www.bagborroworsteal.com Open in urlscan Pro
162.242.193.45 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_9&ems_l=8697087&i=1&d=NDIzMDExNDcz%7CWlRXRFo1Tko0OA%3D%3D...
Effective URL:
https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emar...
Submission: On July 06 via api (July 6th 2021, 12:35:47 pm UTC) from US

Summary HTTP 61 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 25 IPs in 7 countries across 18 domains to perform 61 HTTP transactions. The main IP is 162.242.193.45, located in United States and belongs to RACKSPACE, US. The main domain is www.bagborroworsteal.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 26th 2020. Valid for: 2 years.

This is the only time www.bagborroworsteal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	217.175.192.21 217.175.192.21	199236 (EMARSYS-A...) (EMARSYS-AS Emarsys eMarketing Systems AG)
2	162.242.193.45 162.242.193.45	27357 (RACKSPACE) (RACKSPACE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
14	93.184.220.20 93.184.220.20	15133 (EDGECAST) (EDGECAST)
1	54.192.93.42 54.192.93.42	16509 (AMAZON-02) (AMAZON-02)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	34.254.108.170 34.254.108.170	16509 (AMAZON-02) (AMAZON-02)
1	13.225.87.7 13.225.87.7	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
10	185.32.241.65 185.32.241.65	30286 (THM) (THM)
1	2600:9000:20e... 2600:9000:20eb:fc00:0:43cc:80:93a1	16509 (AMAZON-02) (AMAZON-02)
6	143.204.98.36 143.204.98.36	16509 (AMAZON-02) (AMAZON-02)
1	52.202.92.254 52.202.92.254	14618 (AMAZON-AES) (AMAZON-AES)
1	18.198.246.112 18.198.246.112	16509 (AMAZON-02) (AMAZON-02)
2	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
61	25

1 217.175.192.21 (Austria)

ASN199236 (EMARSYS-AS Emarsys eMarketing Systems AG, AT)

visit.bagborroworsteal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.242.193.45 (United States)

ASN27357 (RACKSPACE, US)

www.bagborroworsteal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 93.184.220.20 (London, United Kingdom)

ASN15133 (EDGECAST, US)

secure.avelleassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.93.42 (United States)

ASN16509 (AMAZON-02, US)

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

seal-alaskaoregonwesternwashington.bbb.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.108.170 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-7.fra2.r.cloudfront.net

cdn.scarabresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.32.241.65 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:fc00:0:43cc:80:93a1 (United States)

ASN16509 (AMAZON-02, US)

iprecon.iglobalstores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 143.204.98.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-36.fra50.r.cloudfront.net

d1vyngmisxigjx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.92.254 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-92-254.compute-1.amazonaws.com

checkout.iglobalstores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.246.112 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

recommender.scarabresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

w2txo5aa2da5tyjjhqsfmphhlix37keyo3hn4azged403895657cc9ddam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	avelleassets.com secure.avelleassets.com	241 KB
11	signifyd.com cdn-scripts.signifyd.com imgs.signifyd.com	82 KB
6	cloudfront.net d1vyngmisxigjx.cloudfront.net	20 KB
3	online-metrix.net h.online-metrix.net w2txo5aa2da5tyjjhqsfmphhlix37keyo3hn4azged403895657cc9ddam1.e.aa.online-metrix.net	15 KB
3	google.de www.google.de	325 B
3	google.com 1 redirects www.google.com	151 B
3	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
3	bing.com bat.bing.com	9 KB
3	bagborroworsteal.com visit.bagborroworsteal.com www.bagborroworsteal.com	40 KB
2	iglobalstores.com iprecon.iglobalstores.com checkout.iglobalstores.com	12 KB
2	scarabresearch.com cdn.scarabresearch.com recommender.scarabresearch.com	25 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	googleadservices.com www.googleadservices.com	19 KB
2	bbb.org seal-alaskaoregonwesternwashington.bbb.org	3 KB
1	adsrvr.org insight.adsrvr.org	261 B
1	gstatic.com fonts.gstatic.com	28 KB
1	googleapis.com fonts.googleapis.com	591 B
0	Failed function sub() { [native code] }. Failed
61	18

	Domain	Requested by
14	secure.avelleassets.com	www.bagborroworsteal.com
10	imgs.signifyd.com	cdn-scripts.signifyd.com imgs.signifyd.com www.bagborroworsteal.com
6	d1vyngmisxigjx.cloudfront.net	www.bagborroworsteal.com
3	www.google.de	www.bagborroworsteal.com
3	www.google.com	1 redirects www.bagborroworsteal.com
3	bat.bing.com	www.bagborroworsteal.com bat.bing.com
2	h.online-metrix.net	imgs.signifyd.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.google-analytics.com	www.bagborroworsteal.com www.google-analytics.com
2	www.googleadservices.com	www.bagborroworsteal.com www.googleadservices.com
2	seal-alaskaoregonwesternwashington.bbb.org	www.bagborroworsteal.com
2	www.bagborroworsteal.com	www.bagborroworsteal.com
1	w2txo5aa2da5tyjjhqsfmphhlix37keyo3hn4azged403895657cc9ddam1.e.aa.online-metrix.net
1	recommender.scarabresearch.com	cdn.scarabresearch.com
1	checkout.iglobalstores.com	www.bagborroworsteal.com
1	iprecon.iglobalstores.com	secure.avelleassets.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdn.scarabresearch.com	www.bagborroworsteal.com
1	insight.adsrvr.org	www.bagborroworsteal.com
1	fonts.gstatic.com	fonts.googleapis.com
1	cdn-scripts.signifyd.com	www.bagborroworsteal.com
1	fonts.googleapis.com	www.bagborroworsteal.com
1	visit.bagborroworsteal.com
0	ghbmnnjooekpmoecnnnilnnbdlolhkhi Failed	imgs.signifyd.com
61	24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.pinterest.com
instagram.com
www.bbb.org

Subject Issuer	Validity	Valid
visit.bagborroworsteal.com R3	`2021-05-12` - `2021-08-10`	3 months	crt.sh
bagborroworsteal.com Go Daddy Secure Certificate Authority - G2	`2020-05-26` - `2022-07-25`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
gp1.wac.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2021-03-10` - `2022-04-06`	a year	crt.sh
cdn-scripts.signifyd.com Amazon	`2020-09-30` - `2021-10-30`	a year	crt.sh
*.bbb.org GeoTrust RSA CA 2018	`2020-05-15` - `2022-07-03`	2 years	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.scarabresearch.com Amazon	`2020-11-23` - `2021-12-22`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2021-04-02` - `2022-05-04`	a year	crt.sh
*.iglobalstores.com Amazon	`2020-10-05` - `2021-11-05`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-01-21` - `2022-01-21`	a year	crt.sh
*.e.aa.online-metrix.net Go Daddy Secure Certificate Authority - G2	`2019-09-13` - `2021-09-13`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Frame ID: BC81226DF9C95CB30103348D70AD701F
Requests: 47 HTTP requests in this frame

Frame: https://www.bagborroworsteal.com/blank_for_iframe.html
Frame ID: F2083874FA6CABFB4FAAD81715BA38D6
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/fp/check.js;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&jb=33372e2468736d77354c6966777026687b6f35446b6e75702e6871623f416a726f6d65253230303b
Frame ID: 96352AE3E6E5F019DEAAD3D09E355345
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/fp/ls_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd
Frame ID: 45BF63F2B705C97C1B72FC04E6103225
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd
Frame ID: AD3B7A0FEED5EF3AEE4A23911E3C27F9
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/fp/top_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd
Frame ID: 3A15C3EBD5CFCAF44A660588A78EFA4D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_9&ems_l=8697087&i=1&d=NDIzMDExNDcz%7C... Page URL
https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=3... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

61
Requests

98 %
HTTPS

46 %
IPv6

18
Domains

24
Subdomains

25
IPs

7
Countries

517 kB
Transfer

1295 kB
Size

12
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.facebook.com/bagborroworsteal

Search URL Search Domain Scan URL

URL: http://twitter.com/bagborrowsteal

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/bagborroworsteal/
Title:

Search URL Search Domain Scan URL

URL: http://instagram.com/bagborroworsteal
Title:

Search URL Search Domain Scan URL

URL: http://www.bbb.org/western-washington/business-reviews/handbags/bag-borrow-or-steal-in-seattle-wa-22027217#bbbseal

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_9&ems_l=8697087&i=1&d=NDIzMDExNDcz%7CWlRXRFo1Tko0OA%3D%3D%7CNy42LjIxX1NpdGV3aWRl%7CMjk4MzQzOA%3D%3D%7C&_esuh=_9_eb5f1e77d41a8f819004a012e8534df78c0b3200951f4131261fbdda1d23568a Page URL
https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070221345/?random=1004168915&cv=9&fst=1625574932196&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=FE7kYM6ZDtiwx_AP0JeGiA8&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-user-list/1070221345/?random=1004168915&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=4092664123&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/1070221345/?random=1004168915&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=4092664123&resp=GooglemKTybQhCsO&ipr=y

61 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK nrd.php
visit.bagborroworsteal.com/u/ 837 B
806 B 359ms
227ms Document
text/html 217.175.192.21
EMARSYS-AS Emarsy...

General

Check archive.org

Show headers Download Go to

Full URL

https://visit.bagborroworsteal.com/u/nrd.php?p=ZTWDZ5NJ48_36048_7092609_1_9&ems_l=8697087&i=1&d=NDIzMDExNDcz%7CWlRXRFo1Tko0OA%3D%3D%7CNy42LjIxX1NpdGV3aWRl%7CMjk4MzQzOA%3D%3D%7C&_esuh=_9_eb5f1e77d41a8f819004a012e8534df78c0b3200951f4131261fbdda1d23568a

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.175.192.21 , Austria, ASN199236 (EMARSYS-AS Emarsys eMarketing Systems AG, AT),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Host: visit.bagborroworsteal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:30 GMT
server: Apache
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
content-encoding: gzip
x-af: suite16-web4
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 428
content-type: text/html; charset=utf-8
x-hf: suite-haproxy01d

GET
H/1.1 200
OK Primary Request Cookie set howitworks Show response
www.bagborroworsteal.com/ 38 KB
39 KB 788ms
454ms Document
text/html 162.242.193.45
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.242.193.45 , United States, ASN27357 (RACKSPACE, US),

Reverse DNS

Software

Apache-Coyote/1.1 /

Resource Hash

001ca1540b789d86817f1232c93c6b5de3acca5ef0602c697e3e412e97997768

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.bagborroworsteal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://visit.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://visit.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:35:31 GMT
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D31D1BBBAAB6686A4435DDABF2E7C4F5.workerA; Path=/ UBID=""; Domain=.bagborroworsteal.com; Expires=Thu, 29-Jun-2051 12:35:31 GMT; Path=/ SESSION=ed82babc-4092-4b8d-920d-9bcd3f755545; Domain=.bagborroworsteal.com; Path=/ adTrackId=null; Domain=.bagborroworsteal.com; Path=/
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked

GET
H2 200 css
fonts.googleapis.com/ 1 KB
591 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Playfair+Display

Requested by

Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9d83121a5242fd08642d5791a2c7536b9f20291498977184992a6a1db5808f05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 11:42:17 GMT
server: ESF
date: Tue, 06 Jul 2021 12:35:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Jul 2021 12:35:31 GMT

GET
H2 200 global.min.css
secure.avelleassets.com/TNT1930/css/ 29 KB
7 KB 139ms
32ms Stylesheet
text/css 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/css/global.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F6FE) /

Resource Hash

87755777f5ef22d9f1963138aec8eff9577c8d6c4dacfbc208ff4842194999fa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:31 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 04 May 2020 16:34:51 GMT
server: ECS (ska/F6FE)
age: 376425
etag: "73cc-5a4d51c2920c0+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/css
content-length: 6894

GET
H2 200 concat_global.min.js Show response
secure.avelleassets.com/TNT1930/js_prod/ 118 KB
39 KB 154ms
48ms Script
text/javascript 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/js_prod/concat_global.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F719) /

Resource Hash

df095f2eeccde5bd77d3d845d3c1a077d9f72f2c757d7a77bd2ef540af9c234f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:31 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 10 Mar 2016 19:20:10 GMT
server: ECS (ska/F719)
age: 376425
etag: "1d940-52db6b3f48e80+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/javascript
content-length: 39856

GET
H2 200 ig_welcome_mat_bagborrowsteal.css
secure.avelleassets.com/TNT1930/css/ 4 KB
2 KB 141ms
35ms Stylesheet
text/css 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/css/ig_welcome_mat_bagborrowsteal.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F70A) /

Resource Hash

01708dc7992dc288a868c11571d919e7d474d4936cac11735c2f7d363f3d2d6f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:31 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 03 Jun 2019 21:43:27 GMT
server: ECS (ska/F70A)
age: 376425
etag: "f14-58a72411eddc0+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/css
content-length: 1456

GET
H2 200 ig_welcome_mat_bagborrowsteal.js Show response
secure.avelleassets.com/TNT1930/js_dev/ 30 KB
10 KB 142ms
36ms Script
text/javascript 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/js_dev/ig_welcome_mat_bagborrowsteal.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F6FD) /

Resource Hash

63302d1db7161aa5add476568458cccf5d85ed30a615b8a29df686deb5d42245

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:31 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 01 Aug 2019 20:27:21 GMT
server: ECS (ska/F6FD)
age: 376425
etag: "7790-58f14119a5c40+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/javascript
content-length: 9951

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 7 KB
7 KB 249ms
98ms Script
application/javascript 54.192.93.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.93.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e17857cb74ff8bb8c18929844a2d0ff42bd36dee42113f85a8831ad42ef6eb79

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:33:07 GMT
via: 1.1 c854fb0d5b88436abc85e38f9c08a56d.cloudfront.net (CloudFront)
age: 145
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-cf-pop: MAD51-C3
content-length: 7199
x-amz-cf-id: ZTiaB99nHAu8P8LWvNev1BUndJpm-dDvZoDHUzOa6iBiVTTIE8mavA==

GET
H2 200 spacer.gif
secure.avelleassets.com/images/ 43 B
147 B 35ms
31ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/spacer.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F70C) /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Wed, 30 Nov 2005 01:15:09 GMT
server: ECS (ska/F70C)
age: 84862
etag: "2b-406be1133c140"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 43

GET
H2 200 HowitWorksPage_v3_03.jpg
secure.avelleassets.com/images/howitworks/ 14 KB
14 KB 477ms
474ms Image
image/jpeg 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/howitworks/HowitWorksPage_v3_03.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache/2.4.41 (IUS) /

Resource Hash

e80e5b9f063caca54fe4d2c0e59874c7a790e9eabe69e8857999f673a8a58db8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Tue, 02 Apr 2019 00:45:21 GMT
server: Apache/2.4.41 (IUS)
etag: "397a-5858173a4aa40"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/jpeg
accept-ranges: bytes
content-length: 14714

GET
H2 200 HowitWorksPage_v2_07.jpg
secure.avelleassets.com/images/howitworks/ 32 KB
32 KB 465ms
462ms Image
image/jpeg 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/howitworks/HowitWorksPage_v2_07.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache/2.4.41 (IUS) /

Resource Hash

4734fdcbf7c1ba0b322ba639d1f008cd99d58a8ab0a5875c0b7b710d4fb69386

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Fri, 11 Jan 2019 03:05:11 GMT
server: Apache/2.4.41 (IUS)
etag: "7e18-57f25f69487c0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/jpeg
accept-ranges: bytes
content-length: 32280

GET
H2 200 HowitWorksPage_v2_11.jpg
secure.avelleassets.com/images/howitworks/ 47 KB
47 KB 469ms
466ms Image
image/jpeg 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/howitworks/HowitWorksPage_v2_11.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache/2.4.41 (IUS) /

Resource Hash

f99b8c6748b767b0ce16e07565de5997145e6fb0bde463f3f6ee6f02d767c0fa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Fri, 11 Jan 2019 03:05:11 GMT
server: Apache/2.4.41 (IUS)
etag: "bd35-57f25f69487c0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/jpeg
accept-ranges: bytes
content-length: 48437

GET
H2 200 cookie_banner.js Show response
secure.avelleassets.com/TNT1930/js_prod/ 39 KB
7 KB 34ms
34ms Script
text/javascript 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.avelleassets.com/TNT1930/js_prod/cookie_banner.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F704) /

Resource Hash

77389a854f3ac413bcd8a23b4df628b84ab2fba22a6aa7318faf67678a05fcb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 06 Aug 2020 23:04:51 GMT
server: ECS (ska/F704)
age: 414799
etag: "9dc9-5ac3d83fe0ac0+gzip"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: text/javascript
content-length: 7350

GET
H2 200 accessibility.gif
secure.avelleassets.com/images/icons/ 5 KB
6 KB 34ms
32ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/icons/accessibility.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F709) /

Resource Hash

d61f1e577b16aefc5029d0642694c25da422759e1ba766ca6d675dcc47d02ddc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Fri, 10 Jan 2020 23:14:59 GMT
server: ECS (ska/F709)
age: 366140
etag: "15bc-59bd14b6602c0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 5564

GET
H2 200 bag-borrow-or-steal-22027217.png
seal-alaskaoregonwesternwashington.bbb.org/logo/rbvtbas/ 2 KB
2 KB 35ms
15ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seal-alaskaoregonwesternwashington.bbb.org/logo/rbvtbas/bag-borrow-or-steal-22027217.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine / ASP.NET
Resource Hash: cec1bbe9694e8380d5d11e528292f347622be1e2fac7064d2dd987aa8ccda177

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Tue, 06 Jul 2021 10:02:40 GMT
server: keycdn-engine
x-aspnet-version: 4.0.30319
x-edge-location: defr
x-powered-by: ASP.NET
x-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-shield: active
content-length: 2073
expires: Tue, 06 Jul 2021 16:35:32 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 154ms
37ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

0f506a0bf099d96a1f34c7c23cb74929b8fa381d4114509f9aef2273f2c852b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17349
x-xss-protection: 0
server: cafe
etag: 3780840205288251298
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 06 Jul 2021 12:35:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 4187
date: Tue, 06 Jul 2021 11:25:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Tue, 06 Jul 2021 13:25:45 GMT

GET
H2 200 global_sprites.png
secure.avelleassets.com/TNT1930/css/sprites/ 62 KB
62 KB 33ms
32ms Image
image/png 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/TNT1930/css/sprites/global_sprites.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F6FD) /

Resource Hash

1fa823896b863bc6bf90a0e3b122db129a337a98b16364fd72018549e1184600

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Mon, 03 Jun 2019 21:43:27 GMT
server: ECS (ska/F6FD)
age: 366132
etag: "f748-58a72411eddc0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/png
accept-ranges: bytes
content-length: 63304

GET
H2 200 search_vert.gif
secure.avelleassets.com/images/navigation/mainnav/ 1 KB
1 KB 45ms
44ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/navigation/mainnav/search_vert.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F706) /

Resource Hash

91ddf1744d48128e8279b661f1c36bcae9eed12b542c420ae8de883a6d2002c9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Fri, 10 Jan 2014 02:00:08 GMT
server: ECS (ska/F706)
age: 73252
etag: "452-4ef9415df5a00"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 1106

GET
H2 200 search_arrow.gif
secure.avelleassets.com/images/navigation/mainnav/ 68 B
161 B 46ms
45ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/navigation/mainnav/search_arrow.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F707) /

Resource Hash

1319095e503185318684b65d6a8eda0cf1efb19028b35d3f966c154019df9c69

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
last-modified: Wed, 08 Jan 2014 23:28:21 GMT
server: ECS (ska/F707)
age: 510584
etag: "44-4ef7dd9362f40"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 68

GET
H2 200 nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
fonts.gstatic.com/s/playfairdisplay/v22/ 28 KB
28 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v22/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Playfair+Display

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c5348e4d76366efc13f2bcb5a5ce138e581e90d570a09d0ec66a8cab4920be6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.bagborroworsteal.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 01:54:51 GMT
x-content-type-options: nosniff
age: 38441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28568
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 20:30:38 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 01:54:51 GMT

GET
H2 200 bag-borrow-or-steal-22027217.js Show response
seal-alaskaoregonwesternwashington.bbb.org/logo/ 3 KB
980 B 7ms
6ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://seal-alaskaoregonwesternwashington.bbb.org/logo/bag-borrow-or-steal-22027217.js
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine / ASP.NET
Resource Hash: 716c18fda50474e76ea9e81fd08eb20024fe490ccb77b21b22e513bf8b673d78

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 06 Jul 2021 12:35:32 GMT
content-encoding: gzip
x-edge-location: defr
x-powered-by: ASP.NET
x-cache: HIT
content-length: 659
last-modified: Tue, 08 Dec 2015 18:58:11 GMT
server: keycdn-engine
etag: "80e33162ea31d11:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-shield: active
expires: Tue, 06 Jul 2021 16:35:32 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1830177198&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&dr=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&dp=How%20it%20Works%20All&ul=en-us&de=UTF-8&dt=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=226307612&gjid=364960235&cid=1411222066.1625574932&tid=UA-238171-1&_gid=1854645971.1625574932&_r=1&_slc=1&z=111313652

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bagborroworsteal.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK blank_for_iframe.html Show response
www.bagborroworsteal.com/ Frame F208 293 B
619 B 109ms
108ms Document
text/html 162.242.193.45
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bagborroworsteal.com/blank_for_iframe.html

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.242.193.45 , United States, ASN27357 (RACKSPACE, US),

Reverse DNS

Software

Apache/2.4.41 (IUS) /

Resource Hash

56f9b2160d7519c225d7455901a249f231349ee1ab51ba38377370f098d9f46d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.bagborroworsteal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: JSESSIONID=D31D1BBBAAB6686A4435DDABF2E7C4F5.workerA; UBID=""; SESSION=ed82babc-4092-4b8d-920d-9bcd3f755545; adTrackId=null; _ga=GA1.2.1411222066.1625574932; _gid=GA1.2.1854645971.1625574932; _gat=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438

Response headers

Date: Tue, 06 Jul 2021 12:35:32 GMT
Server: Apache/2.4.41 (IUS)
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 30 May 2014 19:30:53 GMT
ETag: "125-4faa3156e3540"
Accept-Ranges: bytes
Content-Length: 293
Keep-Alive: timeout=5, max=499
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2 200 /
insight.adsrvr.org/track/evnt/ 70 B
261 B 154ms
50ms Image
image/gif 34.254.108.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=f8eezmw&ct=0:edezgv8j&fmt=3&ra=7737421
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.108.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK scarab-v2.js Show response
cdn.scarabresearch.com/js/1A5CD7799B61CC35/ 105 KB
24 KB 109ms
35ms Script
application/javascript 13.225.87.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.scarabresearch.com/js/1A5CD7799B61CC35/scarab-v2.js
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-7.fra2.r.cloudfront.net
Software: /
Resource Hash: 735b1688e3cbf02acda5549b961c6a3087a2391bcf9b7beaa737b7cb6663c777

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:30:40 GMT
Content-Encoding: gzip
Connection: keep-alive
Age: 520
ETag: "47f6745601610e6344a4f614979fbc65--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript;charset=utf-8
Via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
Cache-Control: max-age=3600,public
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2-C2
Timing-Allow-Origin: *
X-Amz-Cf-Id: OzEDqJzg_oYWDrTMTQGUbG9BdmfAZL8dRoTwZkNz5k-mBBI0Rjgk1g==

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 31ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:31 GMT
content-encoding: gzip
last-modified: Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref: Ref A: 14B9AE5AB1764F748D45DAE0D9D89854 Ref B: FRAEDGE1512 Ref C: 2021-07-06T12:35:32Z
etag: "0d2a696ff53d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9008

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
94 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-238171-1&cid=1411222066.1625574932&jid=226307612&gjid=364960235&_gid=1854645971.1625574932&_u=IEBAAEAAAAAAAC~&z=464410374

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 06 Jul 2021 12:35:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.bagborroworsteal.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
www.googleadservices.com/pagead/conversion/1070221345/ 2 KB
1 KB 53ms
52ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1070221345/?random=1625574932196&cv=9&fst=1625574932196&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

6fb2c1b703af3e400bfa7618554b2c3cac3543785a4f11649938469065dbda6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1300
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/972814219/ 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/972814219/?random=1625574932202&cv=9&fst=1625574932196&num=2&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&data=ecomm_prodid%3D%3Becomm_pagetype%3Dhowitworks%3Becomm_totalvalue%3D&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d1ef7a7b9411fb59bec51980c435b84089d091a09edc8d26e3f0e4e23bc43e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1220
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 19ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-238171-1&cid=1411222066.1625574932&jid=226307612&_u=IEBAAEAAAAAAAC~&z=1772869327

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-238171-1&cid=1411222066.1625574932&jid=226307612&_u=IEBAAEAAAAAAAC~&z=1772869327

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 17020539.js Show response
bat.bing.com/p/action/ 0
142 B 136ms
136ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/17020539.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 06 Jul 2021 12:35:32 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: 380ACCA4812B4CD7A4D7C3BE171EDBDF Ref B: FRAEDGE1512 Ref C: 2021-07-06T12:35:32Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
135 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17020539&Ver=2&mid=bef04e69-436b-446b-9011-8f83f6cfa9c0&sid=a7695a90de5611eb8934cbe7512a83c9&vid=a7695b10de5611eba50a6b37f04b96b8&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=How%20to%20Rent,%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&kw=how%20it%20works,%20sell%20%20handbags,%20consignment,%20designer%20handbags,%20luxury%20handbags,handbags%20rental,%20purse,%20gucci,%20chanel,%20louis%20Vuitton,%20jewelry&p=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&r=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&evt=pageLoad&msclkid=N&sv=1&rn=545356
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 06 Jul 2021 12:35:31 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 2F770051B3F5407898DD86AE95D71108 Ref B: FRAEDGE1512 Ref C: 2021-07-06T12:35:32Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/972814219/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/972814219/?random=1625574932202&cv=9&fst=1625572800000&num=2&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_prodid%3D%3Becomm_pagetype%3Dhowitworks%3Becomm_totalvalue%3D&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&fmt=3&is_vtc=1&random=1653286869&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/972814219/ 42 B
154 B 22ms
20ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/972814219/?random=1625574932202&cv=9&fst=1625572800000&num=2&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_prodid%3D%3Becomm_pagetype%3Dhowitworks%3Becomm_totalvalue%3D&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&fmt=3&is_vtc=1&random=1653286869&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-user-list/1070221345/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070221345/?random=1004168915&cv=9&fst=1625574932196&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&resp=GooglemKTy...
https://www.google.com/pagead/1p-user-list/1070221345/?random=1004168915&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah...
https://www.google.de/pagead/1p-user-list/1070221345/?random=1004168915&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=...

42 B
64 B

31ms
28ms

Image
image/gif

2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1070221345/?random=1004168915&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=4092664123&resp=GooglemKTybQhCsO&ipr=y

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Jul 2021 12:35:32 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/1070221345/?random=1004168915&cv=9&fst=1625572800000&num=1&value=0&label=NoJeCN_H-gIQoZCp_gM&bg=666666&hl=en&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.bagborroworsteal.com%2Fhowitworks%3Fsc_src%3Demail_7092609%26sc_lid%3D423011473%26sc_uid%3DZTWDZ5NJ48%26sc_llid%3D36048%26utm_source%3DEmarsys%26utm_medium%3Demail%26utm_campaign%3D7.6.21_Sitewide%26sc_customer%3D2983438&ref=https%3A%2F%2Fvisit.bagborroworsteal.com%2F&tiba=How%20to%20Rent%2C%20Buy%20and%20Sell%20Handbags%20%26%20Accessories%20%7C%20Bag%20Borrow%20or%20Steal&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=4092664123&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tags.js Show response
imgs.signifyd.com/fp/ 80 KB
11 KB 122ms
37ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&pageid=2

Requested by

Host: cdn-scripts.signifyd.com
URL: https://cdn-scripts.signifyd.com/api/script-tag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

8ef472f67ed383d2a0751f24087f9fc6e90493d48ce8a3981b901240cdd7c152

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 iGlobalIp.js Show response
iprecon.iglobalstores.com/ 18 B
439 B 59ms
7ms Script
text/javascript 2600:9000:20eb:fc00:0:43cc:80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://iprecon.iglobalstores.com/iGlobalIp.js?p=igcCallback&_1625574932283=
Requested by: Host: secure.avelleassets.com
URL: https://secure.avelleassets.com/TNT1930/js_dev/ig_welcome_mat_bagborrowsteal.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:fc00:0:43cc:80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4406332ec7167767030f8f3f0561af1bc97ce03b13b86370736f1654e742c09b

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:20:44 GMT
via: 1.1 7a18a0a1d9929dae345690b88b08dd5e.cloudfront.net (CloudFront)
age: 888
x-amzn-requestid: 7f3c9ac3-0434-458c-bbcb-8f07879500b6
x-cache: Hit from cloudfront
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
x-amzn-trace-id: Root=1-60e44a9c-70bcb4216518ca05735f3c5f;Sampled=0
x-amz-cf-pop: FRA2-C1
access-control-allow-credentials: true
x-amz-apigw-id: CDCYcEodIAMFyfw=
content-length: 18
x-amz-cf-id: HZNMy5WobnVsPEZr6DvaAIC3bHLIqe0psVW6Acnchyxj3IM0oW-QoA==

GET
H/1.1 200
OK close-square.png
d1vyngmisxigjx.cloudfront.net/images/ 1 KB
2 KB 122ms
39ms Image
image/png 143.204.98.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/close-square.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-36.fra50.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: c4a749be78ebdf7a12353556c362cd7a5b63fdfdb0b65306e8968576ed1ffe87

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 09:08:08 GMT
Via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:47 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 12444
ETag: "554-59d396f2cb8e5"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 1364
X-Amz-Cf-Id: WNISTy5-7JiLrgw5s_DfoVdSlPSO0SSv-Qx5IeizqOKroDanUP94kA==

GET
H/1.1 200
OK bagborroworsteel.png
checkout.iglobalstores.com/images/ 11 KB
12 KB 503ms
125ms Image
image/png 52.202.92.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://checkout.iglobalstores.com/images/bagborroworsteel.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.92.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-92-254.compute-1.amazonaws.com
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 65dafcdaae3b766bb4cf47d6ff72f49eeda9af3363a7efae97d48ef76cc22d01

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:35:32 GMT
Last-Modified: Tue, 28 Jan 2020 20:54:08 GMT
Server: Apache/2.4.29 (Ubuntu)
ETag: "2d3b-59d396cd56bb4"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11579

GET
H/1.1 200
OK US.png
d1vyngmisxigjx.cloudfront.net/images/flags/96x64/ 3 KB
4 KB 120ms
37ms Image
image/png 143.204.98.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/flags/96x64/US.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-36.fra50.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 58cdce9d9fa5d1b29625c051c2976d9914d2ddb70fdc6c83bc5c543816453720

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 21:42:19 GMT
Via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:48 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 53593
ETag: "d23-59d396f3ce581"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 3363
X-Amz-Cf-Id: mKgHjwh91KxVxeXuPf7yAuk0v7sfhXPsUmzjBTrKN9H6pWRe008qCQ==

GET
H/1.1 200
OK payment-methods-icon.png
d1vyngmisxigjx.cloudfront.net/images/ 4 KB
4 KB 121ms
39ms Image
image/png 143.204.98.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/payment-methods-icon.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-36.fra50.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: de6198ebfb4c6f439366c804fa711983cfcbb0c694432d2e5fb1f8e541ecd804

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 19:24:51 GMT
Via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:46 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 61841
ETag: "fc4-59d396f228788"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 4036
X-Amz-Cf-Id: JRgn0wW35gXccS7bZGEasJUfWr1n7R_aHQkTcLYh_F4y-ru0I-pzxg==

GET
H/1.1 200
OK prepay-duty-tax-icon.png
d1vyngmisxigjx.cloudfront.net/images/ 2 KB
3 KB 121ms
38ms Image
image/png 143.204.98.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/prepay-duty-tax-icon.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-36.fra50.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 7446767437b0174b01820e3eb0d2202fa8e67f1753296ab5c97c21bc2dd20147

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 08:42:48 GMT
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:50 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 13964
ETag: "9a5-59d396f5e57f7"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 2469
X-Amz-Cf-Id: 4kPdFeMrKsTI7XB71_9UcdDlGeTDJkCVCps9avgowHyJyrh2YHhy-w==

GET
H/1.1 200
OK shipping-icon.png
d1vyngmisxigjx.cloudfront.net/images/ 4 KB
5 KB 120ms
38ms Image
image/png 143.204.98.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/shipping-icon.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-36.fra50.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 4389239d90f66985ca942fc833a14f1f2269581a37b804843846954e056f8036

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 19:24:51 GMT
Via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:50 GMT
Server: Apache/2.4.29 (Ubuntu)
Age: 61841
ETag: "1133-59d396f5c7398"
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 4403
X-Amz-Cf-Id: N4hAROkhOz5yqBBW9XUx-SpuazcWDdOCqBW3ml2z-jBqzEarIqT6fg==

GET
H/1.1 200
OK / Show response
recommender.scarabresearch.com/merchants/1A5CD7799B61CC35/ 89 B
654 B 146ms
36ms XHR
application/json 18.198.246.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recommender.scarabresearch.com/merchants/1A5CD7799B61CC35/?pv=168680355&xp=1&cp=1&ci=2983438&ecid=7092609&elid=423011473&ellid=36048&euid=ZTWDZ5NJ48&prev_url=https%3A%2F%2Fvisit.bagborroworsteal.com%2F
Requested by: Host: cdn.scarabresearch.com
URL: https://cdn.scarabresearch.com/js/1A5CD7799B61CC35/scarab-v2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.246.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b7cd90c279f3374b782d79af60ecaa568f855a55e69057e1a5e79c8a2b66c3c5

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:35:32 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Vary: Accept-Encoding, User-Agent
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.bagborroworsteal.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 89
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK DE.png
d1vyngmisxigjx.cloudfront.net/images/flags/96x64/ 1 KB
2 KB 508ms
426ms Image
image/png 143.204.98.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1vyngmisxigjx.cloudfront.net/images/flags/96x64/DE.png
Requested by: Host: www.bagborroworsteal.com
URL: https://www.bagborroworsteal.com/howitworks?sc_src=email_7092609&sc_lid=423011473&sc_uid=ZTWDZ5NJ48&sc_llid=36048&utm_source=Emarsys&utm_medium=email&utm_campaign=7.6.21_Sitewide&sc_customer=2983438
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-36.fra50.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a02b3ffbb8805d295bb9ef2b5676ac97189736203b6779ab848ceb7b9008e67c

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:35:32 GMT
Via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 Jan 2020 20:54:48 GMT
Server: Apache/2.4.29 (Ubuntu)
X-Amz-Cf-Pop: FRA50-C1
ETag: "592-59d396f3a7481"
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1426
X-Amz-Cf-Id: 5fFqnP4C-zy9tsCo38PZJlZQuIwf-gI_HXQyP2emnWT2mNEFbUeF6Q==

GET
H/1.1 200
OK check.js;CIS3SID=2DC71BCA3F8F464CC60309268B83105E Show response
imgs.signifyd.com/fp/ Frame 9635 219 KB
36 KB 42ms
41ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/check.js;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&jb=33372e2468736d77354c6966777026687b6f35446b6e75702e6871623f416a726f6d65253230303b

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&pageid=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

11d9887529d3bdf21383b9af0e5b2832093ad439e2eead57bc7f422df8a15a7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: ed403895657cc9dd
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
imgs.signifyd.com/fp/ Frame 9635 81 B
474 B 100ms
34ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
imgs.signifyd.com/fp/ Frame 9635 81 B
475 B 106ms
36ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&ck=0&m=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame 9635 81 B
540 B 101ms
33ms XHR
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/fp/check.js;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&jb=33372e2468736d77354c6966777026687b6f35446b6e75702e6871623f416a726f6d65253230303b

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, w2txo5aa/ed403895657cc9dded82babc-4092-4b8d-920d-9bcd3f755545
Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:35:33 GMT
Last-Modified: Tue, 06 Jul 2021 12:35:33 GMT
Server: Apache
Etag: c21d6dce3aa54619abb06ee8804f3031
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://www.bagborroworsteal.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Sun, 05 Jul 2026 12:35:33 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E Show response
imgs.signifyd.com/fp/ Frame 45BF 82 KB
13 KB 40ms
40ms Document
text/html 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/ls_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

3987194a7912b3e670d44d540402f19a2e0c69c3804bc982c57a8d0b3014c380

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: imgs.signifyd.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: thx_guid=cb71980d289b407a9b2572179c08bd4a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:35:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 200
OK sid_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E Show response
h.online-metrix.net/fp/ Frame AD3B 95 KB
15 KB 135ms
42ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

7a14ecbdf9e429bf1a98eff3c9d3babc6016f7030b6d4779a737bdb2d761890b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: h.online-metrix.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:35:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 9635 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E Show response
imgs.signifyd.com/fp/ Frame 3A15 82 KB
12 KB 46ms
43ms Document
text/html 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/top_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

250b4268d6cce995d727fe45a9fae6ae261350ccc5004268f7ad64d11e963648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: imgs.signifyd.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bagborroworsteal.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: thx_guid=cb71980d289b407a9b2572179c08bd4a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.bagborroworsteal.com/

Response headers

Date: Tue, 06 Jul 2021 12:35:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
imgs.signifyd.com/fp/ Frame 9635 0
218 B 36ms
35ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&ja=38353f2424633f3438267a353438266435313e383278313a38322461643f3336303078313230382471787b3f3878302e6678723f392c393e32302c393a32322c333432302c313230302c393432302e333a303024333e303224313a38322c302438247163663f3034266c683d68747c72712531432d32462d304e77757f2e6a6965626f7a7a6d756f70717665616c2e636f6d2d3044686d7561747767706373273b467b6b5d73726b2d3146656f636b6c5f3730393236383b273234716b5f6c61662d33463c323b383331343f3b27303671615d7569642533445a5c55465a374c4234382d303e7361576c64616625334c3b3432343a27303675746d5f736f7d70616527314c456d69707b79712d323e7d766d5f656d666b756f273144656d61696c253a3477746f5d6b616d786361676c2d334c3f2c362e3a395d5169766775696465253236736b5d61757176676d657a273b443031383b3c3138266c7a3f6a74767271253341253246253a447469716b7c2e6269656a6f707a6f7f677073746d696e2c636d6f2732462668683d3138353a3731633e3435383b3f31303a336d3b3461303b3a6667393134636134266a736f3d446b6c757a24627362354160726d65652d3a3238392e62716d753f4e6b6e7578266e6863353334266c66653d382e7672643f4d757a677265253a4e4067726e6b6c266d617468723d3c32323366336b32626d613832673e636b3d343030303a636631373736303166643435383033363166346d61613a366c633b3c616e6a6637323b39313339346324703d706c756769665d646c6371605e66696e7b6523786c7d6f6b6e5f7f616c666f75715d6d656469615f7064637b65705c6e616c7b6729706e7d6761665d6164676a675d6161706d6261745e66616c7b6723706e776f696e57737d696163746165675e666964716721726e7767696e5f73686f6b697561746756666164716d217264756f616c5f726d696e726c637b67725e66616c736529726e75656b665f76646157706e69796d7a5c6661647b6723706e7765696e5f646576616474705e64636473652972647565616e577b74675f7e61677565705c64616c736521706c7d656b6e5d686976615664696c716d266d70313d63303c643637663534396362333761333c61303067306c39316e643f333a3c306b69353035693c61246361663f3136&jb=31353b246e713f4f677a69646e6925304e352638273230205f6b6c646d75712532304e5425323833322e32273b42253a325f696c3e342d3b40253238703436292730324170706c6557656a496b7427304e35333f2c3b36273a3020434a544d442d30412530326e696b65253230476d61696f2b273a30436070676d672d324e303b2e30263c313a392c3530253230536166617a6b273244373b372e3b34

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 06 Jul 2021 12:35:33 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
w2txo5aa2da5tyjjhqsfmphhlix37keyo3hn4azged403895657cc9ddam1.e.aa.online-metrix.net/fp/ Frame 9635 81 B
438 B 128ms
34ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aa2da5tyjjhqsfmphhlix37keyo3hn4azged403895657cc9ddam1.e.aa.online-metrix.net/fp/clear.png?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=2DC71BCA3F8F464CC60309268B83105E
imgs.signifyd.com/fp/ Frame 9635 0
400 B 37ms
36ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/fp/clear1.png;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&jf=34313e247169665d7a6e6435766c725d40444f4933664d67526a4f4563417a69267369645f646976673d33343a35353f363133312e73616c5d7479786d3f7565603867636473612673696c5d69657b3f3b303531313831313836383f3061383e3c3a6165316632323031303630383a633a36363a6b65336c323b30333837383b3632303838363233643132306261396435346a32613963316e39363b323e35323a616a3a6738316d6966366361373b323137383937613066606634663c31643f616a633531633f3b63393738313a3033633230396265333065643964313961343c613130616c386339653c3b6635633a3f676337306367643462623932613c33376535313f36267b6b6c5f716167353b323435383a303330326164386236313432646a356465606438616438363931646d363b393633366d6d3b6366376060643333656137316934326434673e39323e3769393b30373a3b3530323a38316762603133633032336237323c31363130303f39326c6738363269363f396031646d38333b37323536663431386338663c346638373339316169646e63303e267b6164723d38

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=2DC71BCA3F8F464CC60309268B83105E
h.online-metrix.net/fp/ Frame AD3B 0
400 B 37ms
36ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&jf=34313c247169665d7a6e6435766c725d5132797b6763637f7f686a7570324454267369645f646976673d33343a35353f363133312e73616c5d7479786d3f7565603867636473612673696c5d69657b3f3b303531313831313836383f3061383e3c3a6165316632323031303630383a633a36363a6b65336c323b30333837383b36323038383633613a6435623562343736363e34343764366b64396c616b34666e30393b3339346c3e31303234356463306530643664316036343a613863343e343935643c38693a6033356d3c36616631303a3062353138646469343b3231306e64316d603d66373c3469316033336c3a606765313334643164356539616b353a33663b3832267b6b6c5f716167353b323434383a303237343b3b316264643733366d35606263606b38333a663065646a373d6d336538313c3036303b303a306162386631373930376432336a30666c343e37363d613d38303230386d303a3367343165343636316437393a606231303e37313c356b31346b63393c6137613f313b3b65673132653863326533646e3664663b613e30313d333e65247b696e7a3f31

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=2DC71BCA3F8F464CC60309268B83105E?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
imgs.signifyd.com/fp/ Frame 9635 0
387 B 34ms
33ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png?org_id=w2txo5aa&session_id=ed82babc-4092-4b8d-920d-9bcd3f755545&nonce=ed403895657cc9dd&jac=1&je=31373d24247767607a746357677074677a6e69645d69703530302c3132302c32302e323335267f6b6f3d75676a72746b5d616e766d7266696e5f6d6c667124706f3f6c6f2662617473743579206c67746d6c22323326303224227b7c6374757b2a3820636a637067696e67227d26697766683f616d666269673c373a3e373f6e3232666a6a663b37313433373639326462643161343437326a66353e3639363431656a6d643135313d63603736376332313137

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 06 Jul 2021 12:35:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 email_signup_2019.gif
secure.avelleassets.com/images/popups/ 14 KB
14 KB 37ms
37ms Image
image/gif 93.184.220.20
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.avelleassets.com/images/popups/email_signup_2019.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.20 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F70E) /

Resource Hash

8d70bacb1744bfb8867298ccca27704b203cd882e5b788a53d09ac474190f4f7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bagborroworsteal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:35:37 GMT
last-modified: Tue, 07 May 2019 21:56:43 GMT
server: ECS (ska/F70E)
age: 510566
etag: "3925-588534ad9bcc0"
x-frame-options: SAMEORIGIN
x-cache: HIT
content-type: image/gif
accept-ranges: bytes
content-length: 14629

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Verdicts & Comments Add Verdict or Comment

218 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bagborroworsteal.com/	1970-01-20 04:18:30	Name: scarab.visitor Value: %222344DEC94E5A2FED%22
.bagborroworsteal.com/	1970-01-30 18:20:54	Name: UBID Value: ""
.www.bagborroworsteal.com/	1970-01-19 19:42:59	Name: igSplash Value: igSplash
.bagborroworsteal.com/	1970-01-19 19:34:21	Name: _gid Value: GA1.2.1854645971.1625574932
.www.bagborroworsteal.com/	1970-01-20 04:18:30	Name: igCountry Value: DE
.bagborroworsteal.com/	1970-01-19 19:34:21	Name: _uetsid Value: a7695a90de5611eb8934cbe7512a83c9
.bagborroworsteal.com/	1970-01-20 13:04:06	Name: _ga Value: GA1.2.1411222066.1625574932
.bagborroworsteal.com/	1969-12-31 23:59:59	Name: adTrackId Value: null
.bagborroworsteal.com/	1970-01-20 04:54:30	Name: _uetvid Value: a7695b10de5611eba50a6b37f04b96b8
.bagborroworsteal.com/	1970-01-19 19:32:54	Name: _gat Value: 1
.bagborroworsteal.com/	1969-12-31 23:59:59	Name: SESSION Value: ed82babc-4092-4b8d-920d-9bcd3f755545
www.bagborroworsteal.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: D31D1BBBAAB6686A4435DDABF2E7C4F5.workerA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
cdn-scripts.signifyd.com
cdn.scarabresearch.com
checkout.iglobalstores.com
d1vyngmisxigjx.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
googleads.g.doubleclick.net
h.online-metrix.net
imgs.signifyd.com
insight.adsrvr.org
iprecon.iglobalstores.com
recommender.scarabresearch.com
seal-alaskaoregonwesternwashington.bbb.org
secure.avelleassets.com
stats.g.doubleclick.net
visit.bagborroworsteal.com
w2txo5aa2da5tyjjhqsfmphhlix37keyo3hn4azged403895657cc9ddam1.e.aa.online-metrix.net
www.bagborroworsteal.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
13.225.87.7
142.250.184.226
143.204.98.36
162.242.193.45
18.198.246.112
185.32.241.65
217.175.192.21
2600:9000:20eb:fc00:0:43cc:80:93a1
2620:1ec:c11::200
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2003
2a00:1450:400c:c08::9c
2a0b:4d07:101::1
34.254.108.170
52.202.92.254
54.192.93.42
91.235.132.130
91.235.134.131
93.184.220.20
001ca1540b789d86817f1232c93c6b5de3acca5ef0602c697e3e412e97997768
01708dc7992dc288a868c11571d919e7d474d4936cac11735c2f7d363f3d2d6f
0f506a0bf099d96a1f34c7c23cb74929b8fa381d4114509f9aef2273f2c852b3
11d9887529d3bdf21383b9af0e5b2832093ad439e2eead57bc7f422df8a15a7a
1319095e503185318684b65d6a8eda0cf1efb19028b35d3f966c154019df9c69
1fa823896b863bc6bf90a0e3b122db129a337a98b16364fd72018549e1184600
250b4268d6cce995d727fe45a9fae6ae261350ccc5004268f7ad64d11e963648
3987194a7912b3e670d44d540402f19a2e0c69c3804bc982c57a8d0b3014c380
4389239d90f66985ca942fc833a14f1f2269581a37b804843846954e056f8036
4406332ec7167767030f8f3f0561af1bc97ce03b13b86370736f1654e742c09b
4734fdcbf7c1ba0b322ba639d1f008cd99d58a8ab0a5875c0b7b710d4fb69386
56f9b2160d7519c225d7455901a249f231349ee1ab51ba38377370f098d9f46d
58cdce9d9fa5d1b29625c051c2976d9914d2ddb70fdc6c83bc5c543816453720
63302d1db7161aa5add476568458cccf5d85ed30a615b8a29df686deb5d42245
65dafcdaae3b766bb4cf47d6ff72f49eeda9af3363a7efae97d48ef76cc22d01
6fb2c1b703af3e400bfa7618554b2c3cac3543785a4f11649938469065dbda6e
716c18fda50474e76ea9e81fd08eb20024fe490ccb77b21b22e513bf8b673d78
735b1688e3cbf02acda5549b961c6a3087a2391bcf9b7beaa737b7cb6663c777
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
7446767437b0174b01820e3eb0d2202fa8e67f1753296ab5c97c21bc2dd20147
77389a854f3ac413bcd8a23b4df628b84ab2fba22a6aa7318faf67678a05fcb5
7a14ecbdf9e429bf1a98eff3c9d3babc6016f7030b6d4779a737bdb2d761890b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87755777f5ef22d9f1963138aec8eff9577c8d6c4dacfbc208ff4842194999fa
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d70bacb1744bfb8867298ccca27704b203cd882e5b788a53d09ac474190f4f7
8ef472f67ed383d2a0751f24087f9fc6e90493d48ce8a3981b901240cdd7c152
91ddf1744d48128e8279b661f1c36bcae9eed12b542c420ae8de883a6d2002c9
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9c5348e4d76366efc13f2bcb5a5ce138e581e90d570a09d0ec66a8cab4920be6
9d1ef7a7b9411fb59bec51980c435b84089d091a09edc8d26e3f0e4e23bc43e6
9d83121a5242fd08642d5791a2c7536b9f20291498977184992a6a1db5808f05
a02b3ffbb8805d295bb9ef2b5676ac97189736203b6779ab848ceb7b9008e67c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7cd90c279f3374b782d79af60ecaa568f855a55e69057e1a5e79c8a2b66c3c5
c4a749be78ebdf7a12353556c362cd7a5b63fdfdb0b65306e8968576ed1ffe87
cec1bbe9694e8380d5d11e528292f347622be1e2fac7064d2dd987aa8ccda177
d61f1e577b16aefc5029d0642694c25da422759e1ba766ca6d675dcc47d02ddc
de6198ebfb4c6f439366c804fa711983cfcbb0c694432d2e5fb1f8e541ecd804
df095f2eeccde5bd77d3d845d3c1a077d9f72f2c757d7a77bd2ef540af9c234f
e17857cb74ff8bb8c18929844a2d0ff42bd36dee42113f85a8831ad42ef6eb79
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e80e5b9f063caca54fe4d2c0e59874c7a790e9eabe69e8857999f673a8a58db8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f99b8c6748b767b0ce16e07565de5997145e6fb0bde463f3f6ee6f02d767c0fa

www.bagborroworsteal.com Open in urlscan Pro 162.242.193.45 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

98 %HTTPS

46 %IPv6

18 Domains

24 Subdomains

25 IPs

7 Countries

517 kBTransfer

1295 kBSize

12 Cookies

5 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bagborroworsteal.com Open in urlscan Pro
162.242.193.45 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

98 %
HTTPS

46 %
IPv6

18
Domains

24
Subdomains

25
IPs

7
Countries

517 kB
Transfer

1295 kB
Size

12
Cookies

61 HTTP transactions
0 data transactions