbrella Rank: 9297	527 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1306	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 293	2 KB
2	smartstream.tv 2 redirects ads.smartstream.tv — Cisco Umbrella Rank: 21781 cm.smartstream.tv — Cisco Umbrella Rank: 388352	1 KB
2	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 786	655 B
2	crwdcntrl.net 1 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 1102	572 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 908	2 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 796	717 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 430	1 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 432	488 B
2	adscale.de 2 redirects ih.adscale.de — Cisco Umbrella Rank: 6709	692 B
2	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 867	827 B
2	tctm.co 162566.tctm.co	16 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 874 script.hotjar.com — Cisco Umbrella Rank: 1166 vars.hotjar.com Failed	69 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 129	167 KB
1	emxdgt.com e1.emxdgt.com — Cisco Umbrella Rank: 1813	55 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 601	140 B
1	contentexchange.me match.contentexchange.me — Cisco Umbrella Rank: 25750	49 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 1009	242 B
1	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1522	172 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 642	1 KB
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 791	491 B
1	userreport.com pdw-adf.userreport.com — Cisco Umbrella Rank: 27551	444 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 1016	225 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 757	338 B
1	onaudience.com 1 redirects pixel.onaudience.com — Cisco Umbrella Rank: 4592	417 B
1	amazonaws.com s3-eu-west-1.amazonaws.com	390 B
1	adrtx.net 1 redirects api.adrtx.net — Cisco Umbrella Rank: 35566	406 B
1	openx.net eu-u.openx.net — Cisco Umbrella Rank: 2606	273 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 596	98 B
1	eyeota.net ps.eyeota.net — Cisco Umbrella Rank: 1457	344 B
1	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1879	378 B
1	stickyadstv.com ads.stickyadstv.com — Cisco Umbrella Rank: 1021	798 B
1	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 852	163 B
1	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 1067	214 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 3860	522 B
1	seadform.net a1.seadform.net — Cisco Umbrella Rank: 31192	344 B
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 3135	214 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 154	15 KB
1	pagescdn.com answersstatus.pagescdn.com — Cisco Umbrella Rank: 66144	1 KB
1	polyfill.io polyfill.io — Cisco Umbrella Rank: 2114	416 B
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1686	45 KB
1	onlineaccess1.com cds-sdkcfg.onlineaccess1.com — Cisco Umbrella Rank: 26506	110 KB
0	ib-ibi.com Failed global.ib-ibi.com Failed
137	69

	Domain	Requested by
12	c1.adform.net	2 redirects a2.adform.net c1.adform.net
8	www.tdecu.org	www.tdecu.org
7	cdn.tdecu.org	www.tdecu.org
6	cm.adsafety.net	5 redirects c1.adform.net
6	pixel.mathtag.com	2 redirects a2.adform.net pixel.mathtag.com
6	s.adroll.com	2 redirects www.googletagmanager.com www.tdecu.org s.adroll.com
5	se.semasio.net	4 redirects c1.adform.net
5	fonts.gstatic.com	www.tdecu.org
4	cm.g.doubleclick.net	4 redirects
4	www.facebook.com	www.tdecu.org
4	www.google-analytics.com	www.tdecu.org www.google-analytics.com
4	connect.facebook.net	www.googletagmanager.com connect.facebook.net
4	bat.bing.com	www.googletagmanager.com bat.bing.com www.tdecu.org
4	cdn-cookieyes.com	www.tdecu.org cds-sdkcfg.onlineaccess1.com
3	dmp.adform.net	c1.adform.net
3	a.audrte.com	2 redirects c1.adform.net
3	secure.adnxs.com	2 redirects c1.adform.net
3	dsp.adfarm1.adition.com	3 redirects
3	uipglob.semasio.net	3 redirects
3	d.clarity.ms	cds-sdkcfg.onlineaccess1.com
3	a2.adform.net	1 redirects www.tdecu.org s2.adform.net
3	www.google.de	www.tdecu.org
3	www.clarity.ms	www.tdecu.org www.clarity.ms bat.bing.com
3	assets.sitescdn.net	www.tdecu.org assets.sitescdn.net
2	c.clarity.ms	1 redirects
2	pixel.tapad.com	2 redirects
2	sync.1dmp.io	1 redirects c1.adform.net
2	redirect.frontend.weborama.fr	2 redirects
2	pm.w55c.net	2 redirects
2	dpm.demdex.net	2 redirects
2	match.adsrvr.org	c1.adform.net
2	tags.bluekai.com	c1.adform.net
2	sync.crwdcntrl.net	1 redirects c1.adform.net
2	loadm.exelator.com	2 redirects
2	dsum-sec.casalemedia.com	1 redirects c1.adform.net
2	sync.1rx.io	2 redirects
2	x.bidswitch.net	2 redirects
2	ups.analytics.yahoo.com	1 redirects c1.adform.net
2	ih.adscale.de	2 redirects
2	ad.360yield.com	1 redirects c1.adform.net
2	www.google.com	www.tdecu.org
2	stats.g.doubleclick.net	www.googletagmanager.com cds-sdkcfg.onlineaccess1.com
2	162566.tctm.co	www.googletagmanager.com 162566.tctm.co
2	ece.tdecu.org	cds-sdkcfg.onlineaccess1.com
2	www.googletagmanager.com	www.tdecu.org www.googleoptimize.com
2	emails1.tdecu.org	2 redirects
1	log.cookieyes.com	cdn-cookieyes.com
1	directory.cookieyes.com	cds-sdkcfg.onlineaccess1.com
1	insight.adsrvr.org	js.adsrvr.org
1	c.bing.com	1 redirects
1	e1.emxdgt.com	c1.adform.net
1	eb2.3lift.com	c1.adform.net
1	match.contentexchange.me	c1.adform.net
1	s.ad.smaato.net	c1.adform.net
1	sync.teads.tv	c1.adform.net
1	id5-sync.com	c1.adform.net
1	aa.agkn.com	1 redirects
1	pdw-adf.userreport.com	c1.adform.net
1	simage2.pubmatic.com	c1.adform.net
1	beacon.krxd.net	c1.adform.net
1	cm.smartstream.tv	1 redirects
1	ads.smartstream.tv	1 redirects
1	tags.adsafety.net	1 redirects
1	pixel.onaudience.com	1 redirects
1	s3-eu-west-1.amazonaws.com	c1.adform.net
1	api.adrtx.net	1 redirects
1	eu-u.openx.net	c1.adform.net
1	idsync.rlcdn.com	c1.adform.net
1	load77.exelator.com	c1.adform.net
1	ps.eyeota.net	c1.adform.net
1	ib.adnxs.com	1 redirects
1	sync.targeting.unrulymedia.com	c1.adform.net
1	ads.stickyadstv.com	c1.adform.net
1	rtb-csync.smartadserver.com	c1.adform.net
1	token.rubiconproject.com	c1.adform.net
1	ad.yieldlab.net	c1.adform.net
1	a1.seadform.net	www.tdecu.org
1	d.adroll.com	s.adroll.com
1	script.hotjar.com	static.hotjar.com
1	s2.adform.net	www.tdecu.org
1	googleads.g.doubleclick.net	www.googleadservices.com
1	region1.analytics.google.com	www.googletagmanager.com
1	api.ipify.org	www.tdecu.org
1	js.adsrvr.org	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	answersstatus.pagescdn.com	cds-sdkcfg.onlineaccess1.com
1	polyfill.io	www.tdecu.org
1	www.googleoptimize.com	www.tdecu.org
1	cds-sdkcfg.onlineaccess1.com	www.tdecu.org
0	global.ib-ibi.com Failed	c1.adform.net
0	vars.hotjar.com Failed	static.hotjar.com
137	92

This site contains links to these domains. Also see Links.

Domain
secure.tdecu.org
forms.fivision.com
tdecu.studentchoice.org
simplenexus.tdecu.org
myaccountviewonline.com
tdecuinsurance.epaypolicy.com
clientportal.vertafore.com
www.equifax.com
www.experian.com
www.transunion.com
www.secretservice.gov
emails1.tdecu.org
tdecu.wd1.myworkdayjobs.com
blog.tdecu.org
texasdow.myepresentment.com
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
www.youtube.com
www.hud.gov
www.ncua.gov
ece.tdecu.org

Subject Issuer	Validity	Valid
tdecu.org R3	`2022-08-11` - `2022-11-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-10` - `2023-08-10`	a year	crt.sh
*.cdn-cookieyes.com E1	`2022-08-16` - `2022-11-14`	3 months	crt.sh
cds-sdkcfg.onlineaccess1.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-08` - `2023-04-09`	a year	crt.sh
cdn.tdecu.org Amazon	`2022-02-07` - `2023-03-07`	a year	crt.sh
answersstatus.pagescdn.com Cloudflare Inc ECC CA-3	`2022-05-05` - `2023-05-05`	a year	crt.sh
ece.tdecu.org DigiCert TLS RSA SHA256 2020 CA1	`2022-10-01` - `2023-10-03`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-09-03` - `2023-03-03`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-16` - `2022-10-14`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
s.adroll.com Amazon	`2022-07-03` - `2023-08-01`	a year	crt.sh
*.tctm.co Amazon	`2022-09-08` - `2023-10-06`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2022-08-10` - `2023-09-08`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.seadform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-11-04`	a year	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
*.yieldlab.net DigiCert SHA2 Secure Server CA	`2022-01-14` - `2023-01-13`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-14` - `2023-06-16`	a year	crt.sh
eyeota.net GoGetSSL RSA DV CA	`2022-03-18` - `2023-03-18`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.userreport.com Amazon	`2022-01-19` - `2023-02-17`	a year	crt.sh
*.id5-sync.com R3	`2022-08-18` - `2022-11-16`	3 months	crt.sh
teads.tv R3	`2022-08-17` - `2022-11-15`	3 months	crt.sh
s.ad.smaato.net Amazon	`2022-08-22` - `2023-09-20`	a year	crt.sh
*.contentexchange.me Sectigo RSA Domain Validation Secure Server CA	`2022-05-31` - `2023-06-04`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2022-05-18` - `2023-06-19`	a year	crt.sh
directory.cookieyes.com R3	`2022-09-14` - `2022-12-13`	3 months	crt.sh
log.cookieyes.com Amazon	`2022-05-25` - `2023-06-23`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Frame ID: B579719CE4C45143BEB9DFC93BEAEDEE
Requests: 86 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
Frame ID: 0E22DADE58CAFEF07C3B9F5C6B30DF65
Requests: 1 HTTP requests in this frame

Frame: https://a2.adform.net/serving/container/?pm=2816787&lid=120549097&ctype=0&media=0&PageName=Retargeting&rnd=1339587847&cpref=&loc=https%3a%2f%2fwww.tdecu.org%2fprotect-yourself-from-phishing-attacks%3futm_source%3dAdestra%26utm_medium%3demail%26ut
Frame ID: 3FDAFD63CE9F27E24EBE68A68961F4BA
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Frame ID: 835A574FAAC258FB30F762197F4E2B86
Requests: 46 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=01d7633f-652d-4600-bd56-eb822c61c8a0&no_iframe=1&mt_adid=258182&source=mathtag
Frame ID: 8B61419086B3352966FD6A60E8FD9F9D
Requests: 2 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=s4so7ax&ref=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&upid=1epc39v&upv=1.1.0
Frame ID: CB2806D2A26EC98D8D0C3B848EEE2267
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Protect Yourself From Phishing Attacks

Page URL History Show full URLs

http://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz HTTP 301
https://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz HTTP 302
https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&u... Page URL

Detected technologies

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

137
Requests

80 %
HTTPS

25 %
IPv6

69
Domains

92
Subdomains

68
IPs

11
Countries

3312 kB
Transfer

6169 kB
Size

110
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.tdecu.org/TDECUOnline/uux.aspx#/login
Title: Log In

Search URL Search Domain Scan URL

URL: https://secure.tdecu.org/TDECUOnline/sdk/AutoEnrollmentE2E/ForgotLogin
Title: Username

Search URL Search Domain Scan URL

URL: https://secure.tdecu.org/TDECUOnline/uux.aspx#/login/resetPasswordUsername
Title: Password

Search URL Search Domain Scan URL

URL: https://secure.tdecu.org/TDECUOnline/sdk/AutoEnrollmentE2E
Title: Enroll in Digital Banking

Search URL Search Domain Scan URL

URL: https://forms.fivision.com/tdecu/oa
Title: Open an Account

Search URL Search Domain Scan URL

URL: http://tdecu.studentchoice.org/
Title: Student Loans & Refinance

Search URL Search Domain Scan URL

URL: https://simplenexus.tdecu.org/homehub/signup/imortgageorigination@tdecu.org
Title: Apply Now

Search URL Search Domain Scan URL

URL: https://myaccountviewonline.com/login/
Title: Access Your Account

Search URL Search Domain Scan URL

URL: https://tdecuinsurance.epaypolicy.com/
Title: Make an Insurance Payment

Search URL Search Domain Scan URL

URL: https://clientportal.vertafore.com/Login/2041121-1
Title: Access Your Policy

Search URL Search Domain Scan URL

URL: https://forms.fivision.com/tdecu/sc/
Title: Check Application Status

Search URL Search Domain Scan URL

URL: https://www.equifax.com/
Title: equifax.com

Search URL Search Domain Scan URL

URL: https://www.experian.com/
Title: experian.com

Search URL Search Domain Scan URL

URL: https://www.transunion.com/
Title: transunion.com

Search URL Search Domain Scan URL

URL: https://www.secretservice.gov/investigation/cyber
Title: Secret Service

Search URL Search Domain Scan URL

URL: https://emails1.tdecu.org/k/Tdecu-Marketing/tdecu_blog_subscription_center
Title: Click here to sign up

Search URL Search Domain Scan URL

URL: https://tdecu.wd1.myworkdayjobs.com/TDECU
Title: Careers

Search URL Search Domain Scan URL

URL: https://blog.tdecu.org/
Title: Advice Center Blog

Search URL Search Domain Scan URL

URL: https://texasdow.myepresentment.com/login
Title: eDocuments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TDECU

Search URL Search Domain Scan URL

URL: https://twitter.com/TDECU

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tdecuyourcreditunion/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/tdecu

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TDECUvideos

Search URL Search Domain Scan URL

URL: https://www.hud.gov/program_offices/fair_housing_equal_opp
Title: <img src="https://cdn.tdecu.org/images/assets/fheo-logo.png" class="tdecu-no-lazy-load" loading="lazy" alt="Equal Housing Lender" >

Search URL Search Domain Scan URL

URL: https://www.ncua.gov/
Title: Insured by NCUA

Search URL Search Domain Scan URL

URL: https://ece.tdecu.org/system/templates/chat/tdecu/index.html?subActivity=Chat&entryPointId=1001&templateName=tdecu&ver=v11&locale=en-US
Title: Live Chat

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz HTTP 301
https://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz HTTP 302
https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://s.adroll.com/j/exp/3UHUTMCIQFEF5HI7C7C6X3/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 51

https://s.adroll.com/j/pre/3UHUTMCIQFEF5HI7C7C6X3/AWTPPKLTDFE7NND43K5R2A/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 70

https://a2.adform.net/Serving/TrackPoint/?pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26ut&Set1=en-US%7Cen-US%7C1600x1200%7C24 HTTP 302
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26ut&Set1=en-US%7Cen-US%7C1600x1200%7C24

Request Chain 82

https://ad.360yield.com/match?publisher_dsp_id=42&external_user_id=7438904879291372353&Expiration=1666308653 HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=7438904879291372353&Expiration=1666308653

Request Chain 85

https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=7438904879291372353&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__ HTTP 302
https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=7438904879291372353&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__&nut&uu=968c260cf8e34176a396ea9cdfba5542 HTTP 307
https://c1.adform.net/serving/cookie/match?party=9&uid=b3808c6f2fce2f2b6ba46d74c7e7e4968e88bd1b8df80811eb2520f278599aa2

Request Chain 87

https://ups.analytics.yahoo.com/ups/55944/sync?uid=7438904879291372353&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55944/sync?uid=7438904879291372353&_origin=1&verify=true

Request Chain 89

https://x.bidswitch.net/sync?dsp_id=70&user_id=7438904879291372353 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=70&user_id=7438904879291372353 HTTP 302
https://sync.1rx.io/usersync/bidswitch/fb940819-4d31-452e-90b4-4bffa38dd195?gdpr=&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync/bidswitch/fb940819-4d31-452e-90b4-4bffa38dd195?zcc=1&cb=1665099053648 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003

Request Chain 90

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=7438904879291372353&expiration=1666308653 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=7438904879291372353&expiration=1666308653&C=1

Request Chain 91

https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=7438904879291372353&sInitiator=external HTTP 302
https://uipglob.semasio.net/adform/1/info2?sType=sync&sExtCookieId=7438904879291372353&sInitiator=external HTTP 302
https://se.semasio.net/sync/1/16266044?sExtCookieId=7438904879291372353&gdpr=&gdpr_consent=&sInitiator=external HTTP 302
https://pixel.mathtag.com/sync/img?mt_exid=10041&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F14876172%3FsExtCookieId%3D%5BMM_UUID%5D%26sInitiator%3Dinternal HTTP 302
https://se.semasio.net/sync/1/14876172?sExtCookieId=01d7633f-652d-4600-bd56-eb822c61c8a0&sInitiator=internal&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F4354957%3FsExtCookieId%3D%24UID%26sInitiator%3Dinternal&gdpr=0&gdpr_consent= HTTP 302
https://se.semasio.net/sync/1/4354957?sExtCookieId=501162471479193006&sInitiator=internal&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=semasio_ddp&google_cm&google_hm=Mzg5QUI2RTI0OUE1MEFFQQ&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEDSjkSWTbroNc3Hhrb014mM&sInitiator=internal&google_cver=1&gdpr=0&gdpr_consent=&google_cver=1 HTTP 302
https://se.semasio.net/sync/1/12092831?sExtCookieId=CAESEDSjkSWTbroNc3Hhrb014mM&sInitiator=internal&google_cver=1&gdpr=0&gdpr_consent= HTTP 302
https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F647471%3FsExtCookieId%3D%25%25COOKIE%25%25%26sInitiator%3Dinternal&gdpr=0&gdpr_consent= HTTP 302
https://se.semasio.net/sync/1/647471?sExtCookieId=7151545981531781273&sInitiator=internal&gdpr=0&gdpr_consent=

Request Chain 93

https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=7438904879291372353 HTTP 302
https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=7438904879291372353&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 95

https://sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/gdpr_consent=

Request Chain 98

https://api.adrtx.net/thirdparty/click?p=adfo HTTP 302
https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif

Request Chain 99

https://pixel.onaudience.com/?mapped=7438904879291372353&partner=68 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1

Request Chain 100

https://cm.adsafety.net/?_cmsrc=adformx&idt=100&did=7438904879291372353 HTTP 302
https://tags.adsafety.net/v1/cm?cm_uid=CM12022100623a901e661758d7d5a201&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Dcommon%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D HTTP 302
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=common&idt=100&did=1797c219881b1afe6c3dfc70d2c74a36 HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=cm&cm_uid=CM12022100623a901e661758d7d5a201&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dstv%26_chainsrc%3Dcommon&gdpr_consent= HTTP 302
https://cm.adsafety.net/?_cmsrc=stv&_chainsrc=common&idt=100&did=1797c219881b1afe6c3dfc70d2c74a36&idt_did_status=added&gdpr_consent=&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dataxtrade_dmp&google_cm&google_hm=Q00xMjAyMjEwMDYyM2E5MDFlNjYxNzU4ZDdkNWEyMDE HTTP 302
https://cm.adsafety.net/?_cmsrc=dbmx&midt=100&mdid=CAESEGcXtNYqi27kBzn6ID3lPlY&google_cver=1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=28&cid=CM12022100623a901e661758d7d5a201 HTTP 302
https://cm.adsafety.net/?_cmsrc=adform&idt=100&did=7438904879291372353 HTTP 302
https://dsp.adfarm1.adition.com/cookie/?ssp=6 HTTP 302
https://cm.smartstream.tv/?_cmsrc=activeagent_cm&idt=100&did=7151545981531781273 HTTP 302
https://cm.adsafety.net/?_cmsrc=activeagent_cm&idt=100&did=7151545981531781273

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_cm&google_ula=1641347&party=1&google_hm=NzQzODkwNDg3OTI5MTM3MjM1Mw HTTP 302
https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEbbz-V-AXkOK95d1Tgp5fA&google_cver=1&google_ula=1641347,0

Request Chain 103

https://secure.adnxs.com/getuid?https://c1.adform.net/serving/cookie/match?party=3&id=$UID&redirect=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3Fparty%3D3%26id%3D%24UID%26redirect%3D1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=3&id=501162471479193006&redirect=1 HTTP 302
https://secure.adnxs.com/setuid?entity=91&code=7438904879291372353

Request Chain 107

https://a.audrte.com/a?adform_uid=7438904879291372353 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=&google_gid=CAESEGPM7IwDCq9A5LHXqBDX0zQ&google_cver=1 HTTP 302
https://a.audrte.com/p

Request Chain 108

https://dpm.demdex.net/ibs:dpid=1586&dpuuid=7438904879291372353&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1586&dpuuid=7438904879291372353&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=1007&cid=31518233421444085350667207475019161095&noredirect=1

Request Chain 109

https://aa.agkn.com/adscores/g.pixel?sid=9212269628&_puid=7438904879291372353 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1014&cid=220073204296003987331

Request Chain 110

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1049%26cid%3D%25%25COOKIE%25%25 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7151545981531781273

Request Chain 112

https://pixel.mathtag.com/sync/img?redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1066%26cid%3D%5BMM_UUID%5D HTTP 302
https://c1.adform.net/serving/cookie/match?party=1066&cid=01d7633f-652d-4600-bd56-eb822c61c8a0

Request Chain 113

https://pm.w55c.net/ping_match.gif?st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_ HTTP 302
https://c1.adform.net/serving/cookie/match?party=1084&cid=RwbQbcOS1OGAkm5

Request Chain 117

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D HTTP 302
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D&bounce=1&random=249636628 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1145&cid=N6JBoaGluUiMQXlt2OETbO

Request Chain 119

https://sync.1dmp.io/pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=7438904879291372353 HTTP 302
https://sync.1dmp.io/pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=7438904879291372353&cs=1

Request Chain 121

https://pixel.tapad.com/idsync/ex/receive?partner_id=2032&partner_device_id=7438904879291372353&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2032&partner_device_id=7438904879291372353&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://c1.adform.net/serving/cookie/match?party=2007&cid=5d6e8368-f519-464a-a1cd-13ecc010bd05

Request Chain 131

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=3AF346649DB94BA79B1DB32333D808A5&RedC=c.clarity.ms&MXFR=0FB0105056A36E3A3E35026552A360F5 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=3AF346649DB94BA79B1DB32333D808A5&MUID=13A4FE16CAFD6DC42AF2EC23CB8C6CC8

137 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request protect-yourself-from-phishing-attacks Show response
www.tdecu.org/
Redirect Chain

http://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz
https://emails1.tdecu.org/c/13Vv5XzePOTkC44xTRgenPz
https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign

62 KB
13 KB

583ms
230ms

Document
text/html

3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b3cb32c60f686a7b94de2f050bb5b393e84b7782331ad1c1fa949eb5a8e5eaf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 86
cache-control: public, max-age=180, stale-while-revalidate=360, stale-if-error=43200
content-encoding: gzip
content-length: 13170
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Thu, 06 Oct 2022 23:30:51 GMT
expires: Wed, 17 Aug 2005 00:00:00 GMT
last-modified: Thu, 06 Oct 2022 23:29:24 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.18.0 (Ubuntu)
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
x-cache-hits: 9
x-frame-options: SAMEORIGIN

Redirect headers

date: Thu, 06 Oct 2022 23:30:50 GMT
location: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
server: CloudFront
via: 1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront)
x-amz-cf-id: kJHgPjo2zJj1-2zc_PAm4x74CzgIvEekLLNYLAxEpRoQ8z74DIFtYQ==
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront

GET
H2 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v16/ 15 KB
15 KB 56ms
17ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdecu.org/
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 12:46:03 GMT
x-content-type-options: nosniff
age: 211488
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14864
x-xss-protection: 0
last-modified: Tue, 23 Jul 2019 03:45:51 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Oct 2023 12:46:03 GMT

GET
H2 200 S6u_w4BMUTPHjxsI5wq_Gwftx9897g.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
15 KB 59ms
21ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u_w4BMUTPHjxsI5wq_Gwftx9897g.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f4eb73e4854117bf7bf9da7dc0c17740b03b5db6eb7ee6ffc20aeb35c1ea48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdecu.org/
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 09:20:46 GMT
x-content-type-options: nosniff
age: 137405
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14836
x-xss-protection: 0
last-modified: Tue, 23 Jul 2019 03:45:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 05 Oct 2023 09:20:46 GMT

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 80ms
42ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh7USSwiPGQ3q5d0.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

706494a230ae9c22ebbda2b9fce9af786bac0ea5f315c80e3fbe9f44e7883c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdecu.org/
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 16:41:25 GMT
x-content-type-options: nosniff
age: 197366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13912
x-xss-protection: 0
last-modified: Tue, 23 Jul 2019 03:45:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 16:41:25 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 70ms
32ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdecu.org/
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 11:05:26 GMT
x-content-type-options: nosniff
age: 217525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
last-modified: Tue, 23 Jul 2019 03:45:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Oct 2023 11:05:26 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 74ms
37ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdecu.org/
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 05:36:35 GMT
x-content-type-options: nosniff
age: 496456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14176
x-xss-protection: 0
last-modified: Tue, 23 Jul 2019 03:45:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 05:36:35 GMT

GET
H2 200 fa-solid-900.woff2
www.tdecu.org/templates/tdecu/fonts/fa/ 138 KB
138 KB 236ms
233ms Font
font/woff2 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/templates/tdecu/fonts/fa/fa-solid-900.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

32a191572908746d2e318ba46d98d44ccb92ac9354ba06aad2fe3a47aa354753

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 05 Oct 2022 16:27:20 GMT
server: nginx/1.18.0 (Ubuntu)
age: 3413
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
x-cache: HIT
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 140565
x-cache-hits: 890

GET
H2 200 4ca019e203d1c4af57d62d8b55b63126.css
www.tdecu.org/media/com_jchoptimize/cache/css/ 703 KB
103 KB 118ms
115ms Stylesheet
text/css 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/media/com_jchoptimize/cache/css/4ca019e203d1c4af57d62d8b55b63126.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3bcbbfc6b7e95f606e79404323b1f75eb7e830c58facc58425f0085d84399929

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 06 Oct 2022 14:07:24 GMT
server: nginx/1.18.0 (Ubuntu)
age: 3413
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-cache: HIT
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 104836
x-cache-hits: 303

GET
H2 200 answers.css
assets.sitescdn.net/answers/v1.7.1/ 98 KB
12 KB 75ms
24ms Stylesheet
text/css 2606:4700::6812:7034
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sitescdn.net/answers/v1.7.1/answers.css
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:7034 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 847ddd7cbb1ab322976ca46c2038b5dacaacb781ff25c9e576c859455802fcac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 08 Jan 2021 16:10:17 GMT
server: cloudflare
x-amz-request-id: DAVV733GEB22JSQC
age: 15727878
etag: W/"0caa637588ea850b9ea837e963c828ab"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
cf-ray: 75622fef9a3e9b37-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: O8fFsbT0yORlUh5qUrxBTGqO0Nj+L7rKWg1PQxi7tfiA2WMvoODdFQ0TTYfONarejho1jkB3RLE=

GET
H2 200 2de20e9e62ef1eafc987f9ce7fe254a4.js Show response
www.tdecu.org/media/com_jchoptimize/cache/js/ 109 KB
37 KB 236ms
234ms Script
application/javascript 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/media/com_jchoptimize/cache/js/2de20e9e62ef1eafc987f9ce7fe254a4.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b88ca1362fa7b7e72bc6910d525f3bfd040e4730b86b68fcd76775d026817563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 06 Oct 2022 14:07:38 GMT
server: nginx/1.18.0 (Ubuntu)
age: 3413
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cache: HIT
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 37991
x-cache-hits: 297

GET
H2 200 script.js Show response
cdn-cookieyes.com/client_data/56cf2d44ea731ea9ecfb4a95/ 147 KB
47 KB 76ms
31ms Script
application/javascript 2606:4700:20::681a:46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/56cf2d44ea731ea9ecfb4a95/script.js
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8605650447ae1bf9c2dae528d765e7df7658271b7cbd2aab4bd420422311eb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 17:20:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 82835
etag: W/"24ca8-5ea38ad8cab84-gzip"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyAA6SiZ%2B4gdr9y%2Bb30wLxeXqfYGnA7iNAEMOcRiEguPrQSGc%2FxjrnO3t2b2xxsJawwmRjOc%2BWxlMOUMQ6PNEYsMigg2Nf7QNvs3ONHEfwKBoC9OFYWHcxCxJz%2F3AIwAiwn4tKOglGjAGb2zQ2V7"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
cf-ray: 75622fef89f99125-FRA

GET
H2 200 common.js Show response
cds-sdkcfg.onlineaccess1.com/ 198 KB
110 KB 314ms
256ms Script
application/javascript 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cds-sdkcfg.onlineaccess1.com/common.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2492ba95f7be721c6370736a9862779dd07eec7ac91b35f18eecb0de1b03cc42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
x-ion-hop: prod
cache-control: no-cache, no-store, must-revalidate
cf-ray: 75622fef9d3590d6-FRA
expires: 0

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 117 KB
45 KB 82ms
29ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-TKP4Z8J

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fda3d48ff7b2599f09ffd9ec8a510486adc95cb93cf92f5695ce1a424a901bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 45506
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 06 Oct 2022 23:30:51 GMT

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
416 B 64ms
27ms Script
text/javascript 2a04:4e42:400::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://polyfill.io/v3/polyfill.min.js?features=Array.prototype.find,Promise,Object.assign
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: br
last-modified: Wed, 05 Oct 2022 07:16:57 GMT
age: 0
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
useragent_normaliser: chrome/106.0.0
server-timing: cache-hhn4070, PASS, fastly;desc="Edge time";dur=12
accept-ranges: bytes
content-length: 94

GET
H2 200 answers.min.js Show response
assets.sitescdn.net/answers/v1.7.1/ 448 KB
129 KB 31ms
30ms Script
application/javascript 2606:4700::6812:7034
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sitescdn.net/answers/v1.7.1/answers.min.js
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:7034 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b6b64bd38df5d467b00a459640f5eeb0c99c5a1d92e3489553dcc42344ff0ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 08 Jan 2021 16:10:17 GMT
server: cloudflare
x-amz-request-id: RNE3F96Q1TMSHVCJ
age: 15727878
etag: W/"c812e6789e2000947d5e90e3a0687a6e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 75622ff2dde99b37-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vK0dQm9dtKQvmHQ/pb0lXTeFlYPIr6JQytTZlMBxG2V2y3OApsGQlYlAlZyOr+rmhV42TwdruIQ=

GET
H2 200 joomla-hidden-mail.min.js Show response
www.tdecu.org/media/system/js/ 1 KB
898 B 237ms
235ms Script
application/javascript 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/media/system/js/joomla-hidden-mail.min.js?6d18a0e3df2fb871b5bc7538c44a395beddb1c08

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ba960c173477dd5ebfc2080ee2eb8243f889621e97d2efbde4386e4c6283bbbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 04 May 2022 23:18:04 GMT
server: nginx/1.18.0 (Ubuntu)
age: 3413
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cache: HIT
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 595
x-cache-hits: 297

GET
H2 200 tdecu-logo.svg
cdn.tdecu.org/images/assets/ 5 KB
2 KB 448ms
377ms Image
image/svg+xml 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/assets/tdecu-logo.svg
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: a466f2cd63a7ab3ea163854856db3b06103c7af453411ac23d0fd377e8454bb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 12:36:53 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
content-encoding: gzip
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 644039
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-varnish: 13626204
access-control-allow-origin: *
content-type: image/svg+xml
cache-control: public, max-age=31536000
x-amz-cf-id: F9GPGoIWS2LB7sin7WT5RC0Ild0a6zvbHt1ZE_LCBXM1HuHj5t7qEg==
expires: Fri, 29 Sep 2023 12:36:53 GMT

GET
H2 200 tdecu-march-2022-security-awareness-rs-hh-lp-web.jpg
cdn.tdecu.org/images/blog/89/ 52 KB
52 KB 448ms
378ms Image
image/webp 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/blog/89/tdecu-march-2022-security-awareness-rs-hh-lp-web.jpg
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 0a23c1163a1431397395baa2be10de40c4aa9a5c6275cad8058cc036b2009e8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 22:33:38 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 3433
etag: 8e03c9289239c559be7afae32797626a
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
x-varnish: 7437978 14549856
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 52810
x-amz-cf-id: C4wmipqWt8XkoXhix02gQ4m7VmkxIchNJQ6NhhLJgLbuaMCEnWLAfg==
expires: Fri, 06 Oct 2023 22:33:38 GMT

GET
H2 200 scripts.min.js Show response
www.tdecu.org/templates/tdecu/script/ 421 KB
114 KB 120ms
120ms Script
application/javascript 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/templates/tdecu/script/scripts.min.js?cb=bcd75141866ebe184a626a852c8c90c6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a05729ad7443e4ad55efc7c7b574463418ab9c337f231d8b96fbd60691736a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 05 Oct 2022 16:27:20 GMT
server: nginx/1.18.0 (Ubuntu)
age: 3414
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cache: HIT
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 116246
x-cache-hits: 996

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 303 KB
92 KB 90ms
52ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

84ae23aaf51673104ae2b1615edba36c389e64ff210f7a1f6eb0841dbdee8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94060
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 23:10:17 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 06 Oct 2022 23:30:52 GMT

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a108193a3c54e5c07c1207c0e38b0279d9cddc0fb844fdbdcaf82629ec69eb8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 fa-brands-400.woff
www.tdecu.org/components/com_sppagebuilder/assets/webfonts/ 90 KB
91 KB 116ms
115ms Font
font/woff 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdecu.org/components/com_sppagebuilder/assets/webfonts/fa-brands-400.woff

Requested by

Host: www.tdecu.org
URL: https://www.tdecu.org/media/com_jchoptimize/cache/css/4ca019e203d1c4af57d62d8b55b63126.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a0375c054a0041bd58e2a0bf7fa3df7c3904bfc4f790fd24e32ff3ee70fd0eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tdecu.org/media/com_jchoptimize/cache/css/4ca019e203d1c4af57d62d8b55b63126.css
Origin: https://www.tdecu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
age: 3413
x-cache: HIT
content-length: 92162
last-modified: Wed, 04 May 2022 23:18:05 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: public, max-age=31536000
accept-ranges: bytes
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
x-cache-hits: 854

GET
H2 200 retirement1.jpg
cdn.tdecu.org/images/blog/559/ 64 KB
64 KB 351ms
350ms Image
image/webp 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/blog/559/retirement1.jpg
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 677007f92b6b975526c800c6703fac513835b491b4080deade5d94733a557ba0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 10:50:01 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 45651
etag: ea772ffc09c344b5bd40f10531b22b09
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
x-varnish: 5989529
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 65499
x-amz-cf-id: e2_lXyEHqxCwJGBotvIrjM7JEc_rwKNN-_2Qf7nH6qKL3gvZfKWyZw==
expires: Fri, 06 Oct 2023 10:50:01 GMT

GET
H2 200 tdecu-5022022_optimized.png
cdn.tdecu.org/images/blog/58/ 630 KB
631 KB 279ms
278ms Image
image/webp 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/blog/58/tdecu-5022022_optimized.png
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 085e3746cf21a3aa96e15d1bdf452501b6db5ad8fa58ed8d1446538531e1010a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 05:23:09 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 238063
etag: 80e7b9c2f7f227697db02ae4c569a51f
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
x-varnish: 14239230
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 645004
x-amz-cf-id: 53xuYsojrwLKP6zor9NovqA9edweV7WLRGePqVXQnQHQ9cnFZEoisA==
expires: Wed, 04 Oct 2023 05:23:09 GMT

GET
H2 200 wesley-garner-04142022_optimized.png
cdn.tdecu.org/images/blog/66/ 594 KB
595 KB 351ms
350ms Image
image/webp 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/blog/66/wesley-garner-04142022_optimized.png
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 213082b247b805323b96f5813077464eca121c02268893b9c40136de5c79f0c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 13:36:20 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 35672
etag: 7762f1876c5b9756e024d08e18e6580c
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
x-varnish: 5989954
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 607756
x-amz-cf-id: KZaozVS2exJnLwgwa8s1ambXirWRDaLFSw1WZomyIm77ZkNU7nYePg==
expires: Fri, 06 Oct 2023 13:36:20 GMT

GET
H2 200 tdecu_100721_optimized.png
cdn.tdecu.org/images/blog/48/ 504 KB
505 KB 306ms
305ms Image
image/webp 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/blog/48/tdecu_100721_optimized.png
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 24d620924416c7f236b86ae2c910c482393264fce1aac775411d18fa22880ac7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 05:23:10 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 238062
etag: c46b12b9c7d4a1ed9f8efe35e82c2e69
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
x-varnish: 13919265
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 515757
x-amz-cf-id: Po6vljc1DNpmR13WajWyEUrzU2zcYjHheuOgDksvuPrdGxHhDEKqMA==
expires: Wed, 04 Oct 2023 05:23:10 GMT

GET
H2 200 fheo-logo.png
cdn.tdecu.org/images/assets/ 2 KB
3 KB 351ms
350ms Image
image/webp 2600:9000:223d:7000:8:e724:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tdecu.org/images/assets/fheo-logo.png
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:7000:8:e724:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 8886bc9745af99b682574b4c3864b147ae902d9dd158e6ca6d3f06cf916dc758

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 05 Sep 2022 08:04:35 GMT
via: 1.1 varnish (Varnish/6.3), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Apache/2.4.41 (Ubuntu)
x-amz-cf-pop: FRA56-P3
age: 2733977
etag: fd16decc4c906af29f625cbd70b3907f
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
x-varnish: 11672339
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 2237
x-amz-cf-id: PJR8jrgXk8u6gpOjz1dof1tr0JSfxJYQSLC8_QJE7QDuZ_p7ixnxpw==
expires: Tue, 05 Sep 2023 08:04:35 GMT

GET
H3 200 answerstemplates.compiled.min.js Show response
assets.sitescdn.net/answers/v1.7.1/ 315 KB
64 KB 30ms
30ms Script
application/javascript 2606:4700::6812:7034
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sitescdn.net/answers/v1.7.1/answerstemplates.compiled.min.js
Requested by: Host: assets.sitescdn.net
URL: https://assets.sitescdn.net/answers/v1.7.1/answers.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7034 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e482eb6717364f5372e044fe181c2abdcbffa18e36a7860634deb4273440a139

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 08 Jan 2021 16:10:17 GMT
server: cloudflare
x-amz-request-id: 9C7EP79KA93WYHWF
age: 15727879
etag: W/"ac39ea2c28426a8e8d1fdc36730e402b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 75622ff3d8c29b39-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: noixwRaluZgGbXa96PYSXNDk61jDogBWD0O9iXrS4POcgmMJOwwkeS/eRtnr2j+q8+3se1Jp3e4=

GET
H2 200 status.json Show response
answersstatus.pagescdn.com/7cbcd3c971849c8f68b6fe2850cd247c/answers_tdecu/ 18 B
1 KB 195ms
122ms Fetch
application/json 2606:4700::6812:7034
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://answersstatus.pagescdn.com/7cbcd3c971849c8f68b6fe2850cd247c/answers_tdecu/status.json?v=20190101&api_key=7cbcd3c971849c8f68b6fe2850cd247c&jsLibVersion=v1.7.1&sessionTrackingEnabled=true

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:7034 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d11441a60f0c81871548ccecf0b533ae2fff9f3b47aeb8d8d25ff1f2f10f54f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

owner: AnswersSdkOverrides
date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
x-guploader-uploadid: ADPycdtRMLiGJUyw761XNeVMI07qlURcq6PKGpzpg5sleK37ff3OxXmjmzhzJbsp_nv8whHUXUJPWxJEdSkN7_vx7mT_FqeGt4LG
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-yext-subendpoint: static
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
surrogate-key: answersstatus.pagescdn.com answersstatus.pagescdn.com%2F7cbcd3c971849c8f68b6fe2850cd247c%2Fanswers_tdecu%2Fstatus.json
last-modified: Wed, 30 Dec 2020 19:54:53 GMT
server: cloudflare
etag: "4310463ea3535c60c436d48d1e97769a"-gzip
vary: Accept-Encoding, Origin
access-control-allow-methods: OPTIONS, GET, HEAD
content-type: application/json
access-control-allow-origin: https://www.tdecu.org
x-goog-generation: 1609358093002445
x-yext-site: gcp-euw3a-prod
cache-control: max-age=0, s-maxage=7200, must-revalidate
x-goog-hash: md5=QxBGPqNTXGDENtSNHpd2mg==
x-goog-stored-content-length: 18
accept-ranges: bytes
cf-ray: 75622ff4596b9bbf-FRA
expires: Mon, 26 Sep 2022 11:24:50 GMT

GET
H/1.1 200
OK 1001 Show response
ece.tdecu.org/system/egain/chat/entrypoint/agentAvailability/ 260 B
850 B 1168ms
137ms XHR
application/xml 216.117.88.121
CONE

General

Check archive.org

Show headers Download Go to

Full URL

https://ece.tdecu.org/system/egain/chat/entrypoint/agentAvailability/1001

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

216.117.88.121 Richmond, United States, ASN62 (CONE, US),

Reverse DNS

Software

Resource Hash

ac95c477efaa07a16230ce221852079ca223f64fd45198e4541c74d3362638e0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000, max-age=157680000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=2592000, max-age=157680000
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors 'self'
Referrer-Policy: STRICT-ORIGIN
Date: Thu, 06 Oct 2022 23:30:47 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/xml;charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-egain-session, Location, Vary, Content-Encoding, Content-Length, Date
Cache-Control: no-cache
Content-Length: 203
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK 1001 Show response
ece.tdecu.org/system/egain/chat/entrypoint/agentAvailability/ 260 B
850 B 1165ms
136ms XHR
application/xml 216.117.88.121
CONE

General

Check archive.org

Show headers Download Go to

Full URL

https://ece.tdecu.org/system/egain/chat/entrypoint/agentAvailability/1001

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

216.117.88.121 Richmond, United States, ASN62 (CONE, US),

Reverse DNS

Software

Resource Hash

ac95c477efaa07a16230ce221852079ca223f64fd45198e4541c74d3362638e0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000, max-age=157680000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=2592000, max-age=157680000
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors 'self'
Referrer-Policy: STRICT-ORIGIN
Date: Thu, 06 Oct 2022 23:30:47 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/xml;charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-egain-session, Location, Vary, Content-Encoding, Content-Length, Date
Cache-Control: no-cache
Content-Length: 203
X-Xss-Protection: 1; mode=block

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
15 KB 91ms
38ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15192
x-xss-protection: 0
server: cafe
etag: 699633608045481581
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Oct 2022 23:30:52 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 83ms
39ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 06 Oct 2022 23:30:51 GMT
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E400B2209FC043CAA257F389B00EC225 Ref B: FRAEDGE1113 Ref C: 2022-10-06T23:30:52Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11367

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 101 KB
27 KB 63ms
17ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 23:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26840
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: zu+KpmAOPWB98F0eOGp0Uy98VKgoD94Yyi4wCig5c064oxIJezcUYt1BgiFmL1lqrB2dvVX48KTzooxCcATfNg==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-888734.js Show response
static.hotjar.com/c/ 12 KB
4 KB 143ms
47ms Script
application/javascript 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-888734.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-36.fra60.r.cloudfront.net

Software

Resource Hash

880b190fecae5d591eda74b029bd455544f6450f3d11e8d835cc4158c0217dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/fe503321b95192b907599706b3ac2422
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: elmnEK7NoBOSu1b1Tl3sLxjKMmrcEP8trO5Cm9v9ylKM0HkModOHZA==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 54 KB
17 KB 82ms
16ms Script
text/javascript 2600:9000:225e:7400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:7400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36b8ba6d8daab27f21a23b6f0deb326d45c7ffa2ca328f7149e0022297101006

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-Amz-Version-Id: BoYN70bwO4jmpUvp4IBqP7NBSb_YQqPb
Content-Encoding: gzip
Via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
Date: Thu, 06 Oct 2022 22:52:47 GMT
Age: 2285
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 17:51:49 GMT
Server: AmazonS3
Etag: W/"4d72aaf67e0afed0a192e314091617b3"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: UhHyMgw4-99G87ZiVU9mwbS_YvqyF8Z4q3ybs_n1Jr9khpLSQjb4oA==

GET
H2 200 t.js Show response
162566.tctm.co/ 47 KB
15 KB 83ms
30ms Script
application/x-javascript 2600:9000:223d:5a00:12:de4a:40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://162566.tctm.co/t.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:5a00:12:de4a:40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ctm /
Resource Hash: fff2dd7edd34a2bfe16a86e3361e469b1f42d33a3b07bac3d69760e8ae5668c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: gzip
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
last-modified: Thu, 06 Oct 2022 23:30:52 GMT
server: ctm
x-amz-cf-pop: FRA56-P3
etag: W/633f652c00027b061a328bc8-162566
x-cache: Miss from cloudfront
content-type: application/x-javascript
cache-control: no-cache, no-store, must-revalidate
x-amz-cf-id: n6RJJIdtUvEqd3FcDlPrDVwUnF4F-jLVNaZkaUcr_UYibw0IGXNvqA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 53ms
15ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 23:15:57 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 895
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 07 Oct 2022 01:15:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
75 KB 64ms
31ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-73V86QZK0R&l=dataLayer&cx=c

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=OPT-TKP4Z8J

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cadff7b3b6c9e819a393dd4510dccec05d7069b7d31612ce8b25ca886d63704

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76264
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 06 Oct 2022 23:30:52 GMT

GET
H2 200 cra9ptioz7 Show response
www.clarity.ms/tag/ 1 KB
2 KB 201ms
116ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/cra9ptioz7?ref=gtm2
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2d89521fc41896a5d963c172ff3ad930b8b96d2d91bef5fdd13bce74e3ca29ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
date: Thu, 06 Oct 2022 23:30:51 GMT
x-azure-ref: 0LGU/YwAAAACPR+xj5llCSbFkhIPFUno+QU1TMDRFREdFMTgyMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
content-length: 1509
expires: -1

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 72ms
14ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHL7B9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 02:56:58 GMT
Content-Encoding: gzip
Via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 74035
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: 6ABwm18rzigi3fH6dP1OZErzozUpzB8ulaa_HPaS_XxHjyq3PvqGbg==

GET
H/1.1 200
OK / Show response
api.ipify.org/ 30 B
214 B 330ms
107ms Script
application/javascript 3.232.242.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=jsonp&callback=getIP
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-242-170.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: c8f771fc73cd9c5dfdd7d54cb5f0c147cbc7384105ef32c40986dbc807e5d00c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:52 GMT
Via: 1.1 vegur
Server: Cowboy
Connection: keep-alive
Content-Length: 30
Vary: Origin
Content-Type: application/javascript

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 47ms
15ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:23:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 469
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 07 Oct 2022 00:23:03 GMT

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 25006980.js Show response
bat.bing.com/p/action/ 1 KB
842 B 136ms
136ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25006980.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

953e5e1416b43852b2942d157045bcb0866b18b8ee9c09326a610cb217683ccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 06 Oct 2022 23:30:52 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC942E68083F4F018D2D607B7A60E967 Ref B: FRAEDGE1113 Ref C: 2022-10-06T23:30:52Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 666

GET
H2 204 0
bat.bing.com/action/ 0
175 B 43ms
43ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25006980&tm=gtm002&Ver=2&mid=7d0a9d89-0c68-420f-8416-085d1a396850&sid=ead5c61045ce11eda9648de7940a99d6&vid=ead5f5e045ce11ed903425755dd55520&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Protect%20Yourself%20From%20Phishing%20Attacks&p=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&r=&lt=1662&evt=pageLoad&sv=1&rn=827369

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 06 Oct 2022 23:30:51 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B55605FA615419CBADF89D9571696A5 Ref B: FRAEDGE1113 Ref C: 2022-10-06T23:30:52Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 34ms
15ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.84

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b9d52f002201be697fbc0ebf4bdcc61d6c01d0bb1359213e62c67e21850047

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 20715
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: OGuSKwFccupYuSYn4np4896zAieaTWv5hJMz26MUX7MQ2eL9p7lvUeuvwmZquB5dcMRXnQBBLcT3yVEURQ2ZqQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 469749416569494 Show response
connect.facebook.net/signals/config/ 25 KB
7 KB 110ms
92ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/469749416569494?v=2.9.84&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d1daa5c510de8fbfb48e9970ddfa0bf4f022464d301e0f1b9c47af86409702cf

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: D7N2R1RbtQ1IqPwylBPIbeLu/aa9KKPKbJXvJ5E685+6IA10nRiyk57uv8xgDrA3rT5zzGUs6SWOUX65PHxvaA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
337 B 74ms
22ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-73V86QZK0R&gtm=2oea50&_p=1965448924&_gaz=1&cid=1277104142.1665099052&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1665099052&sct=1&seg=0&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&dt=Protect%20Yourself%20From%20Phishing%20Attacks&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-73V86QZK0R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tdecu.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 85ms
29ms Ping
text/plain 2a00:1450:400c:c0b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-73V86QZK0R&cid=1277104142.1665099052&gtm=2oea50&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-73V86QZK0R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tdecu.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 70ms
27ms Image
image/gif 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-73V86QZK0R&cid=1277104142.1665099052&gtm=2oea50&aip=1&z=1912116446

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/3UHUTMCIQFEF5HI7C7C6X3/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

16ms
16ms

Script
application/javascript

2600:9000:225e:7400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: HTTP/1.1
Server: 2600:9000:225e:7400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-Amz-Version-Id: U3dsSGRYl2soVpEEAxBIaMUfj33DKRpK
Date: Thu, 06 Oct 2022 00:03:31 GMT
Via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
Age: 84447
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Wed, 21 Sep 2022 22:19:29 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: BIG6mOCMYpTz1dSUzYjhDSsoF6Mf-bk7X79-rjtN_PnRVO-F1HAPUQ==

Redirect headers

Date: Thu, 06 Oct 2022 14:37:19 GMT
Via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
Age: 32012
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: vcV5s_pyplFHdTRomYQY9HrnGMCSrTnzS5SymsW427pzCQZP7PieDA==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/3UHUTMCIQFEF5HI7C7C6X3/AWTPPKLTDFE7NND43K5R2A/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

16ms
16ms

Script
application/javascript

2600:9000:225e:7400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: HTTP/1.1
Server: 2600:9000:225e:7400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Thu, 06 Oct 2022 20:55:03 GMT
Via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
Age: 74870
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: EdenJYnbNBqjYiUbeZker4Mubxr5B_0SaDBBZsAwLsqdMf41Zf0FmA==

Redirect headers

Date: Thu, 06 Oct 2022 18:36:29 GMT
Via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
Age: 17663
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 9VgT22cju97NaHCO-gAWRRYIebTxnO0ii7DSTx6wbaj8ecKs4hcftg==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/3UHUTMCIQFEF5HI7C7C6X3/AWTPPKLTDFE7NND43K5R2A/ 0
805 B 237ms
203ms Script
text/javascript 2600:9000:225e:7400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/3UHUTMCIQFEF5HI7C7C6X3/AWTPPKLTDFE7NND43K5R2A/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:7400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-Amz-Version-Id: k93wVEPBacR4iuHeeFlXkWdf6Vw50Wc1
Date: Thu, 06 Oct 2022 23:30:53 GMT
Via: 1.1 21369bf2bfeb79adaa5bef1cb96f8540.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: RefreshHit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Tue, 27 Sep 2022 01:10:49 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: a7Hs8Dq4EWHWvx9BHr1cEjzUdYCaN1nJW0-BSqtUt0uLX6zE_oIWrg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1008014887/ 3 KB
2 KB 75ms
32ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1008014887/?random=1665099052461&cv=9&fst=1665099052461&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&tiba=Protect%20Yourself%20From%20Phishing%20Attacks&auid=1571863565.1665099052&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

835696517ff5ba625b47c1eef3cba0aa3c0c4046fcdfc029ca6f6903679f96b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1135
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.js Show response
162566.tctm.co/ 74 B
443 B 31ms
30ms Script
application/x-javascript 2600:9000:223d:5a00:12:de4a:40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://162566.tctm.co/p.js?sid=633f652c00027b061a328bc8&p=1546251.1.877.774.2657&
Requested by: Host: 162566.tctm.co
URL: https://162566.tctm.co/t.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:5a00:12:de4a:40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ctm /
Resource Hash: 12b75628c11e71eb5a403f0da689dc9ae46c4a7b459433924eb80b2a198647dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: gzip
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
server: ctm
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-type: application/x-javascript
cache-control: no-cache, no-store, must-revalidate
x-amz-cf-id: NTewNqYjz_rlT6aNAn9PoEWr7f2HLvi_1fsEd_7tU0ou8ltmToJkqg==

GET
H2 200 trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/ 78 KB
30 KB 143ms
49ms Script
application/javascript 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 45e0091e57ff659d0fe0711a43960d08bd5cf99b6f83e88eafa390fa6770192c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: gzip
last-modified: Wed, 05 Oct 2022 12:23:24 GMT
server: nginx
x-amz-request-id: tx00000b0a58fecc884a3e4-00633f501b-3293c1b6-default
etag: W/"4cb8e818a3c8dda5fd80d6d9a55d958d"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 modules.cbd9768ba80ba0be5b17.js Show response
script.hotjar.com/ 254 KB
65 KB 58ms
17ms Script
application/javascript 52.222.236.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.cbd9768ba80ba0be5b17.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-888734.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-74.fra56.r.cloudfront.net

Software

Resource Hash

5b3c6e212cbb3b9f4f28b09cfdc53990e809792192d7d8639d3311f0551c2010

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:47:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 189826
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 66229
last-modified: Tue, 04 Oct 2022 18:46:48 GMT
etag: "483a48bedf96c50163b542fb95446039"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: xiYXbPl2qcI2e9TZHVZNRUDC-LCHwcdztP_Bp8WDlHKHma8AfaweNg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 31ms
28ms XHR
text/plain 2a00:1450:400c:c0b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6069095-1&cid=1277104142.1665099052&jid=811330281&gjid=1915737393&_gid=1467981631.1665099052&_u=aHDAiEAjBAAAAEAEK~&z=1343904548

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 06 Oct 2022 23:30:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tdecu.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
15ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1965448924&t=pageview&_s=1&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&dp=%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&ul=en-us&de=UTF-8&dt=Protect%20Yourself%20From%20Phishing%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAiEAjBAAAAAAEK~&jid=811330281&gjid=1915737393&cid=1277104142.1665099052&tid=UA-6069095-1&_gid=1467981631.1665099052&gtm=2wga50KHHL7B9&cd4=1277104142&cd11=&cd13=&cd14=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&cd21=23&cd22=20221006233052&cd2=1277104142.1665099052&z=816062377

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 11:52:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41905
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus/s/0.6.42/ 53 KB
23 KB 110ms
109ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus/s/0.6.42/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/cra9ptioz7?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:51 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
etag: "1d8d8e58fdaa9d4"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
x-azure-ref: 0LGU/YwAAAAA2KKu/U237RI1knKQHlo1JQU1TMDRFREdFMTgyMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 67ms
27ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-6069095-1&cid=1277104142.1665099052&jid=811330281&_u=aHDAiEAjBAAAAEAEK~&z=65439300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
29ms Image
image/gif 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-6069095-1&cid=1277104142.1665099052&jid=811330281&_u=aHDAiEAjBAAAAEAEK~&z=65439300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET box-69edcc3187336f9b0a3fbb4c73be9fe6.html
vars.hotjar.com/ Frame 0E22 0
0

GET
H3 200 272515130417969 Show response
connect.facebook.net/signals/config/ 25 KB
7 KB 68ms
67ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/272515130417969?v=2.9.84&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1fd233981c6b629d5456d46bd8732c906b5ae554b2df9fe73d8051a93ae51f0c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Rqo/aHLhcmvZA7Skrvn7mpoR720KoeQ4UkXI+AtiKR0yB2u/ZRAc62Jy5shO34MU2optuyaOr/hh8EYCW5/KBQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
204 B 57ms
17ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=469749416569494&ev=PageView&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&rl=&if=false&ts=1665099052591&sw=1600&sh=1200&v=2.9.84&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=28&fbp=fb.1.1665099052591.1467297235&it=1665099052390&coo=false&tm=1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 3UHUTMCIQFEF5HI7C7C6X3 Show response
d.adroll.com/consent/check/ 449 B
542 B 126ms
37ms Script
application/javascript 52.48.159.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/3UHUTMCIQFEF5HI7C7C6X3?arrfrr=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&_s=dea4a06f549aa52c8f7b4e10157a516a&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.159.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-159-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 12a5431c2a5164ac6596d2eac38c00e815a17bf3c22bd48fe969d15172fc3991

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
server: nginx/1.20.0
content-length: 449
content-type: application/javascript

GET
H2 200 cky-placeholder.svg
cdn-cookieyes.com/assets/images/ 826 B
857 B 24ms
23ms Image
image/svg+xml 2606:4700:20::681a:46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cookieyes.com/assets/images/cky-placeholder.svg
Requested by: Host: www.tdecu.org
URL: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f644815843a31ecb96ea8c3e85d3de355a8cd0a3d9a795075be056e6fbaca5e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 15 Mar 2022 04:40:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 313101
etag: W/"33a-5da3a6692dcdc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ozCl%2F%2Bsjzo8g3CWaMaOdgfyVGeFB1SeJRGw9cHISPBtqyMrd5WZD5axAPfVYEj86AUmrCL8to2GleSy1aF6h1RxBUyopYyXcQOWvWjBIimkDZUknqo0xLByhthLJmWhwQLGrTVdrKUFNh0QoREo"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=0, s-maxage=604800, proxy-revalidate
cf-ray: 75622ff6cb4a9125-FRA

GET
H2 200 25006980 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 115ms
115ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/25006980
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/25006980.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: fe5e6e9b7681a6e4f21bd58613868baa8b8fc8110e0e5ea2bb56a71d7410cdc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: application/x-javascript
date: Thu, 06 Oct 2022 23:30:51 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0LGU/YwAAAAC6BIx/IWE6Q68doh6+uOZmQU1TMDRFREdFMTgyMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 /
www.google.com/pagead/1p-user-list/1008014887/ 42 B
154 B 27ms
26ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1008014887/?random=1665099052461&cv=9&fst=1665097200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&frm=0&url=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&tiba=Protect%20Yourself%20From%20Phishing%20Attacks&async=1&fmt=3&is_vtc=1&random=3374193522&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/1008014887/ 42 B
64 B 27ms
27ms Image
image/gif 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1008014887/?random=1665099052461&cv=9&fst=1665097200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&frm=0&url=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&tiba=Protect%20Yourself%20From%20Phishing%20Attacks&async=1&fmt=3&is_vtc=1&random=3374193522&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/ Show response
a2.adform.net/Serving/TrackPoint/
Redirect Chain

https://a2.adform.net/Serving/TrackPoint/?pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Fu...
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attack...

1 KB
1 KB

99ms
99ms

Script
text/javascript

185.167.164.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26ut&Set1=en-US%7Cen-US%7C1600x1200%7C24

Requested by

Protocol

Server

185.167.164.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

601bf858ee443c37fdaf3accfdf9f2eb8a940d1280b453df045f2ee1a602fac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 859
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
content-type: text/html; charset=utf-8
location: https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26ut&Set1=en-US%7Cen-US%7C1600x1200%7C24
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 35ms
17ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=272515130417969&ev=PageView&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&rl=&if=false&ts=1665099052685&sw=1600&sh=1200&v=2.9.84&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=28&fbp=fb.1.1665099052591.1467297235&it=1665099052390&coo=false&tm=1&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 34ms
16ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=469749416569494&ev=PageView&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&rl=&if=false&ts=1665099052686&sw=1600&sh=1200&v=2.9.84&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=28&fbp=fb.1.1665099052591.1467297235&it=1665099052390&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 35ms
17ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=272515130417969&ev=PageView&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&rl=&if=false&ts=1665099052686&sw=1600&sh=1200&v=2.9.84&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=28&fbp=fb.1.1665099052591.1467297235&it=1665099052390&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 06 Oct 2022 23:30:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
14ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1965448924&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&ul=en-us&de=UTF-8&dt=Protect%20Yourself%20From%20Phishing%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=NonInteraction&ea=IP%20Returned&el=217.64.151.28&_u=aHDAiEAjBAAAAEAEK~&jid=&gjid=&cid=1277104142.1665099052&tid=UA-6069095-1&_gid=1467981631.1665099052&gtm=2wga50KHHL7B9&cd10=217.64.151.28&z=461438712

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 11:52:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41905
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
120 B 37ms
37ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25006980&tm=gtm002&Ver=2&mid=7d0a9d89-0c68-420f-8416-085d1a396850&sid=ead5c61045ce11eda9648de7940a99d6&vid=ead5f5e045ce11ed903425755dd55520&vids=0&msclkid=N&gtm_tag_source=ua&ec=NonInteraction&el=217.64.151.28&gc=USD&tpp=1&en=Y&sw=1600&sh=1200&sc=24&evt=custom&rn=268307

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 06 Oct 2022 23:30:52 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B32EA6C4E20D4C1CB65446B00FD73590 Ref B: FRAEDGE1113 Ref C: 2022-10-06T23:30:52Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
158 B 641ms
297ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: https://www.tdecu.org
date: Thu, 06 Oct 2022 23:30:52 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 / Show response
a2.adform.net/serving/container/ Frame 3FDA 998 B
931 B 100ms
98ms Document
text/html 185.167.164.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a2.adform.net/serving/container/?pm=2816787&lid=120549097&ctype=0&media=0&PageName=Retargeting&rnd=1339587847&cpref=&loc=https%3a%2f%2fwww.tdecu.org%2fprotect-yourself-from-phishing-attacks%3futm_source%3dAdestra%26utm_medium%3demail%26ut

Requested by

Host: s2.adform.net
URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

eca748978e29dc1deb6a429d50832c27eaad4f04c8aea616da0ee7cf4fb4f94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.tdecu.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 06 Oct 2022 23:30:53 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 pixels Show response
c1.adform.net/imatch/ Frame 835A 5 KB
2 KB 113ms
27ms Document
text/html 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Requested by

Host: a2.adform.net
URL: https://a2.adform.net/Serving/TrackPoint/?pm=2816787&ADFPageName=Retargeting&ADFdivider=%7C&ord=157470222885&ADFtpmode=2&loc=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26ut&Set1=en-US%7Cen-US%7C1600x1200%7C24

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c3b474fc41c84c29f9c29d8e1bd55197f7c5bfcc462959857692406c4cda5172

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.tdecu.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 06 Oct 2022 23:30:53 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 /
a1.seadform.net/serving/cookie/sync/ 35 B
344 B 147ms
27ms Image
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a1.seadform.net/serving/cookie/sync/?uid=7438904879291372353&stamp=sPX_xQ9WNx8DvP-67D9Y4w2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 06 Oct 2022 23:30:53 GMT
cache-control: private
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ Frame 3FDA 1 KB
2 KB 454ms
63ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1613114&mt_adid=258182&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: a2.adform.net
URL: https://a2.adform.net/serving/container/?pm=2816787&lid=120549097&ctype=0&media=0&PageName=Retargeting&rnd=1339587847&cpref=&loc=https%3a%2f%2fwww.tdecu.org%2fprotect-yourself-from-phishing-attacks%3futm_source%3dAdestra%26utm_medium%3demail%26ut
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master cdg-pixel-x29 config:1.0.0 /
Resource Hash: 9a4a68177affd641d3fde8cd0470f275b87b174ee1928853bdf7214e823b3fd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: MT3 4539 98cc2da master cdg-pixel-x29 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1493
Expires: Thu, 06 Oct 2022 23:30:52 GMT

GET
H2 200 plf
c1.adform.net/imatch/ Frame 835A 0
261 B 26ms
25ms Image
text/plain 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plff

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 835A
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=42&external_user_id=7438904879291372353&Expiration=1666308653
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=7438904879291372353&Expiration=1666308653

43 B
422 B

41ms
41ms

Image
image/gif

52.210.237.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=7438904879291372353&Expiration=1666308653
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Server: 52.210.237.106 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-237-106.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 06 Oct 2022 23:30:53 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=7438904879291372353&Expiration=1666308653
date: Thu, 06 Oct 2022 23:30:53 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 835A 0
522 B 92ms
31ms Image
text/plain 96.16.132.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=4879&ext_id=7438904879291372353

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.132.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-132-239.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:53 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Wed, 05 Oct 2022 23:30:53 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame 835A 0
214 B 77ms
17ms Image
text/plain 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=5232&puid=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 835A
Redirect Chain

https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=7438904879291372353&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__
https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=7438904879291372353&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__&nut&uu=968c260cf8e34176a...
https://c1.adform.net/serving/cookie/match?party=9&uid=b3808c6f2fce2f2b6ba46d74c7e7e4968e88bd1b8df80811eb2520f278599aa2

35 B
468 B

25ms
25ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=9&uid=b3808c6f2fce2f2b6ba46d74c7e7e4968e88bd1b8df80811eb2520f278599aa2

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://c1.adform.net/serving/cookie/match?party=9&uid=b3808c6f2fce2f2b6ba46d74c7e7e4968e88bd1b8df80811eb2520f278599aa2
date: Thu, 06 Oct 2022 23:30:53 GMT
content-length: 0
p3p: CP=NOI PSA OUR

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 835A 43 B
163 B 408ms
29ms Image
image/gif 185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=22&partneruserid=7438904879291372353&redirurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d10%26cid%3DSMART_USER_ID
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55944/ Frame 835A
Redirect Chain

https://ups.analytics.yahoo.com/ups/55944/sync?uid=7438904879291372353&_origin=1
https://ups.analytics.yahoo.com/ups/55944/sync?uid=7438904879291372353&_origin=1&verify=true

0
121 B

19ms
18ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55944/sync?uid=7438904879291372353&_origin=1&verify=true

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55944/sync?uid=7438904879291372353&_origin=1&verify=true
date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK user-registering
ads.stickyadstv.com/ Frame 835A 43 B
798 B 414ms
35ms Image
image/gif 2.16.107.130
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.107.130 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-130.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1665099053523027-335
Expires: Thu, 06 Oct 2022 23:30:53 GMT

GET
H2

200

RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003
sync.targeting.unrulymedia.com/csync/ Frame 835A
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=70&user_id=7438904879291372353
https://x.bidswitch.net/ul_cb/sync?dsp_id=70&user_id=7438904879291372353
https://sync.1rx.io/usersync/bidswitch/fb940819-4d31-452e-90b4-4bffa38dd195?gdpr=&gdpr_consent=
https://sync.1rx.io/usersync/bidswitch/fb940819-4d31-452e-90b4-4bffa38dd195?zcc=1&cb=1665099053648
https://sync.targeting.unrulymedia.com/csync/RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003

43 B
378 B

205ms
22ms

Image
image/gif

213.19.147.44
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Server: 213.19.147.44 Amsterdam, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003
pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
cache-control: no-store, no-cache, must-revalidate
expires: 0
content-type: text/html

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 835A
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=7438904879291372353&expiration=1666308653
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=7438904879291372353&expiration=1666308653&C=1

43 B
766 B

16ms
15ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=7438904879291372353&expiration=1666308653&C=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=111&external_user_id=7438904879291372353&expiration=1666308653&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

647471
se.semasio.net/sync/1/ Frame 835A
Redirect Chain

https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=7438904879291372353&sInitiator=external
https://uipglob.semasio.net/adform/1/info2?sType=sync&sExtCookieId=7438904879291372353&sInitiator=external
https://se.semasio.net/sync/1/16266044?sExtCookieId=7438904879291372353&gdpr=&gdpr_consent=&sInitiator=external
https://pixel.mathtag.com/sync/img?mt_exid=10041&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F14876172%3FsExtCookieId%3D%5BMM_UUID%5D%26sInitiator%3Dinternal
https://se.semasio.net/sync/1/14876172?sExtCookieId=01d7633f-652d-4600-bd56-eb822c61c8a0&sInitiator=internal&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F4354957%3FsExtCookieId%3D%24UID%26sInitiator%3Dinternal&gdpr=0&gdpr_consent=
https://se.semasio.net/sync/1/4354957?sExtCookieId=501162471479193006&sInitiator=internal&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=semasio_ddp&google_cm&google_hm=Mzg5QUI2RTI0OUE1MEFFQQ&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEDSjkSWTbroNc3Hhrb014mM&sInitiator=internal&google_cver=1&gdpr=0&gdpr_consent=&google_cver=1
https://se.semasio.net/sync/1/12092831?sExtCookieId=CAESEDSjkSWTbroNc3Hhrb014mM&sInitiator=internal&google_cver=1&gdpr=0&gdpr_consent=
https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F647471%3FsExtCookieId%3D%25%25COOKIE%25%25%26sInitiator%3Dinternal&gdpr=0&gdpr_consent=
https://se.semasio.net/sync/1/647471?sExtCookieId=7151545981531781273&sInitiator=internal&gdpr=0&gdpr_consent=

0
415 B

41ms
40ms

Image
text/plain

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://se.semasio.net/sync/1/647471?sExtCookieId=7151545981531781273&sInitiator=internal&gdpr=0&gdpr_consent=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
uip-status: Ok
frontend-id: 08
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

Location: https://se.semasio.net/sync/1/647471?sExtCookieId=7151545981531781273&sInitiator=internal&gdpr=0&gdpr_consent=
Date: Thu, 06 Oct 2022 23:30:54 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H/1.1 200
OK match
ps.eyeota.net/ Frame 835A 0
344 B 331ms
15ms Image
text/plain 3.127.178.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=7438904879291372353&bid=9gdtmu1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:53 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

200

pixel.gif
load77.exelator.com/ Frame 835A
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=7438904879291372353
https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=7438904879291372353&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
332 B

170ms
21ms

Image
image/gif

2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-77-nzt: AcO1qhFkjfP/EyUHAA
x-accel-expires: @1665667610
date: Thu, 06 Oct 2022 23:30:53 GMT
x-77-pop: frankfurtDE
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: fTIKrgecTD0
x-cache: HIT
content-type: image/gif
access-control-allow-origin: *
x-77-cache: HIT
x-age: 468243
accept-ranges: bytes
content-length: 43

Redirect headers

date: Thu, 06 Oct 2022 23:30:53 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 451 398366.gif
idsync.rlcdn.com/ Frame 835A 0
98 B 301ms
24ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/398366.gif?partner_uid=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

gdpr_consent=
sync.crwdcntrl.net/map/ct=y/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/ Frame 835A
Redirect Chain

https://sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/gdpr_consent=
https://sync.crwdcntrl.net/map/ct=y/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/gdpr_consent=

49 B
278 B

39ms
39ms

Image
image/gif

18.203.72.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/ct=y/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/gdpr_consent=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Server: 18.203.72.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-72-119.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.1.225
content-length: 49
x-consent: absent

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/map/ct=y/c=6466/tp=ADFM/tpid=7438904879291372353/gdpr=/gdpr_consent=
cache-control: no-cache
x-server: 10.45.13.15
content-length: 0
expires: 0

GET
H2 200 29729
tags.bluekai.com/site/ Frame 835A 62 B
227 B 387ms
183ms Image
image/gif 2.18.232.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/29729?id=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.236 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-236.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 06 Oct 2022 23:30:54 GMT
content-length: 62
content-type: image/gif

GET
H2 200 sd
eu-u.openx.net/w/1.0/ Frame 835A 43 B
273 B 60ms
24ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

pixel.gif
s3-eu-west-1.amazonaws.com/adality-cdn-content/ Frame 835A
Redirect Chain

https://api.adrtx.net/thirdparty/click?p=adfo
https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif

35 B
390 B

138ms
51ms

Image
image/gif

52.92.16.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Server: 52.92.16.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-eu-west-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:55 GMT
Last-Modified: Thu, 29 Oct 2015 16:41:57 GMT
Server: AmazonS3
x-amz-request-id: 3F59WSR8M6VW0JW0
ETag: "c2196de8ba412c60c22ab491af7b1409"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 35
x-amz-id-2: h5GaFXZn93NRyra6hysD3Ff3k294/lxjrtZv3NLug3WCqvGfrOdodqlovOaERdUZYdgpsLR6LN8=

Redirect headers

X-Error-Reason: Missing UserId
Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: akka-http/10.2.9
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 137

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 835A
Redirect Chain

https://pixel.onaudience.com/?mapped=7438904879291372353&partner=68
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1

70 B
265 B

127ms
40ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
content-length: 0

GET
H/1.1

200
OK

/
cm.adsafety.net/ Frame 835A
Redirect Chain

https://cm.adsafety.net/?_cmsrc=adformx&idt=100&did=7438904879291372353
https://tags.adsafety.net/v1/cm?cm_uid=CM12022100623a901e661758d7d5a201&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Dcommon%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=common&idt=100&did=1797c219881b1afe6c3dfc70d2c74a36
https://ads.smartstream.tv/cm/?cmsrc=cm&cm_uid=CM12022100623a901e661758d7d5a201&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dstv%26_chainsrc%3Dcommon&gdpr_consent=
https://cm.adsafety.net/?_cmsrc=stv&_chainsrc=common&idt=100&did=1797c219881b1afe6c3dfc70d2c74a36&idt_did_status=added&gdpr_consent=&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=dataxtrade_dmp&google_cm&google_hm=Q00xMjAyMjEwMDYyM2E5MDFlNjYxNzU4ZDdkNWEyMDE
https://cm.adsafety.net/?_cmsrc=dbmx&midt=100&mdid=CAESEGcXtNYqi27kBzn6ID3lPlY&google_cver=1
https://c1.adform.net/serving/cookie/match?party=28&cid=CM12022100623a901e661758d7d5a201
https://cm.adsafety.net/?_cmsrc=adform&idt=100&did=7438904879291372353
https://dsp.adfarm1.adition.com/cookie/?ssp=6
https://cm.smartstream.tv/?_cmsrc=activeagent_cm&idt=100&did=7151545981531781273
https://cm.adsafety.net/?_cmsrc=activeagent_cm&idt=100&did=7151545981531781273

43 B
2 KB

17ms
17ms

Image
image/gif

139.162.147.254
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adsafety.net/?_cmsrc=activeagent_cm&idt=100&did=7151545981531781273
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Server: 139.162.147.254 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1414-254.members.linode.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:54 GMT
Last-Modified: Thu, 06 Oct 2022 23:30:54 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://cm.adsafety.net/?_cmsrc=activeagent_cm&idt=100&did=7151545981531781273
Date: Thu, 06 Oct 2022 23:30:54 GMT
Server: nginx
Connection: keep-alive
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 835A 0
338 B 188ms
36ms Image
text/plain 79.125.33.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=adform&partner_uid=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 79.125.33.106 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-33-106.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-served-by: beacon-n005-dub-prod.krxd.net
date: Thu, 06 Oct 2022 23:30:53 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1665099053
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
c1.adform.net/serving/cookie/match/ Frame 835A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_cm&google_ula=1641347&party=1&google_hm=NzQzODkwNDg3OTI5MTM3MjM1Mw
https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEbbz-V-AXkOK95d1Tgp5fA&google_cver=1&google_ula=1641347,0

35 B
468 B

25ms
25ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEbbz-V-AXkOK95d1Tgp5fA&google_cver=1&google_ula=1641347,0

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEbbz-V-AXkOK95d1Tgp5fA&google_cver=1&google_ula=1641347,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
secure.adnxs.com/ Frame 835A
Redirect Chain

https://secure.adnxs.com/getuid?https://c1.adform.net/serving/cookie/match?party=3&id=$UID&redirect=1
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3Fparty%3D3%26id%3D%24UID%26redirect%3D1
https://c1.adform.net/serving/cookie/match?party=3&id=501162471479193006&redirect=1
https://secure.adnxs.com/setuid?entity=91&code=7438904879291372353

43 B
1005 B

15ms
15ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/setuid?entity=91&code=7438904879291372353

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:53 GMT
AN-X-Request-Uuid: d841e604-5255-423c-9537-1e7d67187bc7
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.28; 217.64.151.28; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://secure.adnxs.com/setuid?entity=91&code=7438904879291372353
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 plf
c1.adform.net/imatch/ Frame 835A 0
261 B 29ms
25ms Image
text/plain 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plfm

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 835A 0
225 B 107ms
27ms Image
text/html 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 06 Oct 2022 23:30:53 GMT
cache-control: no-store, no-cache, private
content-encoding: gzip
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK cs
pdw-adf.userreport.com/ Frame 835A 43 B
444 B 67ms
15ms Image
image/gif 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pdw-adf.userreport.com/cs
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-81.fra56.r.cloudfront.net
Software: nginx/1.20.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 04:37:17 GMT
Via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.20.0
X-Amz-Cf-Pop: FRA56-P3
Age: 68016
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-Amz-Cf-Id: OormEsARFJ5wgInOI3BbC1Bsxef2aroxIIv74SJKrkSAd3WVjVZv0A==

GET
H/1.1

200

p
a.audrte.com/ Frame 835A
Redirect Chain

https://a.audrte.com/a?adform_uid=7438904879291372353
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=&google_gid=CAESEGPM7IwDCq9A5LHXqBDX0zQ&google_cver=1
https://a.audrte.com/p

68 B
424 B

107ms
107ms

Image
image/png

52.20.226.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: HTTP/1.1
Server: 52.20.226.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-226-248.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:54 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Thu, 06 Oct 2022 23:30:54 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 835A
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1586&dpuuid=7438904879291372353&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1586&dpuuid=7438904879291372353&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredire...
https://c1.adform.net/serving/cookie/match?party=1007&cid=31518233421444085350667207475019161095&noredirect=1

35 B
468 B

27ms
26ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1007&cid=31518233421444085350667207475019161095&noredirect=1

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

DCS: dcs-prod-irl1-2-v044-0f7f1a203.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 7SNrpXypRBg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://c1.adform.net/serving/cookie/match?party=1007&cid=31518233421444085350667207475019161095&noredirect=1
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame 835A
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212269628&_puid=7438904879291372353
https://dmp.adform.net/serving/cookie/match/?party=1014&cid=220073204296003987331

35 B
468 B

26ms
25ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1014&cid=220073204296003987331

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://dmp.adform.net/serving/cookie/match/?party=1014&cid=220073204296003987331
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame 835A
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1049%26cid%3D%25%25COOKIE%25%25
https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7151545981531781273

35 B
477 B

33ms
25ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7151545981531781273

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Location: https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7151545981531781273
Date: Thu, 06 Oct 2022 23:30:54 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 33302
tags.bluekai.com/site/ Frame 835A 62 B
428 B 176ms
176ms Image
image/gif 2.18.232.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/33302?id=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.236 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-236.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 06 Oct 2022 23:30:54 GMT
content-length: 62
content-type: image/gif

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 835A
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1066%26cid%3D%5BMM_UUID%5D
https://c1.adform.net/serving/cookie/match?party=1066&cid=01d7633f-652d-4600-bd56-eb822c61c8a0

35 B
468 B

25ms
25ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1066&cid=01d7633f-652d-4600-bd56-eb822c61c8a0

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Date: Thu, 06 Oct 2022 23:30:54 GMT
Server: MT3 4539 98cc2da master cdg-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Location: https://c1.adform.net/serving/cookie/match?party=1066&cid=01d7633f-652d-4600-bd56-eb822c61c8a0
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Thu, 06 Oct 2022 23:30:53 GMT

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 835A
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_
https://c1.adform.net/serving/cookie/match?party=1084&cid=RwbQbcOS1OGAkm5

35 B
468 B

26ms
26ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1084&cid=RwbQbcOS1OGAkm5

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Pragma: no-cache
Date: Thu, 06 Oct 2022 23:30:53 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/5cd8a5d#5cd8a5dae4649c563ed7e6eb1dd90a4f2423ff29 i-0db4e5e2a65977bf5@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://c1.adform.net/serving/cookie/match?party=1084&cid=RwbQbcOS1OGAkm5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 835A 70 B
264 B 40ms
40ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=71ei9rr&ttd_tpi=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET image.sbmx
global.ib-ibi.com/ Frame 835A 0
0

GET
H/1.1 200 0.gif
id5-sync.com/s/10/ Frame 835A 43 B
1 KB 57ms
16ms Image
image/gif 162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/10/0.gif?puid=7438904879291372353

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.82 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31532337.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame 835A
Redirect Chain

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D&bounce=1&random=249636628
https://dmp.adform.net/serving/cookie/match/?party=1145&cid=N6JBoaGluUiMQXlt2OETbO

35 B
468 B

26ms
26ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1145&cid=N6JBoaGluUiMQXlt2OETbO

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:53 GMT
via: 1.1 google
last-modified: Thu, 06 Oct 2022 23:30:54 GMT
server: Weborama Collect Frontend
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location: https://dmp.adform.net/serving/cookie/match/?party=1145&cid=N6JBoaGluUiMQXlt2OETbO
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 835A 23 B
172 B 181ms
61ms Image
image/gif 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=119&uid=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires: Thu, 06 Oct 2022 23:30:54 GMT
pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H2

200

pixel.gif
sync.1dmp.io/ Frame 835A
Redirect Chain

https://sync.1dmp.io/pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=7438904879291372353
https://sync.1dmp.io/pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=7438904879291372353&cs=1

35 B
378 B

52ms
52ms

Image
image/gif

95.216.101.186
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1dmp.io/pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=7438904879291372353&cs=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Server: 95.216.101.186 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.186.101.216.95.clients.your-server.de
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 06 Oct 2022 23:30:54 GMT
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server: nginx
content-length: 35
expires: 0

Redirect headers

location: /pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=7438904879291372353&cs=1
date: Thu, 06 Oct 2022 23:30:54 GMT
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server: nginx
content-length: 0
expires: 0

GET
H2 204 /
s.ad.smaato.net/c/ Frame 835A 0
242 B 57ms
15ms Image
text/plain 2600:9000:223f:c00:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001213&dspCookie=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c00:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:54 GMT
cache-control: no-cache, must-revalidate
via: 1.1 98652de9f742fc1df9de714d921e14c2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: IqdaSzC5RUC6XKGpR57IPAXL2zn8Z9Bwd7GDVAH6_UxLw5zuyHDpsg==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 835A
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2032&partner_device_id=7438904879291372353&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DE...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2032&partner_device_id=7438904879291372353&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7...
https://c1.adform.net/serving/cookie/match?party=2007&cid=5d6e8368-f519-464a-a1cd-13ecc010bd05

35 B
468 B

26ms
26ms

Image
image/gif

37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=2007&cid=5d6e8368-f519-464a-a1cd-13ecc010bd05

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://c1.adform.net/serving/cookie/match?party=2007&cid=5d6e8368-f519-464a-a1cd-13ecc010bd05
date: Thu, 06 Oct 2022 23:30:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 7438904879291372353
match.contentexchange.me/adform/ Frame 835A 0
49 B 166ms
51ms Image
text/plain 46.19.11.36
SIEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.contentexchange.me/adform/7438904879291372353?redirect_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1219
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.19.11.36 , Slovenia, ASN51790 (SIEL, SI),
Reverse DNS: ilog.vsn.si
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:54 GMT
content-length: 0
server: nginx/1.16.1

GET
H2 200 xuid
eb2.3lift.com/ Frame 835A 37 B
140 B 58ms
17ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7354&xuid=7438904879291372353&dongle=AD20
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 204 put
e1.emxdgt.com/ Frame 835A 0
55 B 71ms
15ms Image
text/html 18.156.32.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d52&uid=7438904879291372353
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.32.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-32-70.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
content-length: 0
content-type: text/html

GET
H2 200 plf
c1.adform.net/imatch/ Frame 835A 0
261 B 26ms
25ms Image
text/plain 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plfl

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=7438904879291372353&agencyId=6276&advertiserId=2136215&src=tp&rnd=710664
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame 8B61 713 B
1 KB 102ms
43ms Document
text/html 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=01d7633f-652d-4600-bd56-eb822c61c8a0&no_iframe=1&mt_adid=258182&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1613114&mt_adid=258182&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master cdg-pixel-x35 config:1.0.0 /
Resource Hash: 8040be8c28a19b0f78481f2da17e7220e75adde27eb9713ff626652a066f92da

Request headers

Referer: https://a2.adform.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 713
Content-Type: text/html
Date: Thu, 06 Oct 2022 23:30:53 GMT
Expires: Thu, 06 Oct 2022 23:30:52 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4539 98cc2da master cdg-pixel-x35 config:1.0.0

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ Frame 3FDA 0
481 B 59ms
59ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: a2.adform.net
URL: https://a2.adform.net/serving/container/?pm=2816787&lid=120549097&ctype=0&media=0&PageName=Retargeting&rnd=1339587847&cpref=&loc=https%3a%2f%2fwww.tdecu.org%2fprotect-yourself-from-phishing-attacks%3futm_source%3dAdestra%26utm_medium%3demail%26ut
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master cdg-pixel-x35 config:1.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: MT3 4539 98cc2da master cdg-pixel-x35 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Thu, 06 Oct 2022 23:30:52 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ Frame 8B61 0
481 B 51ms
50ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=01d7633f-652d-4600-bd56-eb822c61c8a0&no_iframe=1&mt_adid=258182&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master cdg-pixel-x11 config:1.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=01d7633f-652d-4600-bd56-eb822c61c8a0&no_iframe=1&mt_adid=258182&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Thu, 06 Oct 2022 23:30:53 GMT
Server: MT3 4539 98cc2da master cdg-pixel-x11 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Thu, 06 Oct 2022 23:30:52 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 100ms
100ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: https://www.tdecu.org
date: Thu, 06 Oct 2022 23:30:53 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 dK5qbhlq.json Show response
cdn-cookieyes.com/client_data/56cf2d44ea731ea9ecfb4a95/ 16 KB
5 KB 57ms
21ms Fetch
application/json 2606:4700:20::681a:46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/56cf2d44ea731ea9ecfb4a95/dK5qbhlq.json
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4428b62cfbedf64bdbf440b254aa2eec9117d3869133bb74d6dc7f1ea30a3d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 17:20:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 195018
etag: W/"4017-5ea38ad8cab84"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIlbFTAvyEh02hVRGGpRM9PxIhpPRsMEBpizkyQd39M90HKQyYAlLr5GLDk9UXSiLG4VkFlng9xd4gpwEocj1pF%2Bai8Qj1vE0sBzQYIDE5I5CMXs%2F1lLILoElrPe%2FMW6tR0R8aCZlS19zEV52D0w"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
cf-ray: 756230045833692e-FRA

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=3AF346649DB94BA79B1DB32333D808A5&RedC=c.clarity.ms&MXFR=0FB0105056A36E3A3E35026552A360F5
https://c.clarity.ms/c.gif?CtsSyncId=3AF346649DB94BA79B1DB32333D808A5&MUID=13A4FE16CAFD6DC42AF2EC23CB8C6CC8

42 B
370 B

36ms
35ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=3AF346649DB94BA79B1DB32333D808A5&MUID=13A4FE16CAFD6DC42AF2EC23CB8C6CC8
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
last-modified: Tue, 13 Sep 2022 19:54:52 GMT
server: Microsoft-IIS/10.0
etag: "8d3298b0aac7d81:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 06 Oct 2022 23:30:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4044B9E6B9DF437B8D721FD04E400CC1 Ref B: FRAEDGE1113 Ref C: 2022-10-06T23:30:54Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=3AF346649DB94BA79B1DB32333D808A5&MUID=13A4FE16CAFD6DC42AF2EC23CB8C6CC8
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame CB28 0
181 B 48ms
41ms Document
text/html 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=s4so7ax&ref=https%3A%2F%2Fwww.tdecu.org%2Fprotect-yourself-from-phishing-attacks%3Futm_source%3DAdestra%26utm_medium%3Demail%26utm_term%3D%26utm_content%3DLearn%2520More%26utm_campaign%3DOctober%252022%2520Security%2520Awareness%2520Campaign&upid=1epc39v&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tdecu.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Thu, 06 Oct 2022 23:30:54 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 result.php Show response
directory.cookieyes.com/geoip/checker/ 111 B
313 B 103ms
35ms Fetch
text/html 46.101.13.61
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://directory.cookieyes.com/geoip/checker/result.php
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.101.13.61 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: 529751.cloudwaysapps.com
Software: nginx /
Resource Hash: 458458e300f30db64f692e4704a0a7a8f6f2cf1c658ff4b6d70ca33d08d0b191

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 113

GET
H2 200 tdecu-logo.svg
www.tdecu.org/images/assets/ 5 KB
2 KB 117ms
116ms Image
image/svg+xml 3.17.197.235
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdecu.org/images/assets/tdecu-logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.17.197.235 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-17-197-235.us-east-2.compute.amazonaws.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a466f2cd63a7ab3ea163854856db3b06103c7af453411ac23d0fd377e8454bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/protect-yourself-from-phishing-attacks?utm_source=Adestra&utm_medium=email&utm_term=&utm_content=Learn%20More&utm_campaign=October%2022%20Security%20Awareness%20Campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:55 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 27 Jan 2020 19:33:59 GMT
server: nginx/1.18.0 (Ubuntu)
age: 3396
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cache: HIT
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1613
x-cache-hits: 25

GET
H2 200 close.svg
cdn-cookieyes.com/assets/images/icons/ 317 B
539 B 22ms
21ms Image
image/svg+xml 2606:4700:20::681a:46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cookieyes.com/assets/images/icons/close.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 057121d759b2f06b7f958b628fe8f6da48dfde4ff2506d3c9736b01118ebba0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdecu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 23:30:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 15 Mar 2022 04:40:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 313140
etag: W/"13d-5da3a673c2c19"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FM%2B%2B17RsJk6ahhxU0Itxu07BTDWD01AxLgKcOHoTvrVf6kKRbuwol7wT5aoLbz66y8v2elPO%2BB2i48mCX%2FF2biAu92gRGcoBzKshPeTzaprE8hfmz25eWiq4bZ7%2BZZMyKVtgm68QILgVLl0zgFZ"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=0, s-maxage=604800, proxy-revalidate
cf-ray: 7562300578b29125-FRA

POST
H2 200 log
log.cookieyes.com/api/v1/ 2 B
153 B 130ms
40ms Ping
text/plain 52.209.76.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://log.cookieyes.com/api/v1/log
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/56cf2d44ea731ea9ecfb4a95/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.76.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-76-227.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryjiRcBo4CgjLsNLzE

Response headers

access-control-allow-origin: *
date: Thu, 06 Oct 2022 23:30:55 GMT
x-powered-by: Express
content-length: 2
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type: text/plain; charset=utf-8

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 202ms
201ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.tdecu.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: https://www.tdecu.org
date: Thu, 06 Oct 2022 23:30:56 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vars.hotjar.com
URL: https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html

Domain: global.ib-ibi.com
URL: https://global.ib-ibi.com/image.sbmx?go=302927&pid=567&xid=7438904879291372353

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

110 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sitescdn.net/	1970-01-20 06:31:40	Name: __cf_bm Value: BedHp29DC1aermoP58fSPGfnhSkMEe11BJMI33D5Bt4-1665099051-0-AShCBpvSwazf3W00Ax8Lsi+yU+OQwbmRgcwdR7v9j7Q3wLuHPh1oUtddQ01UhRT6NJfQZWOpAzOpv8cnHpX1kqI=
.cds-sdkcfg.onlineaccess1.com/	1969-12-31 23:59:59	Name: __cfruid Value: d4d4903362a927ec9a2c2964fcf4a846e940f241-1665099051
.tdecu.org/	1970-01-20 08:41:15	Name: _gcl_au Value: 1.1.1571863565.1665099052
.tdecu.org/	1970-01-20 16:07:39	Name: sessionCount Value: 1
.tdecu.org/	1970-01-20 06:31:40	Name: _documentReferrerSet Value:
.tdecu.org/	1970-01-20 06:31:40	Name: sessionIsLive Value: 082a49d6-0916-451d-b542-5608bf71557c
.tdecu.org/	1970-01-20 06:31:40	Name: localHour Value: 23
.bing.com/	1970-01-20 15:53:15	Name: MUID Value: 13A4FE16CAFD6DC42AF2EC23CB8C6CC8
162566.tctm.co/	1969-12-31 23:59:59	Name: ct162566 Value: 633f652c00027b061a328bc8
.tdecu.org/	1970-01-20 06:33:05	Name: _gid Value: GA1.2.1467981631.1665099052
www.clarity.ms/	1970-01-20 15:17:15	Name: CLID Value: e74202b1852044c69d1237d43740752a.20221006.20231006
.tdecu.org/	1970-01-20 16:07:39	Name: _ga_73V86QZK0R Value: GS1.1.1665099052.1.0.1665099052.60.0.0
.tdecu.org/	1970-01-20 08:41:15	Name: __ctmid Value: 633f652c00027b061a328bc8
www.tdecu.org/	1970-01-20 08:41:15	Name: __ctmid Value: 633f652c00027b061a328bc8
.tdecu.org/	1970-01-20 06:31:39	Name: _dc_gtm_UA-6069095-1 Value: 1
.tdecu.org/	1970-01-20 08:41:15	Name: _fbp Value: fb.1.1665099052591.1467297235
.tdecu.org/	1970-01-20 15:17:15	Name: _clck Value: 1tgvaa8\|1\|f5h\|0
.tdecu.org/	1970-01-20 16:07:39	Name: _ga Value: GA1.2.1277104142.1665099052
.tdecu.org/	1970-01-20 06:33:05	Name: _uetsid Value: ead5c61045ce11eda9648de7940a99d6
.tdecu.org/	1970-01-20 15:53:15	Name: _uetvid Value: ead5f5e045ce11ed903425755dd55520
www.tdecu.org/	1970-01-20 06:31:40	Name: _ipReturned Value: 1
.adform.net/	1970-01-20 07:16:21	Name: C Value: 1
.adform.net/	1970-01-20 07:58:03	Name: uid Value: 7438904879291372353
.adform.net/	1970-01-20 06:33:05	Name: CM Value: 1\|1
.adform.net/	1970-01-20 06:51:48	Name: CM14 Value: 1665185453_1665099053_1_Hu7u4e4e4R7u7u4REREeERERERHhEQ
.seadform.net/	1970-01-20 07:58:06	Name: uid Value: 7438904879291372353
.adscale.de/	1970-01-20 15:13:55	Name: uu Value: 968c260cf8e34176a396ea9cdfba5542
.adscale.de/	1970-01-20 15:13:55	Name: cct Value: 1665099053308
.ih.adscale.de/	1970-01-20 15:13:55	Name: tu Value: 4#106675481#42~7438904879291372353~462527~0~0
.bidswitch.net/	1970-01-20 15:17:15	Name: tuuid Value: fb940819-4d31-452e-90b4-4bffa38dd195
.bidswitch.net/	1970-01-20 15:17:15	Name: c Value: 1665099053
.bidswitch.net/	1970-01-20 15:17:15	Name: tuuid_lu Value: 1665099053
.yieldlab.net/	1970-01-20 15:17:15	Name: id Value: ec0f18fb-ccbd-4f65-9fdd-b215f9fab90f
.tdecu.org/	1970-01-20 06:33:05	Name: _clsk Value: 1qnmnwm\|1665099053393\|1\|1\|d.clarity.ms/collect
.yahoo.com/	1970-01-20 15:17:36	Name: A3 Value: d=AQABBC1lP2MCEJh0La7zM2D9P9ABk0bxlNUFEgEBAQG2QGNJYwAAAAAA_eMAAA&S=AQAAAuNmXlU2fiiLEZlg6zE0usc
.casalemedia.com/	1970-01-20 15:17:15	Name: CMID Value: Yz9lLbfYcQnzQbqjW24yCgAA
.casalemedia.com/	1970-01-20 08:41:15	Name: CMPS Value: 1119
.casalemedia.com/	1970-01-20 08:41:15	Name: CMPRO Value: 1119
.1rx.io/	1970-01-20 15:17:15	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003%22%7D
.eyeota.net/	1970-01-20 06:31:39	Name: SERVERID Value: 16615~DM
.analytics.yahoo.com/	1970-01-20 15:17:15	Name: IDSYNC Value: 1760~27kn
.ads.stickyadstv.com/	1970-01-20 07:58:03	Name: uid-bp-617 Value: 7438904879291372353
.ads.stickyadstv.com/	1970-01-20 07:14:51	Name: UID Value: f768d0c07bf0fc8d45b97d2c1b9d24da
.ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 4a6e4bef6a675e45c5a07ed987ee337
.semasio.net/	1970-01-20 15:17:15	Name: SEUNCY Value: 389AB6E249A50AEA
.exelator.com/	1970-01-20 09:24:27	Name: EE Value: "5a2125ccc59f4c00cfbe4442b2c577f3"
.360yield.com/	1970-01-20 08:41:15	Name: tuuid Value: 9505810f-ed28-4787-b255-e4c0b2fe1f47
.360yield.com/	1970-01-20 08:41:15	Name: tuuid_lu Value: 1665099053
.mathtag.com/	1970-01-20 15:57:34	Name: uuid Value: 01d7633f-652d-4600-bd56-eb822c61c8a0
.360yield.com/	1970-01-20 08:41:15	Name: um Value: !42,EgKb-oTD3axvpZ6HnFKFpr421X6KHn24Rsgivl1Focyc,1666308653
.360yield.com/	1970-01-20 08:41:15	Name: umeh Value: !42,0,1727307053,-1
.exelator.com/	1970-01-20 09:24:27	Name: ud Value: "eJxrXxzq6XKLQcE00cjQyDQ5OdnUMs0k2cAgOS0p1cTExCjJKNnU3DzNeHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDAbEl%252BUWb6IhfXxUUpaQyLSopPBR%252B8fgkAr%252BMrIw%253D%253D"
cm.adsafety.net/	1970-01-20 15:17:15	Name: UID Value: CM12022100623a901e661758d7d5a201
.adsafety.net/	1970-01-20 15:17:15	Name: cm_uid Value: CM12022100623a901e661758d7d5a201
.mathtag.com/	1970-01-20 07:14:51	Name: mt_misc Value: mt_bt:1
.targeting.unrulymedia.com/	1970-01-20 15:17:15	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0f397743-d2b8-4f0e-8343-4b2166709d3b-003%22%7D
tags.adsafety.net/	1970-01-20 15:17:15	Name: UID Value: 1797c219881b1afe6c3dfc70d2c74a36
tags.adsafety.net/	1970-01-20 15:17:15	Name: DID Value: 1797c219881b1afe6c3dfc70d2c74a36
tags.adsafety.net/	1970-01-20 15:17:15	Name: IDT Value: 100
tags.adsafety.net/	1970-01-20 15:17:15	Name: cookie_ver Value: 2
tags.adsafety.net/	1970-01-20 07:14:51	Name: block_reset Value: 1
.adsafety.net/	1970-01-20 15:17:15	Name: ct_uid Value: 1797c219881b1afe6c3dfc70d2c74a36
.adsafety.net/	1970-01-20 15:17:15	Name: ct_did Value: 1797c219881b1afe6c3dfc70d2c74a36
.adsafety.net/	1970-01-20 15:17:15	Name: ct_idt Value: 100
.onaudience.com/	1970-01-20 15:17:15	Name: cookie Value: 154716d4e1d0033a
.onaudience.com/	1970-01-20 06:33:05	Name: done_redirects147 Value: 1
.doubleclick.net/	1970-01-20 15:53:15	Name: IDE Value: AHWqTUnH8QIeFSLFKiJKYBEmrHsasxvESzpWKBLFlGwvMEhhfuuKlekHOtwC1qb6ZMg
cm.adsafety.net/	1970-01-20 15:17:15	Name: permanent Value: 1
.krxd.net/	1970-01-20 10:50:51	Name: _kuid_ Value: PH2LSOZi
.crwdcntrl.net/	1969-12-31 23:59:59	Name: _cc_cc Value: ctst
.adnxs.com/	1970-01-20 08:41:15	Name: uuid2 Value: 501162471479193006
ads.smartstream.tv/	1970-01-20 15:17:15	Name: DID Value: 1797c219881b1afe6c3dfc70d2c74a36
ads.smartstream.tv/	1970-01-20 15:17:15	Name: idt Value: 100
ads.smartstream.tv/	1970-01-20 15:17:15	Name: permanent Value: 1
ads.smartstream.tv/	1970-01-20 07:14:51	Name: cm_uid Value: CM12022100623a901e661758d7d5a201
.adnxs.com/	1970-01-20 08:41:15	Name: anj Value: dTM7k!M4/YD>6NRF']wIg2E><g7!W?!]tbPl1M66+q([OUf#$[_'b%-Q4wP>SjsgZa[S1w_/$)qMvU(^3If)y3KL9D3I?+gMmF@s
.adfarm1.adition.com/	1970-01-20 08:41:15	Name: UserID1 Value: 7151545981531781273
.w55c.net/	1970-01-20 16:01:53	Name: wfivefivec Value: RwbQbcOS1OGAkm5
.w55c.net/	1970-01-20 07:14:51	Name: matchadform Value: 5
.agkn.com/	1970-01-20 15:17:15	Name: ab Value: 0001%3AorNs%2F3oAHiMYKRhGJIAU%2FKw2pGQ9lapv
.id5-sync.com/	1970-01-20 06:31:39	Name: cf Value:
.id5-sync.com/	1970-01-20 06:31:39	Name: cip Value:
.id5-sync.com/	1970-01-20 06:31:39	Name: cnac Value:
.id5-sync.com/	1970-01-20 06:31:39	Name: car Value:
.id5-sync.com/	1970-01-20 06:31:39	Name: gdpr Value:
.id5-sync.com/	1970-01-20 06:31:39	Name: callback Value:
.weborama.fr/	1970-01-20 15:57:34	Name: AFFICHE_W Value: B6ZSAR9-o2gH59
.tapad.com/	1970-01-20 07:58:03	Name: TapAd_TS Value: 1665099054204
.tapad.com/	1970-01-20 07:58:03	Name: TapAd_DID Value: 5d6e8368-f519-464a-a1cd-13ecc010bd05
.tapad.com/	1970-01-20 07:58:03	Name: TapAd_3WAY_SYNCS Value:
cm.adsafety.net/	1970-01-20 15:17:15	Name: cache0 Value: KzFHSk9wMUZsMkpMMjlsMzBXenlaNnlrNEp6QXNZTExnTHBnbkVhdldtcm5kWU9KV1o0OE95cmFPQ0lLTFZXU2dGWHd4dW94N3NRN0lRQXJ6dzdpTEZVSmFWWG1rRUcyVHlGRzYwOW1uaXUrNGhyL1E2Y2U5cmdlNDZmNithMTNtMlg2czFra2xGRkFkL1JuaHd6azRCYXdoTU1UaWRwWXBYWEVIK041dU1jN2J0bmlINVdTLzRicFZDWUo2dFdKTUhqclpGM1lic050OXVpNWI5WjdDcmJ4MXRHbTQwdkNhY2NmRXBRdjNZajBPdXh3MjVzM1N4Q2phR25xbTRtL21hRkVHM2pCa2NWR2NxeFVMaGlNdVMyQVhFMEh0ek1NbC96K0dGR09Od1lTa0NVMVhIa3c0UktNRExxeDFLMmtsejNDTDFGZm1RZmNEMHFuWGJLZWNWeEJhWVFZTkh5SWFHaFd6KzZFVE1sc1VSbnBXUEhLSC83TlBvcmdxV2t0REg2L28yY0Z3UXVjUWxYV1AzczR0RVBtenBRd0JVSXBzVFJhWGo1a2pkRVJTbnAzczhCWU5uODRzcE9iNCt4SkExbGp3RDZteDhmZzlMWTNSVHZoNjNNZTRJaUdIRUE2UVR0WVltVW10L1h3NHJ0MTUweUQ2czJ6UmVyYkFHMnBLdjFDMWpxSGlhVWx0bjgzK3ROV2QrQXNFOHAzS0VaemdFUEhBN1BlUGFWRGtwRmk2SXhSUFhUTWViNG42MTQ4TjhLdWtGVzFrSDBsaklOZWRuUVJXQ1pyMHp2eFZuTWNtQktSTW9xTVpxMU9xZlhmLy9SZ0ludGpIT3NPM09wVDc5NHlabDhlOWJURlNvdHp1M0xjZ3hPMU1VTnk1NDJBZ21oV1ZtTEVpV3JWamdiYUVlaDRJdENLYzM3a05FdU5KVlBzT29zeWUvTFFsYnViRHdlU0RIT29nWThvVU43WkplRGQzVmo5ZkZMNG83dHlwL2xoYTRvckJXN3N0R3VZbUp1NUc3THlnUUliTmtNd3VRMjFKdm5XN1dDUTBnb2pYSkVpSmV6TW1qM1Ezb21OTEtkV0x3R0ZHeTZCQ042WXVoZDM0UXNNcnAzKzVPdWUxZThkOStxSnNOU0V5TjhZWkZZTFZCcEpQVUU4KzJFSks1dTVqZjVneFhqVzFwVzlLTUNZNzVWekkyWFNPSzVQaERqY2F4NnNGUDJMRmtYdkZmNnMyY0FoZG5JemFzTHpZOGZHUHg3ZHBrQTdhMHNvYitpakpLUXliNENmZmMyYTM4WE96Qi8xeW9LVHhQU0N5Tmk1WEV3bXVPUnZMbENEMWNWQnpEM3Q3QkordUVHNw%3D%3D
.1dmp.io/	1970-01-20 15:17:15	Name: uid Value: ebf69a21-45ce-11ed-8ff0-f832e4719dd9
.audrte.com/	1970-01-20 06:53:15	Name: arcki2 Value: l42wVazfo8GRDig6QvGI0xn7A!20220908!1665099054302
.audrte.com/	1970-01-20 06:53:15	Name: arcki2_adform Value: 7438904879291372353!20220908!1665099054302
.audrte.com/	1970-01-20 06:53:15	Name: arcki2_ddp Value: CAESEGPM7IwDCq9A5LHXqBDX0zQ!20220908!1665099054443
.audrte.com/	1970-01-20 06:41:43	Name: arcki2_TTT Value: 1665099054444!l42wVazfo8GRDig6QvGI0xn7A!50#863#190#1495#1032#1329#441#1498#1231#322#310#634#454#431#880#101#832#132#1686#738#918#1834#629#1205#-1#1783#1298#250#1455#-1#1787#146#1623#262#783#782#1233#1230#685#-1#1010#1761#1803#1751#731#284#370#15#-1#532#1758#1029#368#1558#464#-1#626#-1#430#766#1648#107#1073#1236#8#1005#1785#492#689#1056#933#1689#1012#1324#662#1244#234#294
.demdex.net/	1970-01-20 10:50:51	Name: demdex Value: 31518233421444085350667207475019161095
.dpm.demdex.net/	1970-01-20 10:50:51	Name: dpm Value: 31518233421444085350667207475019161095
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyesID Value: NnJjbVlNS2NMMHJBQVluZlFjMkhSQkpGVmNFblp2OXQ=
.tdecu.org/	1970-01-20 15:17:15	Name: cky-consent Value: no
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyes-necessary Value: yes
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyes-functional Value: no
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyes-analytics Value: no
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyes-performance Value: no
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyes-advertisement Value: no
.tdecu.org/	1970-01-20 15:17:15	Name: cookieyes-other Value: no
.c.bing.com/	1970-01-20 15:53:15	Name: SRM_B Value: 13A4FE16CAFD6DC42AF2EC23CB8C6CC8
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:53:15	Name: MUID Value: 13A4FE16CAFD6DC42AF2EC23CB8C6CC8
.c.clarity.ms/	1970-01-20 06:31:39	Name: ANONCHK Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
network	error	URL: https://idsync.rlcdn.com/398366.gif?partner_uid=7438904879291372353 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://global.ib-ibi.com/image.sbmx?go=302927&pid=567&xid=7438904879291372353 Message: Failed to load resource: net::ERR_CONNECTION_RESET

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

162566.tctm.co
a.audrte.com
a1.seadform.net
a2.adform.net
aa.agkn.com
ad.360yield.com
ad.yieldlab.net
ads.smartstream.tv
ads.stickyadstv.com
answersstatus.pagescdn.com
api.adrtx.net
api.ipify.org
assets.sitescdn.net
bat.bing.com
beacon.krxd.net
c.bing.com
c.clarity.ms
c1.adform.net
cdn-cookieyes.com
cdn.tdecu.org
cds-sdkcfg.onlineaccess1.com
cm.adsafety.net
cm.g.doubleclick.net
cm.smartstream.tv
connect.facebook.net
d.adroll.com
d.clarity.ms
directory.cookieyes.com
dmp.adform.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e1.emxdgt.com
eb2.3lift.com
ece.tdecu.org
emails1.tdecu.org
eu-u.openx.net
fonts.gstatic.com
global.ib-ibi.com
googleads.g.doubleclick.net
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
ih.adscale.de
insight.adsrvr.org
js.adsrvr.org
load77.exelator.com
loadm.exelator.com
log.cookieyes.com
match.adsrvr.org
match.contentexchange.me
pdw-adf.userreport.com
pixel.mathtag.com
pixel.onaudience.com
pixel.tapad.com
pm.w55c.net
polyfill.io
ps.eyeota.net
redirect.frontend.weborama.fr
region1.analytics.google.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s.adroll.com
s2.adform.net
s3-eu-west-1.amazonaws.com
script.hotjar.com
se.semasio.net
secure.adnxs.com
simage2.pubmatic.com
static.hotjar.com
stats.g.doubleclick.net
sync.1dmp.io
sync.1rx.io
sync.crwdcntrl.net
sync.targeting.unrulymedia.com
sync.teads.tv
tags.adsafety.net
tags.bluekai.com
token.rubiconproject.com
uipglob.semasio.net
ups.analytics.yahoo.com
vars.hotjar.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.tdecu.org
x.bidswitch.net
global.ib-ibi.com
vars.hotjar.com
108.138.15.119
13.32.121.36
139.162.141.41
139.162.147.254
141.94.170.64
142.250.74.194
15.197.193.217
162.19.138.82
172.217.16.130
18.156.32.70
18.157.92.103
18.203.72.119
18.66.122.38
185.167.164.39
185.64.190.80
185.80.39.216
185.86.137.133
192.0.54.4
2.16.107.130
2.18.232.236
2.18.232.7
2.18.233.201
20.234.93.27
2001:4860:4802:34::36
213.19.147.44
216.117.88.121
2600:9000:223d:5a00:12:de4a:40:93a1
2600:9000:223d:7000:8:e724:a480:93a1
2600:9000:223f:c00:1b:5138:8a40:93a1
2600:9000:225e:7400:6:9280:1080:93a1
2606:4700:20::681a:46
2606:4700::6812:7034
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:802::2008
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c0b::9c
2a02:6ea0:c700::19
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:400::282
3.120.86.7
3.126.56.137
3.127.178.105
3.17.197.235
3.232.242.170
3.248.26.101
34.250.137.124
34.98.64.218
35.156.209.249
35.190.24.218
35.227.248.159
35.244.174.68
37.157.3.28
37.157.4.28
37.157.5.71
37.252.172.250
37.252.173.38
40.76.174.66
46.101.13.61
46.19.11.36
52.20.226.248
52.209.76.227
52.210.237.106
52.222.214.81
52.222.236.74
52.48.159.197
52.92.16.104
54.77.143.129
54.78.254.47
69.173.144.165
76.223.111.18
77.243.60.138
79.125.33.106
80.85.85.173
85.114.159.93
91.210.226.73
95.216.101.186
96.16.132.239
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
057121d759b2f06b7f958b628fe8f6da48dfde4ff2506d3c9736b01118ebba0e
085e3746cf21a3aa96e15d1bdf452501b6db5ad8fa58ed8d1446538531e1010a
0a23c1163a1431397395baa2be10de40c4aa9a5c6275cad8058cc036b2009e8d
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
12a5431c2a5164ac6596d2eac38c00e815a17bf3c22bd48fe969d15172fc3991
12b75628c11e71eb5a403f0da689dc9ae46c4a7b459433924eb80b2a198647dd
1d11441a60f0c81871548ccecf0b533ae2fff9f3b47aeb8d8d25ff1f2f10f54f
1fd233981c6b629d5456d46bd8732c906b5ae554b2df9fe73d8051a93ae51f0c
213082b247b805323b96f5813077464eca121c02268893b9c40136de5c79f0c5
2492ba95f7be721c6370736a9862779dd07eec7ac91b35f18eecb0de1b03cc42
24d620924416c7f236b86ae2c910c482393264fce1aac775411d18fa22880ac7
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d89521fc41896a5d963c172ff3ad930b8b96d2d91bef5fdd13bce74e3ca29ba
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32a191572908746d2e318ba46d98d44ccb92ac9354ba06aad2fe3a47aa354753
36b8ba6d8daab27f21a23b6f0deb326d45c7ffa2ca328f7149e0022297101006
3bcbbfc6b7e95f606e79404323b1f75eb7e830c58facc58425f0085d84399929
3cadff7b3b6c9e819a393dd4510dccec05d7069b7d31612ce8b25ca886d63704
458458e300f30db64f692e4704a0a7a8f6f2cf1c658ff4b6d70ca33d08d0b191
45e0091e57ff659d0fe0711a43960d08bd5cf99b6f83e88eafa390fa6770192c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
50f4eb73e4854117bf7bf9da7dc0c17740b03b5db6eb7ee6ffc20aeb35c1ea48
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5b3c6e212cbb3b9f4f28b09cfdc53990e809792192d7d8639d3311f0551c2010
601bf858ee443c37fdaf3accfdf9f2eb8a940d1280b453df045f2ee1a602fac2
677007f92b6b975526c800c6703fac513835b491b4080deade5d94733a557ba0
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
706494a230ae9c22ebbda2b9fce9af786bac0ea5f315c80e3fbe9f44e7883c38
7a108193a3c54e5c07c1207c0e38b0279d9cddc0fb844fdbdcaf82629ec69eb8
7b6b64bd38df5d467b00a459640f5eeb0c99c5a1d92e3489553dcc42344ff0ff
8040be8c28a19b0f78481f2da17e7220e75adde27eb9713ff626652a066f92da
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835696517ff5ba625b47c1eef3cba0aa3c0c4046fcdfc029ca6f6903679f96b5
847ddd7cbb1ab322976ca46c2038b5dacaacb781ff25c9e576c859455802fcac
84ae23aaf51673104ae2b1615edba36c389e64ff210f7a1f6eb0841dbdee8ecf
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
880b190fecae5d591eda74b029bd455544f6450f3d11e8d835cc4158c0217dfc
8886bc9745af99b682574b4c3864b147ae902d9dd158e6ca6d3f06cf916dc758
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
953e5e1416b43852b2942d157045bcb0866b18b8ee9c09326a610cb217683ccf
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a4a68177affd641d3fde8cd0470f275b87b174ee1928853bdf7214e823b3fd7
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a0375c054a0041bd58e2a0bf7fa3df7c3904bfc4f790fd24e32ff3ee70fd0eef
a05729ad7443e4ad55efc7c7b574463418ab9c337f231d8b96fbd60691736a2d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a466f2cd63a7ab3ea163854856db3b06103c7af453411ac23d0fd377e8454bb8
a8605650447ae1bf9c2dae528d765e7df7658271b7cbd2aab4bd420422311eb7
ac95c477efaa07a16230ce221852079ca223f64fd45198e4541c74d3362638e0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3cb32c60f686a7b94de2f050bb5b393e84b7782331ad1c1fa949eb5a8e5eaf0
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b88ca1362fa7b7e72bc6910d525f3bfd040e4730b86b68fcd76775d026817563
ba960c173477dd5ebfc2080ee2eb8243f889621e97d2efbde4386e4c6283bbbb
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c3b474fc41c84c29f9c29d8e1bd55197f7c5bfcc462959857692406c4cda5172
c4428b62cfbedf64bdbf440b254aa2eec9117d3869133bb74d6dc7f1ea30a3d0
c8f771fc73cd9c5dfdd7d54cb5f0c147cbc7384105ef32c40986dbc807e5d00c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1daa5c510de8fbfb48e9970ddfa0bf4f022464d301e0f1b9c47af86409702cf
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b9d52f002201be697fbc0ebf4bdcc61d6c01d0bb1359213e62c67e21850047
e482eb6717364f5372e044fe181c2abdcbffa18e36a7860634deb4273440a139
eca748978e29dc1deb6a429d50832c27eaad4f04c8aea616da0ee7cf4fb4f94f
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f644815843a31ecb96ea8c3e85d3de355a8cd0a3d9a795075be056e6fbaca5e4
fda3d48ff7b2599f09ffd9ec8a510486adc95cb93cf92f5695ce1a424a901bd6
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
fe5e6e9b7681a6e4f21bd58613868baa8b8fc8110e0e5ea2bb56a71d7410cdc9
fff2dd7edd34a2bfe16a86e3361e469b1f42d33a3b07bac3d69760e8ae5668c8

www.tdecu.org Open in urlscan Pro 3.17.197.235 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

137 Requests

80 %HTTPS

25 %IPv6

69 Domains

92 Subdomains

68 IPs

11 Countries

3312 kBTransfer

6169 kBSize

110 Cookies

27 Outgoing links

Page URL History

Redirected requests

137 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tdecu.org Open in urlscan Pro
3.17.197.235 Public Scan

Screenshot
Live screenshot

Full Image

137
Requests

80 %
HTTPS

25 %
IPv6

69
Domains

92
Subdomains

68
IPs

11
Countries

3312 kB
Transfer

6169 kB
Size

110
Cookies

137 HTTP transactions
2 data transactions