usctrojans.evenue.net Open in urlscan Pro
216.177.87.189 Public Scan

Software

Resource Hash

86bf486c6eb0cfebd37b935926a7c5c81ff674200a8a2aee6f601ccd76699387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25966
x-xss-protection: 0
pragma: public
x-fb-debug: jv0TBABqNTUdESPPmGTC9manK6UoFqoEa9s9ENif08k9kajTvu5nLBsRV3w1g/azxoeTkQ0splRLKWXxnmnlEA==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Fri, 15 Oct 2021 22:16:11 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 72ms
23ms Script
text/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKQ5ZCR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 16:38:54 GMT
server: Golfe2
age: 905
date: Fri, 15 Oct 2021 22:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 16 Oct 2021 00:01:06 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 108ms
36ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKQ5ZCR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ea0ccf3eab05a27a83fdc3a0c60ede70d4d2f18bf8be6cbdcc221d43ad5686ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14430
x-xss-protection: 0
server: cafe
etag: 16924264664223707549
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H3

200

activityi;dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEG... Show response
8185216.fls.doubleclick.net/ Frame BAAD
Redirect Chain

https://8185216.fls.doubleclick.net/activityi;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FS...
https://8185216.fls.doubleclick.net/activityi;dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.ne...

1 KB
652 B

70ms
39ms

Document
text/html

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8185216.fls.doubleclick.net/activityi;dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKQ5ZCR

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

7109f722d39d892d66b02b78ed5ccf9d1b6671934019fae297ac76a9392f39ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8185216.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://usctrojans.evenue.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 627
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-Oct-2021 22:31:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8185216.fls.doubleclick.net/activityi;dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

activityi;dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2F... Show response
8185216.fls.doubleclick.net/ Frame F97B
Redirect Chain

https://8185216.fls.doubleclick.net/activityi;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%...
https://8185216.fls.doubleclick.net/activityi;dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%...

760 B
573 B

68ms
38ms

Document
text/html

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8185216.fls.doubleclick.net/activityi;dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKQ5ZCR

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

a45e3b99b3cf8fd0cdd0914c3c3cf61b4fa6b622ded1c34f40dd91489425f6b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8185216.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://usctrojans.evenue.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 548
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-Oct-2021 22:31:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8185216.fls.doubleclick.net/activityi;dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 box-3333a05ac05419926bfc064e06a742b1.html Show response
vars.hotjar.com/ Frame A707 2 KB
1 KB 41ms
12ms Document
text/html 13.227.220.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-3333a05ac05419926bfc064e06a742b1.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1238831.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.220.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-220-10.ams54.r.cloudfront.net
Software: /
Resource Hash: 815099f427b52d9ed44b6a8e5820e030f91edc83ff9036af91d244790da18520

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-3333a05ac05419926bfc064e06a742b1.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://usctrojans.evenue.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/

Response headers

content-type: text/html
content-length: 1044
date: Fri, 15 Oct 2021 09:07:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "5714afe29acafadac58f3f7dcf18fd6b"
last-modified: Fri, 15 Oct 2021 09:07:04 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 25fe70cc18ad9b2503949e3460083641.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: ag6HkOg9Tb8L70X04s6l6zeAEzWsKq0krbU-69kGtgl1GvML74Flcg==
age: 47346

GET
H/1.1 200
OK UCLA.gif
s3.us-west-2.amazonaws.com/pachtml-production/www/usc/images/logos/ 2 KB
2 KB 712ms
187ms Image
image/gif 52.218.132.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-west-2.amazonaws.com/pachtml-production/www/usc/images/logos/UCLA.gif
Requested by: Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.132.80 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9b46443c9764d3c91988065226eca3f68800108cef3a618acafcb544f7bdf6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Last-Modified: Thu, 06 Feb 2020 19:15:10 GMT
Server: AmazonS3
x-amz-request-id: V41WWXPB5C7FC5WF
ETag: "a8d80d3f00c060484872ec7366767d26"
Content-Type: image/gif
x-amz-version-id: null
Accept-Ranges: bytes
Content-Length: 1607
x-amz-id-2: /zQgEIZsy+ew7Mw0Vv8kupXQzG9bkHhJBEfZ1vrbKzBcHlaK0dI3bxJ+XNTQIGs6AVBXF/X0mVs=

GET
H/1.1 200
OK navigate-mobile.min.js Show response
usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/page/includes/ 2 KB
1 KB 157ms
157ms XHR
application/javascript 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/page/includes/navigate-mobile.min.js?_=1634336169628

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx /

Resource Hash

f6421ba45a4ed02feeeb5c8f49af08a6a932bae3f35f6c3034a742d199fc0831

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172
Connection: keep-alive
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:11 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 May 2020 07:33:54 GMT
Server: nginx
ETag: W/"5ec62ee2-93b"
X-Frame-Options: SAMEORIGIN
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1

GET
H2 200 dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3... Show response
adservice.google.com/ddm/fls/i/ Frame 711A 759 B
617 B 137ms
59ms Document
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Requested by

Host: 8185216.fls.doubleclick.net
URL: https://8185216.fls.doubleclick.net/activityi;dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

4cdedb6c4269342f49a15e79bb95bfab9008fda879dcb594db1e9733b0faacdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8185216.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:12 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 547
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInf... Show response
adservice.google.com/ddm/fls/i/ Frame 96A0 1 KB
1 KB 134ms
58ms Document
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Requested by

Host: 8185216.fls.doubleclick.net
URL: https://8185216.fls.doubleclick.net/activityi;dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

90f51fc824a959dc9703a3314e8bf3f572fa0002c61f9de3047c987f53c70e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8185216.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:12 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 626
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 2183951358296598 Show response
connect.facebook.net/signals/config/ 490 KB
143 KB 97ms
89ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2183951358296598?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2750691fc766d61e4dec8ef263f73febac6c9957441db333e5ad36c076795187

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: qspk/HeztwT1kuyFpq0mJ8WunS8y9ReDNzDuGePugX86KNSMj1IkvFzTbX9d/dwIVQPbanPFGmw6PRJ75dXVdg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 15 Oct 2021 22:16:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect Show response
e.clarity.ms/ 0
179 B 393ms
195ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-b/s/0.6.24/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: https://usctrojans.evenue.net
date: Fri, 15 Oct 2021 22:16:11 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H/1.1 200
OK client-pixels.json Show response
s3-us-west-2.amazonaws.com/pachtml-production/www/usc/pixel/ 58 B
613 B 180ms
180ms XHR
application/json 52.218.196.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/pachtml-production/www/usc/pixel/client-pixels.json
Requested by: Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.196.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: aed73fea4882a7dbe0d791996256a3834e6838bb3ea61eb9553e7a7fe24ebd8a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Last-Modified: Mon, 03 Feb 2020 22:59:05 GMT
Server: AmazonS3
x-amz-request-id: V41SQFG3ATF2QED4
ETag: "77a4914e63aafe5b90adc0590a6f84f4"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, HEAD
x-amz-version-id: null
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Type: application/json
Content-Length: 58
x-amz-id-2: 1fSHXdp11bM/P35G7ZuvPJu14Bz+mV2/DK9KdL5Y5zOneo5TAPuQp74XLlb1s5Q8fGA0xDuRp5s=

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 65ms
37ms Script
application/javascript 142.250.185.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-127897199-2&_=1634336169629

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

cc930d7778f802b7a3f44ad7419d2fad8195efdef9a4c9247e03f60fefc7eafd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38541
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H/1.1 200
OK Cookie set SEGetEventList Show response
usctrojans.evenue.net/cgi-bin/ncommerce3/ Frame 3119 155 KB
156 KB 365ms
330ms Document
text/html 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32) /

Resource Hash

b946dcbf60ca1a6541713850e6a56332ef64111eeb7fc08a7404a9940038cb90

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: usctrojans.evenue.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept-Encoding: gzip, deflate, br
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot

Response headers

Date: Fri, 15 Oct 2021 22:16:11 GMT
Server: IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32)
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Content-Length: 159146
Keep-Alive: timeout=15, max=56
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: client_cookie=usc;Path=/;samesite=none;Secure
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains

GET
H/1.1 200
OK lang_default.json Show response
usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/seatMap/languages/ 960 B
949 B 263ms
161ms XHR
application/json 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/seatMap/languages/lang_default.json

Requested by

Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx /

Resource Hash

fdeb2fe7f91fd32ec9a382196f05b1fdabd816d1bbc590dc1be39b0f3b2fafdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0
Connection: keep-alive
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept: */*
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 May 2020 07:33:54 GMT
Server: nginx
ETag: W/"5ec62ee2-3c0"
X-Frame-Options: SAMEORIGIN
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json
X-XSS-Protection: 1

GET
H/1.1 200
OK F6 Show response
usctrojans.evenue.net/pac-api/catalog/sectionranges/price/F21/ 18 KB
2 KB 247ms
247ms XHR
application/json 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/pac-api/catalog/sectionranges/price/F21/F6?_=1634336172311

Requested by

Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx/1.12.1 / Express

Resource Hash

6eeb7c93df0ff6bcf76c1d44c000804af161cb7669c226c06cefaf33ea9afc5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
pac-context-data: {"distributorId":"IBM","dataAccountId":916,"daylightSavingsTime":true}
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0
Connection: keep-alive
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Cache-Control: no-cache
Accept: */*
pac-context-data: {"distributorId":"IBM","dataAccountId":916,"daylightSavingsTime":true}
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot

Response headers

Date: Fri, 15 Oct 2021 22:16:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Powered-By: Express
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
X-Kong-Proxy-Latency: 1
X-Kong-Upstream-Latency: 77
Connection: keep-alive
Content-Length: 866
X-XSS-Protection: 1; mode=block
Server: nginx/1.12.1
X-Trace: 2BB284BC76FDCD68DF24522CA3D9BF6E6D47A6B8D36E1C5B80F3B18A8D00
ETag: W/"4762-AOL9V0Llpvwk2SeXwcqz6g5EyXc"
Kong-Request-ID: ad4e049c-af78-43c8-803b-360938f71278#106566957
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Via: kong/1.0.0
Access-Control-Expose-Headers: pac-authz

GET
H/1.1 200
OK metadata.js Show response
media.paciolan.com/seatmap/v3/res/916/F21/LAC/seats/ 3 KB
3 KB 160ms
159ms Script
application/javascript 209.67.131.65
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://media.paciolan.com/seatmap/v3/res/916/F21/LAC/seats/metadata.js?ts=1634336172316
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 209.67.131.65 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software: nginx /
Resource Hash: 13a7255724d35e1dc82f283a18e005390bc5befaa8ec5dd7a94d64c03fbeb9c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:12 GMT
Last-Modified: Thu, 01 Apr 2021 15:45:22 GMT
Server: nginx
ETag: "6065ea92-b13"
Vary: Origin
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2835

GET
H/1.1 200
OK seatmap-bundle.css
s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/ 20 KB
4 KB 183ms
183ms Stylesheet
text/css 52.218.196.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.css
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.196.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 8133b3515a240cd2a23f3bc1fbaf4d04b9de694d03e5f26d289a6abb6ff08206

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 18:02:54 GMT
Server: AmazonS3
x-amz-request-id: V41VHAVJGXC819WJ
ETag: "3f38c1f3e53d4f30738d1432ee701bb6"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 3763
x-amz-id-2: FgZss9M/npAxjYVeSAdNfEbFgGBCc72eY5v4xOmAqy8plPTLidSCVvQz0iHcxDmDMU3u2CEyq9A=

GET
H/1.1 200
OK pixelAutoLoop.js Show response
media.paciolan.com/evenue/Common/pixels/ 6 KB
6 KB 156ms
156ms Script
application/javascript 209.67.131.65
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://media.paciolan.com/evenue/Common/pixels/pixelAutoLoop.js?_=1634336169630
Requested by: Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 209.67.131.65 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software: nginx /
Resource Hash: 1f7bfb7392b5d7176b3d86e071c4a16481609d3bbee98a408916a30445e67deb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:12 GMT
Last-Modified: Tue, 11 May 2021 01:51:07 GMT
Server: nginx
ETag: "6099e30b-1706"
Vary: Origin
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5894

GET
H3 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 57ms
23ms Script
text/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 21:45:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1832
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 15 Oct 2021 22:45:40 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 56ms
31ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=314932443&t=pageview&_s=1&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&ul=en-us&de=windows-1252&dt=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEIJAAAAAC~&jid=1369887142&gjid=738864862&cid=1843958608.1634336172&tid=UA-134938148-1&_gid=306718165.1634336172&_r=1&gtm=2wgad0MKQ5ZCR&cg1=USC&z=239539223

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pac-analytics-driver.min.js Show response
pac-analytics.s3-us-west-1.amazonaws.com/pac-analytics-driver/builds/v1.8.28/ 114 KB
115 KB 639ms
171ms Script
application/javascript 52.219.117.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac-analytics.s3-us-west-1.amazonaws.com/pac-analytics-driver/builds/v1.8.28/pac-analytics-driver.min.js
Requested by: Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/common/script/pa.js?ev_version=05.211005
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.117.146 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 15da28fc02840508cc4164e03465e3e892b404ba297cf69544828ea395eac7fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Last-Modified: Mon, 23 Aug 2021 16:51:23 GMT
Server: AmazonS3
x-amz-request-id: V41QVX1KVNGWYYXE
ETag: "b76559ca9e1da1afbbe7bbe14153b221"
Content-Type: application/javascript
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 117117
x-amz-id-2: qglAy7JedrQ2hSJfKdCqHRrCqnO6xcLfjLAdzV1ELXpHvGe6hD5Ewb984ckDCSXvYtlQtFjjrok=

GET
H/1.1 200
OK Cookie set SEGetEventList Show response
usctrojans.evenue.net/cgi-bin/ncommerce3/ Frame F178 155 KB
156 KB 487ms
487ms Document
text/html 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32) /

Resource Hash

19334dcfaa37789844b89c24e16347646614acd8a15956959bc6478a33570921

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: usctrojans.evenue.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept-Encoding: gzip, deflate, br
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot

Response headers

Date: Fri, 15 Oct 2021 22:16:12 GMT
Server: IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32)
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Content-Length: 159146
Keep-Alive: timeout=15, max=55
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: client_cookie=usc;Path=/;samesite=none;Secure
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/948126748/ 3 KB
2 KB 95ms
41ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948126748/?random=1634336172379&cv=9&fst=1634336172379&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgad0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&tiba=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

1ab0e1c1b75669f198afbafc21895f0bce2f7b27b504423045101bea30c84035

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1184
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 185873716413408 Show response
connect.facebook.net/signals/config/ 490 KB
143 KB 13ms
13ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/185873716413408?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bb5fb9d48a0fea34eb2f147fdc58de030dbe51f6220877c2855d9e27f7925581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 146730
x-xss-protection: 0
pragma: public
x-fb-debug: ASZZQ1XEOM9LjUZ29jffLEGzUYqfwbwBt+WfMfsOZdi3q2mduac66ATmziCx6VHiCBhi+reVC6aKZ/9Y0sNfQA==
x-frame-options: DENY
date: Fri, 15 Oct 2021 22:16:12 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
423 B 32ms
8ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2183951358296598&ev=PageView&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&rl=&if=false&ts=1634336172406&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.1.1634336172405.1980027044&it=1634336171952&coo=false&tm=1&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
213 B 32ms
8ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2183951358296598&ev=AddToCart&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&rl=&if=false&ts=1634336172410&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&fbp=fb.1.1634336172405.1980027044&it=1634336171952&coo=false&tm=1&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H3

200

dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInf... Show response
8185216.fls.doubleclick.net/ddm/fls/r/ Frame 4798
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcg...
https://8185216.fls.doubleclick.net/ddm/fls/r/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.ne...

2 KB
712 B

33ms
32ms

Document
text/html

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8185216.fls.doubleclick.net/ddm/fls/r/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

0c982802e29ada98d1e663dc7f1113887f3016120539e09087487536cb504298

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8185216.fls.doubleclick.net
:scheme: https
:path: /ddm/fls/r/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlQK_DurAv2oARFkl91GG19fa1hB_m5ODS_a1q7bvQuuJAjz1cF9Xqplaa6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:12 GMT
expires: Fri, 15 Oct 2021 22:16:12 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 689
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://8185216.fls.doubleclick.net/ddm/fls/r/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3... Show response
adservice.google.de/ddm/fls/i/ Frame E0FA 194 B
931 B 106ms
57ms Document
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=CIHG3Ne4zfMCFWffEQgdm_oCtw;src=8185216;type=count0;cat=sitev0;ord=1;num=7599442562493;gtm=2wgad0;auiddc=1336440563.1634336172;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 15 Oct 2021 22:16:12 GMT
expires: Fri, 15 Oct 2021 22:16:12 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
467 B 74ms
23ms XHR
text/plain 173.194.76.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-134938148-1&cid=1843958608.1634336172&jid=1369887142&gjid=738864862&_gid=306718165.1634336172&_u=YEBAAEIIAAAAAC~&z=108614904

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 15 Oct 2021 22:16:12 GMT
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 30ms
30ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=314932443&t=pageview&_s=1&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&ul=en-us&de=windows-1252&dt=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEIJBAAAAC~&jid=1692228261&gjid=1415790221&cid=1843958608.1634336172&uid=&tid=UA-19204161-1&_gid=306718165.1634336172&_r=1&_slc=1&pa=detail&pr1id=GS%3AIBM%3AF21%3AF6%3A&pr1nm=UCLA&pr1ca=&pr1br=F21&pr1va=&z=1866887570

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 30ms
30ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=314932443&t=pageview&_s=1&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&ul=en-us&de=windows-1252&dt=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEIJBAAAAC~&jid=2070506594&gjid=1597777785&cid=1843958608.1634336172&uid=&tid=UA-122846056-1&_gid=306718165.1634336172&_r=1&_slc=1&pa=detail&pr1id=GS%3AIBM%3AF21%3AF6%3A&pr1nm=UCLA&pr1ca=&pr1br=F21&pr1va=&z=1101730547

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 31ms
30ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=314932443&t=pageview&_s=1&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&ul=en-us&de=windows-1252&dt=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEIJBAAAAC~&jid=1774391038&gjid=19524779&cid=1843958608.1634336172&uid=&tid=UA-55291266-1&_gid=306718165.1634336172&_r=1&_slc=1&pa=detail&pr1id=GS%3AIBM%3AF21%3AF6%3A&pr1nm=UCLA&pr1ca=&pr1br=F21&pr1va=&z=855621994

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 30ms
30ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=314932443&t=pageview&_s=1&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&ul=en-us&de=windows-1252&dt=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACUIJBAAAAC~&jid=65252461&gjid=1874511435&cid=1843958608.1634336172&tid=UA-127897199-2&_gid=306718165.1634336172&_r=1&gtm=2ouad0&z=856436879

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
69 B 30ms
24ms XHR
text/plain 173.194.76.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-19204161-1&cid=1843958608.1634336172&jid=1692228261&gjid=1415790221&_gid=306718165.1634336172&_u=aGDACEIJBAAAAC~&z=1386333124

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 15 Oct 2021 22:16:12 GMT
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 15ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=185873716413408&ev=PageView&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&rl=&if=false&ts=1634336172474&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.1.1634336172405.1980027044&it=1634336171952&coo=false&tm=1&exp=p0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 15ms
8ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=185873716413408&ev=ViewContent&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&rl=&if=false&ts=1634336172475&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&fbp=fb.1.1634336172405.1980027044&it=1634336171952&coo=false&tm=1&exp=p0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:12 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 24ms
23ms XHR
text/plain 173.194.76.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-122846056-1&cid=1843958608.1634336172&jid=2070506594&gjid=1597777785&_gid=306718165.1634336172&_u=aGDACEIJBAAAAC~&z=727385118

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 15 Oct 2021 22:16:12 GMT
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 24ms
23ms XHR
text/plain 173.194.76.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-55291266-1&cid=1843958608.1634336172&jid=1774391038&gjid=19524779&_gid=306718165.1634336172&_u=aGDACEIJBAAAAC~&z=2096048679

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 15 Oct 2021 22:16:12 GMT
content-type: text/plain
access-control-allow-origin: https://usctrojans.evenue.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sections.js Show response
media.paciolan.com/seatmap/v3/res/916/F21/LAC/seats/ 210 KB
210 KB 159ms
158ms Script
application/javascript 209.67.131.65
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://media.paciolan.com/seatmap/v3/res/916/F21/LAC/seats/sections.js?ts=1634336172478
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 209.67.131.65 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software: nginx /
Resource Hash: 73b1ca061ffefc2081498cc0b38ed4b166384a49e4c795051a7e407423ba69fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:12 GMT
Last-Modified: Thu, 01 Apr 2021 15:45:23 GMT
Server: nginx
ETag: "6065ea93-3477c"
Vary: Origin
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 214908

GET
H2 200 /
www.google.com/pagead/1p-user-list/948126748/ 42 B
154 B 93ms
38ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/948126748/?random=1634336172379&cv=9&fst=1634335200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgad0&sendb=1&frm=0&url=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&tiba=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&async=1&fmt=3&is_vtc=1&random=877315679&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/948126748/ 42 B
154 B 83ms
33ms Image
image/gif 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/948126748/?random=1634336172379&cv=9&fst=1634335200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgad0&sendb=1&frm=0&url=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&tiba=USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA&async=1&fmt=3&is_vtc=1&random=877315679&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 74ms
42ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-134938148-1&cid=1843958608.1634336172&jid=1369887142&_u=YEBAAEIIAAAAAC~&z=1833031310

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 59ms
33ms Image
image/gif 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-134938148-1&cid=1843958608.1634336172&jid=1369887142&_u=YEBAAEIIAAAAAC~&z=1833031310

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 69ms
38ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-122846056-1&cid=1843958608.1634336172&jid=2070506594&_u=aGDACEIJBAAAAC~&z=1035190931

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 57ms
32ms Image
image/gif 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-122846056-1&cid=1843958608.1634336172&jid=2070506594&_u=aGDACEIJBAAAAC~&z=1035190931

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 67ms
37ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-55291266-1&cid=1843958608.1634336172&jid=1774391038&_u=aGDACEIJBAAAAC~&z=1236939880

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 35ms
35ms Image
image/gif 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-55291266-1&cid=1843958608.1634336172&jid=1774391038&_u=aGDACEIJBAAAAC~&z=1236939880

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Oct 2021 22:16:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK client-pixels.json Show response
s3-us-west-2.amazonaws.com/pachtml-production/www/usc/pixel/ 58 B
613 B 186ms
186ms XHR
application/json 52.218.196.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/pachtml-production/www/usc/pixel/client-pixels.json
Requested by: Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/shared/js/jquery/1.11.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.196.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: aed73fea4882a7dbe0d791996256a3834e6838bb3ea61eb9553e7a7fe24ebd8a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Last-Modified: Mon, 03 Feb 2020 22:59:05 GMT
Server: AmazonS3
x-amz-request-id: V41J4TTZNSP64FES
ETag: "77a4914e63aafe5b90adc0590a6f84f4"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, HEAD
x-amz-version-id: null
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Type: application/json
Content-Length: 58
x-amz-id-2: 9XOg/O4ax18Ja/5L1jUTkHpJ7np3/jPTPCiINkb7+IoD1/dlkRdISr8eQ94TlplOW6W3l0bsBFg=

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 4798 98 KB
25 KB 7ms
7ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: 8185216.fls.doubleclick.net
URL: https://8185216.fls.doubleclick.net/ddm/fls/r/dc_pre=CLXC3Ne4zfMCFRDiEQgd5vcEuA;src=8185216;type=count0;cat=pagev0;ord=5506445331143;gtm=2wgad0;auiddc=1336440563.1634336172;u15=usctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot;~oref=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

86bf486c6eb0cfebd37b935926a7c5c81ff674200a8a2aee6f601ccd76699387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25966
x-xss-protection: 0
pragma: public
x-fb-debug: jv0TBABqNTUdESPPmGTC9manK6UoFqoEa9s9ENif08k9kajTvu5nLBsRV3w1g/azxoeTkQ0splRLKWXxnmnlEA==
x-frame-options: DENY
date: Fri, 15 Oct 2021 22:16:12 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 2183951358296598 Show response
connect.facebook.net/signals/config/ Frame 4798 490 KB
143 KB 8ms
8ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2183951358296598?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2750691fc766d61e4dec8ef263f73febac6c9957441db333e5ad36c076795187

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 146714
x-xss-protection: 0
pragma: public
x-fb-debug: qspk/HeztwT1kuyFpq0mJ8WunS8y9ReDNzDuGePugX86KNSMj1IkvFzTbX9d/dwIVQPbanPFGmw6PRJ75dXVdg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 15 Oct 2021 22:16:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1965887096760176 Show response
connect.facebook.net/signals/config/ Frame 4798 489 KB
143 KB 68ms
68ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1965887096760176?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3df20e60f2b9b75bb7448619515b04f59721806ffcdabde975815ae7de4dda32

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: ibmixkIrMxDGk4hO3Ft86zwaTTTRg9uysoN6l9MO+nKDe1BQxQZ3SnrsdAaCf5OYDNVQZsnXGDv1LIdzHjzWyg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 15 Oct 2021 22:16:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 4798 44 B
88 B 7ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2183951358296598&ev=PageView&dl=https%3A%2F%2F8185216.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCLXC3Ne4zfMCFRDiEQgd5vcEuA%3Bsrc%3D8185216%3Btype%3Dcount0%3Bcat%3Dpagev0%3Bord%3D5506445331143%3Bgtm%3D2wgad0%3Bauiddc%3D1336440563.1634336172%3Bu15%3Dusctrojans.evenue.net%25252Fcgi-bin%25252Fncommerce3%25252FSEGetEventInfo%25253FticketCode%25253DGS%2525253AIBM%2525253AF21%2525253AF6%2525253A%252526linkID%25253Dusc%252526shopperContext%25253D%252526pc%25253D%252526caller%25253D%252526appCode%25253D%252526groupCode%25253DFBI%252526cgc%25253D%252526dataAccId%25253D916%252526locale%25253Den_US%252526siteId%25253Dev_usc%252526RSRC%25253DF21cam%252526RDAT%25253DParkingSpot%3B~oref%3Dhttps%253A%252F%252Fusctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1634336172621&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&it=1634336172585&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 4798 44 B
88 B 7ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1965887096760176&ev=PageView&dl=https%3A%2F%2F8185216.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCLXC3Ne4zfMCFRDiEQgd5vcEuA%3Bsrc%3D8185216%3Btype%3Dcount0%3Bcat%3Dpagev0%3Bord%3D5506445331143%3Bgtm%3D2wgad0%3Bauiddc%3D1336440563.1634336172%3Bu15%3Dusctrojans.evenue.net%25252Fcgi-bin%25252Fncommerce3%25252FSEGetEventInfo%25253FticketCode%25253DGS%2525253AIBM%2525253AF21%2525253AF6%2525253A%252526linkID%25253Dusc%252526shopperContext%25253D%252526pc%25253D%252526caller%25253D%252526appCode%25253D%252526groupCode%25253DFBI%252526cgc%25253D%252526dataAccId%25253D916%252526locale%25253Den_US%252526siteId%25253Dev_usc%252526RSRC%25253DF21cam%252526RDAT%25253DParkingSpot%3B~oref%3Dhttps%253A%252F%252Fusctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1634336172725&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&it=1634336172585&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2183951358296598&ev=Microdata&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&rl=&if=false&ts=1634336172908&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA%22%2C%22meta%3Adescription%22%3A%22UCLA%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fev4.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%3AIBM%3AF21%3AF6%3A%26linkID%3Dusc%26groupCode%3DFBI%22%2C%22og%3Atype%22%3A%22event%22%2C%22og%3Atitle%22%3A%22UCLA%22%2C%22og%3Adescription%22%3A%22USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%22%2C%22og%3Aimage%22%3A%22http%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fpachtml-production%2Fwww%2Fusc%2Fimages%2Fgroup%2FFBI.jpg%3Ftimestamp%3D01_20211015%22%2C%22og%3Aimage%3Awidth%22%3A%22455%22%2C%22og%3Aimage%3Aheight%22%3A%22229%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=2&o=30&fbp=fb.1.1634336172405.1980027044&it=1634336171952&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:12 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=185873716413408&ev=Microdata&dl=https%3A%2F%2Fusctrojans.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%253AIBM%253AF21%253AF6%253A%26linkID%3Dusc%26shopperContext%3D%26pc%3D%26caller%3D%26appCode%3D%26groupCode%3DFBI%26cgc%3D%26dataAccId%3D916%26locale%3Den_US%26siteId%3Dev_usc%26RSRC%3DF21cam%26RDAT%3DParkingSpot&rl=&if=false&ts=1634336172975&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%20%7C%20UCLA%22%2C%22meta%3Adescription%22%3A%22UCLA%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fev4.evenue.net%2Fcgi-bin%2Fncommerce3%2FSEGetEventInfo%3FticketCode%3DGS%3AIBM%3AF21%3AF6%3A%26linkID%3Dusc%26groupCode%3DFBI%22%2C%22og%3Atype%22%3A%22event%22%2C%22og%3Atitle%22%3A%22UCLA%22%2C%22og%3Adescription%22%3A%22USC%20Ticket%20Office%20%7C%20Online%20Ticket%20Office%22%2C%22og%3Aimage%22%3A%22http%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fpachtml-production%2Fwww%2Fusc%2Fimages%2Fgroup%2FFBI.jpg%3Ftimestamp%3D01_20211015%22%2C%22og%3Aimage%3Awidth%22%3A%22455%22%2C%22og%3Aimage%3Aheight%22%3A%22229%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=2&o=30&fbp=fb.1.1634336172405.1980027044&it=1634336171952&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

ec2-52-12-124-187.us-west-2.compute.amazonaws.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:12 GMT

POST
H2 204 collect Show response
e.clarity.ms/ 0
48 B 101ms
101ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-b/s/0.6.24/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: https://usctrojans.evenue.net
date: Fri, 15 Oct 2021 22:16:12 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H/1.1 200
OK cameras.js Show response
media.paciolan.com/seatmap/v3/res/916/F21/LAC/seats/ 19 KB
19 KB 159ms
159ms Script
application/javascript 209.67.131.65
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://media.paciolan.com/seatmap/v3/res/916/F21/LAC/seats/cameras.js?ts=1634336173113
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 209.67.131.65 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software: nginx /
Resource Hash: ec3098e6a8831d112b4750bc428c6a0ab9168bad7d77c7df331e42a1272a2b38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Last-Modified: Thu, 01 Apr 2021 15:45:22 GMT
Server: nginx
ETag: "6065ea92-4ae6"
Vary: Origin
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19174

GET
H/1.1 404
Not Found none.c9cf9c0e.png
s3-us-west-2.amazonaws.com/ 0
0 177ms
177ms Image
application/xml 52.218.196.192
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-us-west-2.amazonaws.com/none.c9cf9c0e.png
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.196.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 404
Not Found transparent.2f841680.png
s3-us-west-2.amazonaws.com/ 0
0 700ms
176ms Image
application/xml 52.218.196.192
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-us-west-2.amazonaws.com/transparent.2f841680.png
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.196.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 200
OK Cookie set SEPyos Show response
usctrojans.evenue.net/cgi-bin/ncommerce3/ 6 KB
7 KB 699ms
507ms XHR
text/html 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEPyos?linkID=usc&get=manf&itC=GS:IBM:F21:F6:&randomDate=42

Requested by

Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32) /

Resource Hash

6cc356322f2cc220e82346aefdeecfbcc33b8029059d28b9acca732d06ac898f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Content-Type: text/plain
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1
Connection: keep-alive
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept: */*
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
X-Content-Type-Options: nosniff
Server: IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32)
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Set-Cookie: client_cookie=usc;Path=/;samesite=none;Secure
Connection: Keep-Alive
Content-Type: text/html
Keep-Alive: timeout=15, max=97
Content-Length: 6296
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cf293448219a8391571ba0576af19e79b03e7c3e9d7df0ace2a10597675fe7d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4803b7a529bf253be9fe107b5f173a72971d85786bf2cabcb3dae6e259a864

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK tile-1-1-1.jpg
media.paciolan.com/seatmap/v3/res/916/F21/LAC/tiles/ 51 KB
52 KB 160ms
160ms Image
image/jpeg 209.67.131.65
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.paciolan.com/seatmap/v3/res/916/F21/LAC/tiles/tile-1-1-1.jpg
Requested by: Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 209.67.131.65 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software: nginx /
Resource Hash: a756de9c428535fa70c53d746dd241f3574d16d67575ca30cb9e35959e985452

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Last-Modified: Thu, 01 Apr 2021 15:45:24 GMT
Server: nginx
ETag: "6065ea94-cdf2"
Vary: Origin
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 52722

GET
DATA 200
OK truncated
/ 244 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 044dfd629f0cb973c39938d0e03a41d3153012b8c396d3cb4ae62371121f0cef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK Cookie set unified Show response
usctrojans.evenue.net/app/rs/contexts/ 297 B
1 KB 397ms
158ms XHR
application/json 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/app/rs/contexts/unified

Requested by

Host: pac-analytics.s3-us-west-1.amazonaws.com
URL: https://pac-analytics.s3-us-west-1.amazonaws.com/pac-analytics-driver/builds/v1.8.28/pac-analytics-driver.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

cf6fb627448de56287f2a17c88257d72264ebdd2f86bf7f6d23e9541371ca445

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	sniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1; amp_fc60ef=t3VWoE_DYImmyAofFUy2mI...1fi30drel.1fi30drel.0.0.0
Connection: keep-alive
Accept: application/json, text/plain, */*
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
X-Content-Type-Options: sniff
X-Tcs-Debug: 8.21.211005:1 pus-ca01-r29c5-def-h154-app4
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubDomains
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Set-Cookie: ADRUM_BT1=R:234|i:431861|e:12; path=/; Max-Age=30; Expires=Fri, 15-Oct-2021 22:16:43 GMT;samesite=none;Secure ADRUM_BTa=R:234|g:8ac1efdf-fc0f-4adf-84cd-627b6b189c7f|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; path=/; Max-Age=30; Expires=Fri, 15-Oct-2021 22:16:43 GMT;samesite=none;Secure JSESSIONID=r-HFRu4T0TwCUAzIFd3D9a01nP6cEGWAZ5g_tqrI.pus-ca01-r29c5-def-h154-app4; path=/app;samesite=none;Secure
Content-Type: application/json;charset=UTF-8
Content-Length: 297
X-XSS-Protection: 1

GET
H/1.1 200
OK global_functions.min.js Show response
usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/global/ Frame F178 19 KB
7 KB 338ms
157ms Script
application/javascript 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/global/global_functions.min.js

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx /

Resource Hash

b0e4e033e6535bb5aa4b9c8e5e84077da61ff5cc227fbd057a7234315da829c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1; amp_fc60ef=t3VWoE_DYImmyAofFUy2mI...1fi30drel.1fi30drel.0.0.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 24 Mar 2021 19:06:28 GMT
Server: nginx
ETag: W/"605b8db4-4b2b"
X-Frame-Options: SAMEORIGIN
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1

GET
H/1.1 200
OK netcommerce_functions.js Show response
usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/netCommerce/ Frame F178 43 KB
14 KB 579ms
310ms Script
application/javascript 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/netCommerce/netcommerce_functions.js

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx /

Resource Hash

b5344b1ddda20229df4be53b08659dca20c7168aac210ef0b8c4563f0b5638d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; ADRUM_BTa=R:234|g:81524409-d5e8-45fe-aa9d-8b76633366c0|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1; amp_fc60ef=t3VWoE_DYImmyAofFUy2mI...1fi30drel.1fi30drel.0.0.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 10:52:40 GMT
Server: nginx
ETag: W/"616022f8-ac9c"
X-Frame-Options: SAMEORIGIN
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1

POST
H2 200 / Show response
api.amplitude.com/ 7 B
168 B 550ms
195ms XHR
text/html 52.12.124.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: pac-analytics.s3-us-west-1.amazonaws.com
URL: https://pac-analytics.s3-us-west-1.amazonaws.com/pac-analytics-driver/builds/v1.8.28/pac-analytics-driver.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.12.124.187 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://usctrojans.evenue.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 15 Oct 2021 22:16:14 GMT
content-length: 7
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H/1.1 200
OK global_functions.min.js Show response
usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/global/ Frame 3119 19 KB
7 KB 157ms
156ms Script
application/javascript 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/global/global_functions.min.js

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx /

Resource Hash

b0e4e033e6535bb5aa4b9c8e5e84077da61ff5cc227fbd057a7234315da829c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1; ADRUM_BTa=R:234|g:8ac1efdf-fc0f-4adf-84cd-627b6b189c7f|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; amp_fc60ef=t3VWoE_DYImmyAofFUy2mI...1fi30drel.1fi30drr8.0.1.1
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 24 Mar 2021 19:06:28 GMT
Server: nginx
ETag: W/"605b8db4-4b2b"
X-Frame-Options: SAMEORIGIN
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1

GET
H/1.1 200
OK netcommerce_functions.js Show response
usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/netCommerce/ Frame 3119 43 KB
14 KB 316ms
316ms Script
application/javascript 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/www/ev_usc/ss/evenue/customize/ev_usc/script/netCommerce/netcommerce_functions.js

Requested by

Host: usctrojans.evenue.net
URL: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

nginx /

Resource Hash

b5344b1ddda20229df4be53b08659dca20c7168aac210ef0b8c4563f0b5638d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1; ADRUM_BTa=R:234|g:8ac1efdf-fc0f-4adf-84cd-627b6b189c7f|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; amp_fc60ef=t3VWoE_DYImmyAofFUy2mI...1fi30drel.1fi30drr8.0.1.1
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventList?groupCode=&linkID=usc&shopperContext=&caller=&appCode=&dataonly=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 15 Oct 2021 22:16:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 10:52:40 GMT
Server: nginx
ETag: W/"616022f8-ac9c"
X-Frame-Options: SAMEORIGIN
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/javascript
X-XSS-Protection: 1

GET
H3 200 /
www.facebook.com/tr/ Frame 4798 44 B
88 B 7ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2183951358296598&ev=Microdata&dl=https%3A%2F%2F8185216.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCLXC3Ne4zfMCFRDiEQgd5vcEuA%3Bsrc%3D8185216%3Btype%3Dcount0%3Bcat%3Dpagev0%3Bord%3D5506445331143%3Bgtm%3D2wgad0%3Bauiddc%3D1336440563.1634336172%3Bu15%3Dusctrojans.evenue.net%25252Fcgi-bin%25252Fncommerce3%25252FSEGetEventInfo%25253FticketCode%25253DGS%2525253AIBM%2525253AF21%2525253AF6%2525253A%252526linkID%25253Dusc%252526shopperContext%25253D%252526pc%25253D%252526caller%25253D%252526appCode%25253D%252526groupCode%25253DFBI%252526cgc%25253D%252526dataAccId%25253D916%252526locale%25253Den_US%252526siteId%25253Dev_usc%252526RSRC%25253DF21cam%252526RDAT%25253DParkingSpot%3B~oref%3Dhttps%253A%252F%252Fusctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1634336174123&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&it=1634336172585&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8185216.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 22:16:14 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 15 Oct 2021 22:16:14 GMT

GET
H/1.1 200
OK Cookie set SEPyos Show response
usctrojans.evenue.net/cgi-bin/ncommerce3/ 5 KB
6 KB 322ms
321ms XHR
text/html 216.177.87.189
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEPyos?linkID=usc&get=sect&itC=GS:IBM:F21:F6:&randomDate=42

Requested by

Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/pac-media/seatmap/1.11.211001/dist/seatmap-bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

216.177.87.189 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32) /

Resource Hash

7aff915671e4372579b2e567a13cbc955c1f499a201a7c42f4b1a7734822ad1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usctrojans.evenue.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Content-Type: text/plain
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: referral_dat=ParkingSpot; SESSION_ID=650387,BsQTvwFJWEEfJzJdRnSHwuLzW/6udswCET1+w/k779+R09CCATBGe+iAwCWkja56; referral_id=F21cam; BIGipServerusc=570433452.20480.0000; client_cookie=usc; BIGipServerpac8-web=2416254892.40010.0000; BIGipServerapigateway=855802634.16415.0000; ADRUM_BT1=R:234|i:431861|e:12; BIGipServerpac8-evcluster1=2584027052.5963.0000; _gcl_au=1.1.1336440563.1634336172; _clck=1p754vo|1|evl|0; _hjid=59591bcc-e426-4058-8630-11896e82ee61; _hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; _ga=GA1.2.1843958608.1634336172; _gid=GA1.2.306718165.1634336172; _gat_UA-134938148-1=1; _fbp=fb.1.1634336172405.1980027044; _clsk=11axrd8|1634336172418|1|1|e.clarity.ms/collect; _gat=1; _gat_PacDev=1; _gat_newMaster=1; _gat_gtag_UA_127897199_2=1; ADRUM_BTa=R:234|g:8ac1efdf-fc0f-4adf-84cd-627b6b189c7f|n:Spectra_c140ed2e-29de-49bb-9400-265b29794143; amp_fc60ef=t3VWoE_DYImmyAofFUy2mI...1fi30drel.1fi30drr8.0.1.1
Connection: keep-alive
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
Accept: */*
Referer: https://usctrojans.evenue.net/cgi-bin/ncommerce3/SEGetEventInfo?ticketCode=GS%3AIBM%3AF21%3AF6%3A&linkID=usc&shopperContext=&pc=&caller=&appCode=&groupCode=FBI&cgc=&dataAccId=916&locale=en_US&siteId=ev_usc&RSRC=F21cam&RDAT=ParkingSpot
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Oct 2021 22:16:13 GMT
X-Content-Type-Options: nosniff
Server: IBM_HTTP_Server/1.3.12 Apache/1.3.12 (Win32)
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
P3P: CP=CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa OUR DELa SAMa BUS IND PHY ONL UNI PUR COM NAV DEM STA
Set-Cookie: client_cookie=usc;Path=/;samesite=none;Secure
Connection: Keep-Alive
Content-Type: text/html
Keep-Alive: timeout=15, max=96
Content-Length: 5194
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 563 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39dbdc4391537e6846d66655e3a852995148b44a8c6db5599f364dd33635b032

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 563 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94fa990050f3ec3282b774431075302b0a69278112ff2689199868c8a6bc1ca4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 563 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09d4f87e279dccbe61baead9f93399a26e77a684be6961a38f9a01d0d23890cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 /
www.facebook.com/tr/ Frame 4798 44 B
88 B 7ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1965887096760176&ev=Microdata&dl=https%3A%2F%2F8185216.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCLXC3Ne4zfMCFRDiEQgd5vcEuA%3Bsrc%3D8185216%3Btype%3Dcount0%3Bcat%3Dpagev0%3Bord%3D5506445331143%3Bgtm%3D2wgad0%3Bauiddc%3D1336440563.1634336172%3Bu15%3Dusctrojans.evenue.net%25252Fcgi-bin%25252Fncommerce3%25252FSEGetEventInfo%25253FticketCode%25253DGS%2525253AIBM%2525253AF21%2525253AF6%2525253A%252526linkID%25253Dusc%252526shopperContext%25253D%252526pc%25253D%252526caller%25253D%252526appCode%25253D%252526groupCode%25253DFBI%252526cgc%25253D%252526dataAccId%25253D916%252526locale%25253Den_US%252526siteId%25253Dev_usc%252526RSRC%25253DF21cam%252526RDAT%25253DParkingSpot%3B~oref%3Dhttps%253A%252F%252Fusctrojans.evenue.net%252Fcgi-bin%252Fncommerce3%252FSEGetEventInfo%253FticketCode%253DGS%25253AIBM%25253AF21%25253AF6%25253A%2526linkID%253Dusc%2526shopperContext%253D%2526pc%253D%2526caller%253D%2526appCode%253D%2526groupCode%253DFBI%2526cgc%253D%2526dataAccId%253D916%2526locale%253Den_US%2526siteId%253Dev_usc%2526RSRC%253DF21cam%2526RDAT%253DParkingSpot&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1634336174229&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&it=1634336172585&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS