results.ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cybersecurity.ci.security/e/414142/ur-202004-amputm-content-genit/r4bt1l/1038620270?h=qgGnJ15wQ6rR1fy4unbS_nMeJvDFMYRi_QeE...
Effective URL:
https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_...
Submission: On June 10 via api (June 10th 2020, 4:38:20 pm UTC) from US

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 5 countries across 17 domains to perform 31 HTTP transactions. The main IP is 207.38.86.153, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is results.ci.security.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2020. Valid for: 3 months.

This is the only time results.ci.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	18.232.28.189 18.232.28.189	14618 (AMAZON-AES) (AMAZON-AES)
8	207.38.86.153 207.38.86.153	30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
2	3.23.241.62 3.23.241.62	16509 (AMAZON-02) (AMAZON-02)
1 3	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
2	13.224.198.109 13.224.198.109	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.224.198.105 13.224.198.105	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	143.204.89.37 143.204.89.37	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.193.31 52.49.193.31	16509 (AMAZON-02) (AMAZON-02)
1 2	13.225.87.70 13.225.87.70	16509 (AMAZON-02) (AMAZON-02)
2	35.174.150.168 35.174.150.168	14618 (AMAZON-AES) (AMAZON-AES)
1 4	72.247.224.172 72.247.224.172	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.30.34.11 52.30.34.11	16509 (AMAZON-02) (AMAZON-02)
31	17

2 18.232.28.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-6-ue1.aws.pardot.com

cybersecurity.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 207.38.86.153 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: web594.webfaction.com

results.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.23.241.62 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-23-241-62.us-east-2.compute.amazonaws.com

cms.thekraken.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:815::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.198.109 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-109.fra2.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.198.105 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-105.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.37 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-37.fra50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.193.31 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-193-31.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.87.70 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-70.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.174.150.168 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-3-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.247.224.172 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-224-172.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.34.11 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-34-11.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ci.security 1 redirects cybersecurity.ci.security results.ci.security	273 KB
5	adroll.com 1 redirects s.adroll.com d.adroll.com	14 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	google-analytics.com 1 redirects www.google-analytics.com	18 KB
3	google.com 1 redirects www.google.com	760 B
2	pardot.com pi.pardot.com	4 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	driftt.com js.driftt.com	45 KB
2	thekraken.xyz cms.thekraken.xyz	812 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	demandbase.com tag.demandbase.com	15 KB
1	licdn.com snap.licdn.com	2 KB
1	gstatic.com www.gstatic.com	122 KB
1	google.de www.google.de	106 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	156 B
1	googletagmanager.com www.googletagmanager.com	33 KB
31	17

	Domain	Requested by
8	results.ci.security	results.ci.security
4	s.adroll.com	1 redirects results.ci.security s.adroll.com
3	www.google-analytics.com	1 redirects www.googletagmanager.com results.ci.security
3	www.google.com	1 redirects results.ci.security www.gstatic.com
2	pi.pardot.com	results.ci.security pi.pardot.com
2	segments.company-target.com	1 redirects results.ci.security
2	match.prod.bidr.io	2 redirects
2	px.ads.linkedin.com	1 redirects results.ci.security
2	js.driftt.com	results.ci.security js.driftt.com
2	cms.thekraken.xyz	results.ci.security www.google-analytics.com
2	cybersecurity.ci.security	1 redirects pi.pardot.com
1	d.adroll.com
1	d.adroll.mgr.consensu.org	1 redirects
1	api.company-target.com	tag.demandbase.com
1	www.linkedin.com	1 redirects
1	tag.demandbase.com	results.ci.security
1	snap.licdn.com	results.ci.security
1	www.gstatic.com	www.google.com
1	www.google.de	results.ci.security
1	stats.g.doubleclick.net	1 redirects
1	www.googletagmanager.com	results.ci.security
31	21

This site contains no links.

Subject Issuer	Validity	Valid
results.ci.security Let's Encrypt Authority X3	`2020-05-31` - `2020-08-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
*.thekraken.xyz Amazon	`2020-01-23` - `2021-02-23`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
drift.com Amazon	`2019-10-03` - `2020-11-03`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2019-12-26` - `2020-12-26`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
cybersecurity.ci.security Let's Encrypt Authority X3	`2020-05-01` - `2020-07-30`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Frame ID: 9A53DBF57D090053248097854246F49D
Requests: 29 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L&co=aHR0cHM6Ly9yZXN1bHRzLmNpLnNlY3VyaXR5OjQ0Mw..&hl=en&v=2diXFiiA9NsPIBTU15LG6xPf&size=invisible&cb=h24y6s3gpl2c
Frame ID: E709B9CB8115E6B8705F99757EAD19C1
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: AAD3133F60F9F24A24F8CA6CE746DB42
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cybersecurity.ci.security/e/414142/ur-202004-amputm-content-genit/r4bt1l/1038620270?h=qgGnJ15wQ6rR1fy4... HTTP 301
https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

31
Requests

100 %
HTTPS

45 %
IPv6

17
Domains

21
Subdomains

17
IPs

5
Countries

1339 kB
Transfer

1757 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cybersecurity.ci.security/e/414142/ur-202004-amputm-content-genit/r4bt1l/1038620270?h=qgGnJ15wQ6rR1fy4unbS_nMeJvDFMYRi_QeE-f8yaTU HTTP 301
https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=769249654&t=pageview&_s=1&dl=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&ul=en-us&de=UTF-8&dt=Hacker%20caught%20while%20downloading%20sensitive%20data%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1468854545&gjid=1319391337&cid=1781729627.1591807080&tid=UA-72734021-3&_gid=2094126643.1591807080&_r=1&gtm=2ou5r0&z=1555202815 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_gid=2094126643.1591807080&gjid=1319391337&_v=j82&z=1555202815 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_v=j82&z=1555202815 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_v=j82&z=1555202815&slf_rd=1&random=1121042643

Request Chain 17

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1591807080702 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fresults.ci.security%252Flog%252Fhacker-caught-downloading-credentials%253Futm_source%253Dpardot%2526utm_medium%253Demail%2526utm_campaign%253Dg_nur_202004%2526utm_content%253Dgenit%26time%3D1591807080702%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1591807080702&liSync=true

Request Chain 20

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AABYLk69whkAAAwfzKZmDA HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABYLk69whkAAAwfzKZmDA&verifyHash=c076ba91ff59e6a843340017c2521b1482b2b2c4

Request Chain 25

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 27

https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=12f3f5543820a8051208d60b5f685faa&_b=2 HTTP 302
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=12f3f5543820a8051208d60b5f685faa&_b=2

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request hacker-caught-downloading-credentials Show response
results.ci.security/log/
Redirect Chain

https://cybersecurity.ci.security/e/414142/ur-202004-amputm-content-genit/r4bt1l/1038620270?h=qgGnJ15wQ6rR1fy4unbS_nMeJvDFMYRi_QeE-f8yaTU
https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

20 KB
20 KB

802ms
539ms

Document
text/html

207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: 082b1cd1753d7170424c2111c175b8c773d8ab74dfe1e5ea71edce670be06475

Request headers

Host: results.ci.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 10 Jun 2020 16:38:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 20373
Connection: keep-alive

Redirect headers

Date: Wed, 10 Jun 2020 16:37:59 GMT
Set-Cookie: pardot=kp79ssedemfgua0jnmhasrvkmk; path=/ visitor_id414142=792926136; expires=Sat, 02-Jan-2021 17:37:59 GMT; Max-Age=17802000; path=/; SameSite=None; secure visitor_id414142-hash=4257909a34b12cfd2b70a7d503e55d3a0462f5f2e1e022cf36105f31314be9635017ee2a3fc2951c42419937e149b47bef728168; expires=Sat, 02-Jan-2021 17:37:59 GMT; Max-Age=17802000; path=/; SameSite=None; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 187
Content-Type: text/html; charset=UTF-8
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
Server: PardotServer
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
Connection: keep-alive

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Requested by

Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b2d66d322a9c4fa5d1b1fd1a126c3c35b463eb53f87c2a6cdcec915a82f4d33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:00 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33237
x-xss-protection: 0
last-modified: Wed, 10 Jun 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 10 Jun 2020 16:38:00 GMT

GET
H/1.1 200
OK kraken.min.css
results.ci.security/static/ 92 KB
92 KB 224ms
122ms Stylesheet
text/css 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://results.ci.security/static/kraken.min.css?v4.1
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: f6205c3211139244ebbf1a4bfd6e34794e011a968a4c43044edf3c1b1d026aad

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Wed, 19 Feb 2020 22:17:53 GMT
Server: nginx
ETag: "1582150673.694962-94360-3162839808"
Content-Type: text/css; charset=utf-8
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 94360
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H/1.1 200
OK CISecurityLogoReversed.svg
results.ci.security/static/img/ 3 KB
3 KB 348ms
117ms Image
image/svg+xml 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://results.ci.security/static/img/CISecurityLogoReversed.svg
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: e406990fbc4b2b959d7ae7bdeebe2b0e64226cf99451ca89fd9710d01df5ff4b

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Thu, 24 Jan 2019 23:41:40 GMT
Server: nginx
ETag: "1548373300.5364592-3034-2641043770"
Content-Type: image/svg+xml
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3034
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H2 200 185.jpg
cms.thekraken.xyz/storage/uploads/thumbs/ 7 KB
7 KB 523ms
115ms Image
image/jpeg 3.23.241.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.thekraken.xyz/storage/uploads/thumbs/185.jpg

Requested by

Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.23.241.62 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-23-241-62.us-east-2.compute.amazonaws.com

Software

Apache /

Resource Hash

b46f4290148512d64b95ddb1f093c1c3d36d820da2b0a82c6966aef336f67a62

Security Headers

Name	Value
Strict-Transport-Security	strict-transport-security: max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:00 GMT
referrer-policy: strict-origin
last-modified: Thu, 21 Jun 2018 22:22:12 GMT
server: Apache
etag: "1a46-56f2e58c76b3c"
x-frame-options: ALLOW-FROM https://www.youtube.com/
content-type: image/jpeg
status: 200
x-xss-protection: 1; mode=block
cache-control: max-age=1209600, public, public
strict-transport-security: strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 6726
x-content-type-options: nosniff

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 708 B
577 B 28ms
27ms Script
text/javascript 2a00:1450:4001:815::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L

Requested by

Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

51a589b6250589927e7760023597ae4b7bf87b3540d3e8afa6aa34e87523dc5e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 477
x-xss-protection: 1; mode=block
expires: Wed, 10 Jun 2020 16:38:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 7102
date: Wed, 10 Jun 2020 14:39:38 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Wed, 10 Jun 2020 16:39:38 GMT

GET
H2 200 developers_at_computer_background-100.jpg
cms.thekraken.xyz/storage/uploads/ 804 KB
805 KB 556ms
212ms Image
image/jpeg 3.23.241.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.thekraken.xyz/storage/uploads/developers_at_computer_background-100.jpg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.23.241.62 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-23-241-62.us-east-2.compute.amazonaws.com

Software

Apache /

Resource Hash

3a3779a57db1b1aead74085e1bc9a0414c62bebb73f2a9882007742fba448950

Security Headers

Name	Value
Strict-Transport-Security	strict-transport-security: max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:00 GMT
referrer-policy: strict-origin
last-modified: Mon, 29 Jul 2019 22:19:01 GMT
server: Apache
etag: "c8e2f-58ed9477553c4"
x-frame-options: ALLOW-FROM https://www.youtube.com/
content-type: image/jpeg
status: 200
x-xss-protection: 1; mode=block
cache-control: max-age=1209600, public, public
strict-transport-security: strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 822831
x-content-type-options: nosniff

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=769249654&t=pageview&_s=1&dl=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medi...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_gid=2094126643.1591807080&gjid=1319391337&_v=j82&z=1555202815
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_v=j82&z=1555202815
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_v=j82&z=1555202815&slf_rd=1&random=1121042643

42 B
106 B

18ms
18ms

Image
image/gif

2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_v=j82&z=1555202815&slf_rd=1&random=1121042643

Requested by

Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jun 2020 16:38:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 10 Jun 2020 16:38:00 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1781729627.1591807080&jid=1468854545&_v=j82&z=1555202815&slf_rd=1&random=1121042643
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2diXFiiA9NsPIBTU15LG6xPf/ 310 KB
122 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2diXFiiA9NsPIBTU15LG6xPf/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c521581b808702299ee8b8948ae8e90ae270ea93206bb1f95846843e0efee725

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Jun 2020 16:45:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 19:45:58 GMT
server: sffe
age: 172334
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125146
x-xss-protection: 0
expires: Tue, 08 Jun 2021 16:45:46 GMT

GET
H2 200 e9cx2parnxxv.js Show response
js.driftt.com/include/1591807200000/ 137 KB
45 KB 179ms
132ms Script
application/javascript 13.224.198.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1591807200000/e9cx2parnxxv.js

Requested by

Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.224.198.109 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-198-109.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 04 Jun 2020 16:05:51 GMT
server: nginx
date: Wed, 10 Jun 2020 16:38:00 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ojWhVpurQkPa6ZMPH3UeO0_lu_CBoXWD2E70R_NGuz5bEpPMEpeJhQ==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 11ms
10ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=55601
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 97379541.min.js Show response
tag.demandbase.com/ 57 KB
15 KB 436ms
390ms Script
application/javascript 13.224.198.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/97379541.min.js
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.198.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-198-105.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1e0c11bc716611c019190874ecf1cc32986016eb45a525e592d7401052d9024b

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:02 GMT
content-encoding: gzip
last-modified: Mon, 24 Feb 2020 22:40:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: E3C5T5tXwka.4FnrQ5cy5WFEXOwwn73b
status: 200
cache-control: public, max-age=3600
content-type: application/javascript; charset=utf-8
x-amz-cf-id: gzUiR5GObLKEhv5HLXNdmHw_bkXy5jWaBZAAaMgZ3-4x3ePCE1S28A==
via: 1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront)

GET
H/1.1 200
OK RobotoSlab-Regular-webfont.woff
results.ci.security/static/fonts/ 23 KB
24 KB 123ms
123ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://results.ci.security/static/fonts/RobotoSlab-Regular-webfont.woff
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://results.ci.security/static/kraken.min.css?v4.1
Origin: https://results.ci.security

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Mon, 16 Mar 2020 21:09:33 GMT
Server: nginx
ETag: "1584392973.4641879-23872-2494112748"
Content-Type: application/font-woff
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23872
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H/1.1 200
OK Roboto-Light-webfont.woff
results.ci.security/static/fonts/ 20 KB
21 KB 120ms
119ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://results.ci.security/static/fonts/Roboto-Light-webfont.woff
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: 072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://results.ci.security/static/kraken.min.css?v4.1
Origin: https://results.ci.security

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Mon, 16 Mar 2020 21:09:33 GMT
Server: nginx
ETag: "1584392973.463188-20904-3255312784"
Content-Type: application/font-woff
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20904
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H/1.1 200
OK soc@0,75x.jpg
results.ci.security/static/img/ 69 KB
69 KB 124ms
123ms Image
image/jpeg 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://results.ci.security/static/img/soc@0,75x.jpg
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: 4763add2b1bf912ec1e9bf5f9103dc6430b321fa9cdb7d54be6846699624b265

Request headers

Referer: https://results.ci.security/static/kraken.min.css?v4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Thu, 24 Jan 2019 23:41:40 GMT
Server: nginx
ETag: "1548373300.542459-70179-136256315"
Content-Type: image/jpeg
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 70179
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H/1.1 200
OK Roboto-Bold-webfont.woff
results.ci.security/static/fonts/ 21 KB
21 KB 250ms
124ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://results.ci.security/static/fonts/Roboto-Bold-webfont.woff
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://results.ci.security/static/kraken.min.css?v4.1
Origin: https://results.ci.security

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Mon, 16 Mar 2020 21:09:33 GMT
Server: nginx
ETag: "1584392973.463188-21320-2673811737"
Content-Type: application/font-woff
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21320
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H/1.1 200
OK Roboto-Regular-webfont.woff
results.ci.security/static/fonts/ 20 KB
21 KB 339ms
121ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://results.ci.security/static/fonts/Roboto-Regular-webfont.woff
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: web594.webfaction.com
Software: nginx /
Resource Hash: 7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://results.ci.security/static/kraken.min.css?v4.1
Origin: https://results.ci.security

Response headers

Date: Wed, 10 Jun 2020 16:38:00 GMT
Last-Modified: Mon, 16 Mar 2020 21:09:33 GMT
Server: nginx
ETag: "1584392973.463188-20924-128393834"
Content-Type: application/font-woff
Cache-Control: public, max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20924
Expires: Thu, 11 Jun 2020 04:38:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campai...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fresults.ci.security%252Flog%252Fhacker-caught-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campai...

0
64 B

174ms
174ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1591807080702&liSync=true
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:01 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: ZYmvQxs8FxZQjQpUwCoAAA==

Redirect headers

strict-transport-security: max-age=2592000
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: ot93PBs8FxbQLfh54CoAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: 027D622A54054B1C863B0B8613C07FEC Ref B: FRAEDGE0919 Ref C: 2020-06-10T16:38:00Z
date: Wed, 10 Jun 2020 16:38:00 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&time=1591807080702&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame E709 0
0 29ms
28ms Document
text/html 2a00:1450:4001:815::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L&co=aHR0cHM6Ly9yZXN1bHRzLmNpLnNlY3VyaXR5OjQ0Mw..&hl=en&v=2diXFiiA9NsPIBTU15LG6xPf&size=invisible&cb=h24y6s3gpl2c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2diXFiiA9NsPIBTU15LG6xPf/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HfEaBFxr2hKPFiZfTb24aQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfXcpsUAAAAAH3hT1-w6gxnyOz12arJe3RAiA4L&co=aHR0cHM6Ly9yZXN1bHRzLmNpLnNlY3VyaXR5OjQ0Mw..&hl=en&v=2diXFiiA9NsPIBTU15LG6xPf&size=invisible&cb=h24y6s3gpl2c
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jun 2020 16:38:00 GMT
content-security-policy: script-src 'report-sample' 'nonce-HfEaBFxr2hKPFiZfTb24aQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9405
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 435 B
938 B 128ms
74ms XHR
application/json 143.204.89.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&page_title=Hacker%20caught%20while%20downloading%20sensitive%20data%20%7C%20CI%20Security&key=ef6f04d2df1cbefc03f9dae82644e767&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/97379541.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.89.37 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-89-37.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 16:38:01 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
request-id: f8d8d32c-bb58-4dcf-b9ac-551e51a90210
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://results.ci.security
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L6zaGQipW7pfK2n_xoCbswE8yqwRxbrKCJsr1uBtnkyivFVCgqJgQg==
expires: Tue, 09 Jun 2020 16:38:01 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AABYLk69whkAAAwfzKZmDA
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABYLk69whkAAAwfzKZmDA&verifyHash=c076ba91ff59e6a843340017c2521b1482b2b2c4

26 B
408 B

195ms
195ms

Image
image/gif

13.225.87.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABYLk69whkAAAwfzKZmDA&verifyHash=c076ba91ff59e6a843340017c2521b1482b2b2c4
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.70 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-70.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 10 Jun 2020 16:38:01 GMT
Via: 1.1 f0dda47e8f83bee88cb60d3d2e3fa5e5.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: eb632fe61037324d
X-Amz-Cf-Id: tW6QYFIYe2S0Vs5dygmu1TI5nVGTsQbFxuMz4-TItOzlUX19pws4fw==

Redirect headers

Date: Wed, 10 Jun 2020 16:38:01 GMT
Via: 1.1 f0dda47e8f83bee88cb60d3d2e3fa5e5.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AABYLk69whkAAAwfzKZmDA&verifyHash=c076ba91ff59e6a843340017c2521b1482b2b2c4
Connection: keep-alive
trace-id: e3916040af32ef30
Content-Length: 0
X-Amz-Cf-Id: poIv8Bch9V0rSD-PYSpXH_Ilw1hhMZPUYbdx4W-ZborzAjUc9djZDA==

GET
H2 200 collect
www.google-analytics.com/ 35 B
105 B 6ms
5ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j82&a=769249654&t=event&ni=1&_s=2&dl=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&ul=en-us&de=UTF-8&dt=Hacker%20caught%20while%20downloading%20sensitive%20data%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAUAB~&jid=&gjid=&cid=1781729627.1591807080&tid=UA-72734021-3&_gid=2094126643.1591807080&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=349808248

Requested by

Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 May 2020 06:56:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1244511
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 427ms
107ms Script
application/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-3-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 10 Jun 2020 16:38:02 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
Last-Modified: Fri, 13 Mar 2020 19:45:39 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Fri, 10 Jun 2022 16:38:02 GMT

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame AAD3 0
0 24ms
23ms Document
text/html 13.224.198.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1591807200000/e9cx2parnxxv.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.224.198.109 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-198-109.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Thu, 04 Jun 2020 16:05:51 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 10 Jun 2020 16:38:01 GMT
etag: "6122d5a5b8b089e576e93e0e31168c41"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: svx7NqIEPaNIws_t9n_42FLvkq55rK5SPvEbNtXh00U3a-mN3jwTeA==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 35 KB
12 KB 94ms
33ms Script
text/javascript 72.247.224.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: results.ci.security
URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0b5b4a374d6dfb06f111c288ba9042d5c4e1305b3da110bea8116f3090bce2e5

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: ehJgGpzGzAbK8GzMvrCmhGB9QIvRjX3O
Content-Encoding: gzip
ETag: "493863a9069eb4663881ed7b590bc370"
x-amz-request-id: 8393F29BD54D87DE
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11133
x-amz-id-2: miMLhnoXTzMbkpI/Ji2w3CyUXZw4pZXEFmJZKsS61LZ0pZLqpMoZS7tKKnTP2qGfg1jGmaqQFew=
Last-Modified: Tue, 02 Jun 2020 21:58:20 GMT
Server: AmazonS3
Date: Wed, 10 Jun 2020 16:38:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

29ms
29ms

Script
application/javascript

72.247.224.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: MvaZYW7xXR9M9hUcWDgUVAWVyUlL21ST
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 63FFDB6A815034E2
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: /w04ADn7RWvZepNTExcw5yw+7/Tmr6tKCx80RU4bWu+Hz2olqFblqhFw8oMq0kiAFsgqdhw6YY0=
Last-Modified: Fri, 05 Jun 2020 15:32:25 GMT
Server: AmazonS3
Date: Wed, 10 Jun 2020 16:38:02 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 10 Jun 2020 16:38:02 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/ 0
773 B 91ms
34ms Script
text/javascript 72.247.224.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CZH7g9bbunqmJ6EH4WYgZ2wTVXJl4Yyc
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 8CA3B4950DD1AAC4
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: PCVmYuL5HMfSbEVARJ7TGTOvdlrVNCu5Wjn9uFFNOsyCzTDJbZ8A9+xWQQ6xrFtx8GgNAQMatGU=
Last-Modified: Tue, 09 Jun 2020 17:44:57 GMT
Server: AmazonS3
Date: Wed, 10 Jun 2020 16:38:02 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=12f3f5543820a8051208d60b5f685faa&_b=2
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=12f3f5543820a8051208d60b5f685faa&_b=2

132 B
224 B

36ms
36ms

Script
application/javascript

52.30.34.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=12f3f5543820a8051208d60b5f685faa&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.34.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-34-11.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 085740b1c659c6bab0a7124542e0cd8aef7d2172d874df6e9bec13a4e3ecead1

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 10 Jun 2020 16:38:02 GMT
server: nginx/1.16.1
content-length: 132
content-type: application/javascript

Redirect headers

status: 302
date: Wed, 10 Jun 2020 16:38:02 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=12f3f5543820a8051208d60b5f685faa&_b=2

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 2 KB
2 KB 333ms
332ms Script
text/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Hacker%20caught%20while%20downloading%20sensitive%20data%20%7C%20CI%20Security&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&referrer=&utm_campaign=g_nur_202004&utm_medium=email&utm_source=pardot&utm_content=genit
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-3-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 9504643dd44576c360a4b04a1378a5fa1d835456686929b271c75355ff208396

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 10 Jun 2020 16:38:02 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
X-Pardot-Rsp: 16/106/43
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 857
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
cybersecurity.ci.security/ 52 B
1015 B 475ms
474ms Script
text/javascript 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cybersecurity.ci.security/analytics?conly=true&visitor_id=792926164&visitor_id_sign=7add8fcdfc0eb504599aa825df79ade2ec96b4b3fad244153feeed55fc635d03cb80034f6965908b2a6b712f3bc4e7ee9fec4a45&pi_opt_in=&campaign_id=20750&account_id=415142&title=Hacker%20caught%20while%20downloading%20sensitive%20data%20%7C%20CI%20Security&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&referrer=&utm_campaign=g_nur_202004&utm_medium=email&utm_source=pardot&utm_content=genit
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Hacker%20caught%20while%20downloading%20sensitive%20data%20%7C%20CI%20Security&url=https%3A%2F%2Fresults.ci.security%2Flog%2Fhacker-caught-downloading-credentials%3Futm_source%3Dpardot%26utm_medium%3Demail%26utm_campaign%3Dg_nur_202004%26utm_content%3Dgenit&referrer=&utm_campaign=g_nur_202004&utm_medium=email&utm_source=pardot&utm_content=genit
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 10 Jun 2020 16:38:02 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
X-Pardot-Rsp: 16/103/14
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
results.ci.security/	1970-01-20 03:41:19	Name: driftt_aid Value: 8fd73327-a541-4bdb-bcac-056aba29525b
.ci.security/	1970-01-19 10:10:07	Name: _gat_gtag_UA_72734021_3 Value: 1
.ci.security/	1970-01-19 10:11:33	Name: _gid Value: GA1.2.2094126643.1591807080
.ci.security/	1970-01-20 03:41:19	Name: _ga Value: GA1.2.1781729627.1591807080

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://results.ci.security/log/hacker-caught-downloading-credentials?utm_source=pardot&utm_medium=email&utm_campaign=g_nur_202004&utm_content=genit(Line 19) Message: Production GA Script

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
cms.thekraken.xyz
cybersecurity.ci.security
d.adroll.com
d.adroll.mgr.consensu.org
js.driftt.com
match.prod.bidr.io
pi.pardot.com
px.ads.linkedin.com
results.ci.security
s.adroll.com
segments.company-target.com
snap.licdn.com
stats.g.doubleclick.net
tag.demandbase.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
13.224.198.105
13.224.198.109
13.225.87.70
143.204.89.37
18.232.28.189
207.38.86.153
2620:1ec:21::14
2a00:1450:4001:806::2003
2a00:1450:4001:809::2008
2a00:1450:4001:809::200e
2a00:1450:4001:815::2004
2a00:1450:4001:820::2003
2a00:1450:400c:c00::9d
2a02:26f0:10c:382::25ea
2a05:f500:11:101::b93f:9005
3.23.241.62
35.174.150.168
52.30.34.11
52.49.193.31
72.247.224.172
072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6
082b1cd1753d7170424c2111c175b8c773d8ab74dfe1e5ea71edce670be06475
085740b1c659c6bab0a7124542e0cd8aef7d2172d874df6e9bec13a4e3ecead1
0b5b4a374d6dfb06f111c288ba9042d5c4e1305b3da110bea8116f3090bce2e5
1e0c11bc716611c019190874ecf1cc32986016eb45a525e592d7401052d9024b
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
3a3779a57db1b1aead74085e1bc9a0414c62bebb73f2a9882007742fba448950
3b2d66d322a9c4fa5d1b1fd1a126c3c35b463eb53f87c2a6cdcec915a82f4d33
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4763add2b1bf912ec1e9bf5f9103dc6430b321fa9cdb7d54be6846699624b265
51a589b6250589927e7760023597ae4b7bf87b3540d3e8afa6aa34e87523dc5e
7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
9504643dd44576c360a4b04a1378a5fa1d835456686929b271c75355ff208396
a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307
aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013
b46f4290148512d64b95ddb1f093c1c3d36d820da2b0a82c6966aef336f67a62
c521581b808702299ee8b8948ae8e90ae270ea93206bb1f95846843e0efee725
d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e406990fbc4b2b959d7ae7bdeebe2b0e64226cf99451ca89fd9710d01df5ff4b
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6205c3211139244ebbf1a4bfd6e34794e011a968a4c43044edf3c1b1d026aad
faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

results.ci.security Open in urlscan Pro 207.38.86.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

100 %HTTPS

45 %IPv6

17 Domains

21 Subdomains

17 IPs

5 Countries

1339 kBTransfer

1757 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

results.ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

100 %
HTTPS

45 %
IPv6

17
Domains

21
Subdomains

17
IPs

5
Countries

1339 kB
Transfer

1757 kB
Size

4
Cookies

31 HTTP transactions
0 data transactions