urlscan.io logo urlscan.io
SecurityTrails logo

20860958p.rfihub.com Open in urlscan Pro
199.38.167.131  Public Scan

Go To Rescan Add Verdict Report
URL: https://20860958p.rfihub.com/ca.html?ver=9&rb=43805&ca=20860958&_o=43805&_t=20860958&pe=https%3A%2F%2Fwww.united.com%2Fen%2Fu...
Submission: On November 10 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 3 countries across 18 domains to perform 18 HTTP transactions. The main IP is 199.38.167.131, located in United States and belongs to ROCKETFUEL, US. The main domain is 20860958p.rfihub.com. The Cisco Umbrella rank of the primary domain is 77079.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 2nd 2025. Valid for: a year.
This is the only time 20860958p.rfihub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 5 199.38.167.131 54312 (ROCKETFUEL)
1 1 108.138.106.17 16509 (AMAZON-02)
1 3 35.244.154.8 396982 (GOOGLE-CL...)
3 3 142.250.176.194 15169 (GOOGLE)
1 2 68.67.161.208 29990 (ASN-APPNEX)
1 2 44.240.78.119 16509 (AMAZON-02)
1 104.36.113.107 62713 (AS-PUBMATIC)
1 2 34.98.64.218 396982 (GOOGLE-CL...)
1 2 54.156.26.12 14618 (AMAZON-AES)
1 23.34.124.26 16625 (AKAMAI-AS)
1 51.222.241.145 16276 (OVH OVH SAS)
2 2 107.20.119.47 14618 (AMAZON-AES)
1 74.119.117.57 19750 (AS-CRITEO)
1 2 104.18.27.193 13335 (CLOUDFLAR...)
1 52.6.235.195 14618 (AMAZON-AES)
1 99.84.234.68 16509 (AMAZON-02)
1 2 35.211.202.130 19527 (GOOGLE-2)
1 2 151.101.66.49 54113 (FASTLY)
18 15
5    199.38.167.131 (United States)

ASN54312 (ROCKETFUEL, US)
20860958p.rfihub.com
p.rfihub.com
a.rfihub.com
1    108.138.106.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-17.jfk50.r.cloudfront.net
live.rezync.com
3    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
3    142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net
cm.g.doubleclick.net
2    68.67.161.208 (Brooklyn, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
2    44.240.78.119 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-78-119.us-west-2.compute.amazonaws.com
dpm.demdex.net
1    104.36.113.107 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
2    54.156.26.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-26-12.compute-1.amazonaws.com
ps.eyeota.net
1    23.34.124.26 (Sterling, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-34-124-26.deploy.static.akamaitechnologies.com
contextual.media.net
1    51.222.241.145 (Canada)

ASN16276 (OVH OVH SAS, FR)
PTR: haproxy-ca-013.roqad.pl
wt.rqtrk.eu
2    107.20.119.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-119-47.compute-1.amazonaws.com
i.liadm.com
1    74.119.117.57 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
2    104.18.27.193 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    52.6.235.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-235-195.compute-1.amazonaws.com
partners.tremorhub.com
1    99.84.234.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-234-68.jfk50.r.cloudfront.net
aa.agkn.com
2    35.211.202.130 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 130.202.211.35.bc.googleusercontent.com
x.bidswitch.net
2    151.101.66.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
Apex Domain
Subdomains		 Transfer
5 rfihub.com
20860958p.rfihub.com — Cisco Umbrella Rank: 77079
p.rfihub.com — Cisco Umbrella Rank: 919
a.rfihub.com — Cisco Umbrella Rank: 2874
9 KB
3 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 318
2 KB
3 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 558
795 B
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 885
650 B
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 453
854 B
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 694
2 KB
2 liadm.com
i.liadm.com — Cisco Umbrella Rank: 629
1 KB
2 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1054
1 KB
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 584
496 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 292
1 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 323
2 KB
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 621
463 B
1 tremorhub.com
partners.tremorhub.com — Cisco Umbrella Rank: 1158
175 B
1 criteo.com
dis.criteo.com — Cisco Umbrella Rank: 832
363 B
1 rqtrk.eu
wt.rqtrk.eu — Cisco Umbrella Rank: 1405
350 B
1 media.net
contextual.media.net — Cisco Umbrella Rank: 968
492 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 933
474 B
1 rezync.com
live.rezync.com — Cisco Umbrella Rank: 1374
2 KB
18 18
Domain Requested by
3 cm.g.doubleclick.net 3 redirects
3 idsync.rlcdn.com 1 redirects
2 sync-tm.everesttech.net 1 redirects
2 x.bidswitch.net 1 redirects
2 dsum-sec.casalemedia.com 1 redirects
2 i.liadm.com 2 redirects
2 ps.eyeota.net 1 redirects
2 us-u.openx.net 1 redirects
2 dpm.demdex.net 1 redirects
2 ib.adnxs.com 1 redirects
2 p.rfihub.com 2 redirects
2 20860958p.rfihub.com
1 aa.agkn.com
1 partners.tremorhub.com
1 dis.criteo.com
1 wt.rqtrk.eu
1 contextual.media.net
1 image2.pubmatic.com
1 a.rfihub.com
1 live.rezync.com 1 redirects
18 20

This site contains no links.

Subject Issuer Validity Valid
*.rfihub.com
Sectigo RSA Domain Validation Secure Server CA		 2025-04-02 -
2026-04-27		 a year crt.sh
*.pubmatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-19 -
2026-03-22		 a year crt.sh
*.media.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-08-24 -
2026-08-25		 a year crt.sh
*.rqtrk.eu
RapidSSL TLS RSA CA G1		 2025-05-16 -
2026-05-15		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2025-02-06 -
2026-03-05		 a year crt.sh
*.tremorhub.com
Amazon RSA 2048 M02		 2024-12-24 -
2026-01-23		 a year crt.sh
*.agkn.com
RapidSSL TLS RSA CA G1		 2025-09-18 -
2026-09-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://20860958p.rfihub.com/ca.html?ver=9&rb=43805&ca=20860958&_o=43805&_t=20860958&pe=https%3A%2F%2Fwww.united.com%2Fen%2Fus%2Ffsr%2Fchoose-flights%3Ff%3DCHI%26t%3DWAW%26tt%3D1%26sc%3D7%26px%3D1%26pst%3DaM4%253D-D-S%26taxng%3D1%26newHP%3DTrue%26clm%3D30%26d%3D2025-11-26%26st%3Dbestmatches%26tqp%3DR&pf=https%3A%2F%2Fwww.united.com%2Fen%2Fus&ra=8396035328089124
Frame ID: 76481C9C8EFB76FF49DD7C789B3934E6
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • <(?:iframe|img)[^>]+adnxs\.(?:net|com)
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Page Statistics

18
Requests

44 %
HTTPS

0 %
IPv6

18
Domains

20
Subdomains

15
IPs

3
Countries

13 kB
Transfer

6 kB
Size

30
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=2810035118678862684&referrer=https%3A%2F%2Fwww.united.com%2Fen%2Fus&forward= HTTP 302
  • https://p.rfihub.com/cm?pub=39342&in=0&userid=043c1d33-739a-4852-815b-70c0a2bcceb3%3A1762814454.2052798&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D043c1d33-739a-4852-815b-70c0a2bcceb3%253A1762814454.2052798%26_%3D1762814454.206164&cb=1762814454.2061765 HTTP 302
  • https://idsync.rlcdn.com/501709.gif?partner_uid=043c1d33-739a-4852-815b-70c0a2bcceb3%3A1762814454.2052798&_=1762814454.206164 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
  • https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAUms6GUOqkPv5fjHX3J340&google_cver=1
Request Chain 1
  • https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MjgxMDAzNTExODY3ODg2MjY4NA==&forward= HTTP 302
  • https://cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MjgxMDAzNTExODY3ODg2MjY4NA==&forward=&google_tc= HTTP 302
  • https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEDHq7pBQkJOejYgQaqbBXgA&google_cver=1
Request Chain 2
  • https://ib.adnxs.com/setuid?entity=18&code=2810035118678862684&gdpr=&gdpr_consent=&redir= HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D2810035118678862684%26gdpr%3D%26gdpr_consent%3D%26redir%3D
Request Chain 3
  • https://dpm.demdex.net/ibs:dpid=1121&dpuuid=2810035118678862684&redir= HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=2810035118678862684&redir=
Request Chain 5
  • https://us-u.openx.net/w/1.0/sd?id=537073062&val=2810035118678862684&r= HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537073062&val=2810035118678862684&r=
Request Chain 6
  • https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
  • https://ps.eyeota.net/match?uid=2810035118678862684&bid=omt9pi0 HTTP 302
  • https://ps.eyeota.net/match/bounce/?uid=2810035118678862684&bid=omt9pi0
Request Chain 9
  • https://i.liadm.com/s/90096?bidder_id=246506&bidder_uuid=2810035118678862684 HTTP 303
  • https://i.liadm.com/s/90096?bidder_id=246506&bidder_uuid=2810035118678862684&_li_chk=true&previous_uuid=9b6b6184e8c24175b898cc8c7aa66fc7 HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Request Chain 10
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=2810035118678862684&forward= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=2810035118678862684&forward=&C=1
Request Chain 14
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=2810035118678862684&expires=30&gdpr=&gdpr_consent=&gdpr_pd={GDPR_PD} HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=2810035118678862684&expires=30&gdpr=&gdpr_consent=&gdpr_pd={GDPR_PD}
Request Chain 15
  • https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=aRJp9gAC77630ABL

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ca.html
20860958p.rfihub.com/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://20860958p.rfihub.com/ca.html?ver=9&rb=43805&ca=20860958&_o=43805&_t=20860958&pe=https%3A%2F%2Fwww.united.com%2Fen%2Fus%2Ffsr%2Fchoose-flights%3Ff%3DCHI%26t%3DWAW%26tt%3D1%26sc%3D7%26px%3D1%26pst%3DaM4%253D-D-S%26taxng%3D1%26newHP%3DTrue%26clm%3D30%26d%3D2025-11-26%26st%3Dbestmatches%26tqp%3DR&pf=https%3A%2F%2Fwww.united.com%2Fen%2Fus&ra=8396035328089124
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.38.167.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.4.51.v20230217) /
Resource Hash
8c16063f7882f70aaa2b1b19030c2d93dcf592782d7ba9e980df85e1504aaf60

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Content-Length
4945
Content-Type
text/html;charset=utf-8
Date
Mon, 10 Nov 2025 22:40:53 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.4.51.v20230217)
362358.gif
idsync.rlcdn.com/
Redirect Chain
  • https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=2810035118678862684&referrer=https%3A%2F%2Fwww.united.com%2Fen%2Fus&forward=
  • https://p.rfihub.com/cm?pub=39342&in=0&userid=043c1d33-739a-4852-815b-70c0a2bcceb3%3A1762814454.2052798&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D043c1d33-739a-4852-815b-70c0a2b...
  • https://idsync.rlcdn.com/501709.gif?partner_uid=043c1d33-739a-4852-815b-70c0a2bcceb3%3A1762814454.2052798&_=1762814454.206164
  • https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
  • https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAUms6GUOqkPv5fjHX3J340&google_cver=1
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAUms6GUOqkPv5fjHX3J340&google_cver=1
Protocol
H3
Server
35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.154.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cache-control
no-cache, no-store
timing-allow-origin
*
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
42
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif

Redirect headers

cache-control
no-cache, must-revalidate
location
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAUms6GUOqkPv5fjHX3J340&google_cver=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
289
date
Mon, 10 Nov 2025 22:40:54 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
cm
a.rfihub.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MjgxMDAzNTExODY3ODg2MjY4NA==&forward=
  • https://cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MjgxMDAzNTExODY3ODg2MjY4NA==&forward=&google_tc=
  • https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEDHq7pBQkJOejYgQaqbBXgA&google_cver=1
42 B
1004 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEDHq7pBQkJOejYgQaqbBXgA&google_cver=1
Protocol
HTTP/1.1
Server
199.38.167.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.4.51.v20230217) /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

Cache-Control
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length
42
Date
Mon, 10 Nov 2025 22:40:54 GMT
Content-Type
image/gif
Server
Jetty(9.4.51.v20230217)

Redirect headers

cache-control
no-cache, must-revalidate
location
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEDHq7pBQkJOejYgQaqbBXgA&google_cver=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
311
date
Mon, 10 Nov 2025 22:40:54 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
bounce
ib.adnxs.com/
Redirect Chain
  • https://ib.adnxs.com/setuid?entity=18&code=2810035118678862684&gdpr=&gdpr_consent=&redir=
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D2810035118678862684%26gdpr%3D%26gdpr_consent%3D%26redir%3D
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D2810035118678862684%26gdpr%3D%26gdpr_consent%3D%26redir%3D
Protocol
H2
Server
68.67.161.208 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.25.5 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
37.120.237.174; 37.120.237.174; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
1f480a37-5ef5-48a0-a8d2-ec9048d8d15a
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Mon, 10 Nov 2025 22:40:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.25.5

Redirect headers

cache-control
no-store, no-cache, private
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D2810035118678862684%26gdpr%3D%26gdpr_consent%3D%26redir%3D
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
37.120.237.174; 37.120.237.174; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
1416b07f-85b6-4fea-9856-670298c9f399
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Mon, 10 Nov 2025 22:40:54 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.25.5
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=1121&dpuuid=2810035118678862684&redir=
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=2810035118678862684&redir=
42 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=2810035118678862684&redir=
Protocol
H2
Server
44.240.78.119 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-78-119.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-usw2-2-v077-0f812c083.edge-usw2.demdex.com 3 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
niY2vB3RQVc=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=2810035118678862684&redir=
dcs
dcs-prod-usw2-2-v077-0a3e510e7.edge-usw2.demdex.com 0 ms
pragma
no-cache
x-tid
nralUc/lQg0=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Mon, 10 Nov 2025 22:40:54 GMT
Pug
image2.pubmatic.com/AdServer/ 		42 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw==&piggybackCookie=2810035118678862684&r=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-store, no-cache, private
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif; charset=utf-8
server
nginx
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://us-u.openx.net/w/1.0/sd?id=537073062&val=2810035118678862684&r=
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537073062&val=2810035118678862684&r=
43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537073062&val=2810035118678862684&r=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
x-forwarded-for
37.120.237.174
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 10 Nov 2025 22:40:53 GMT
content-type
image/gif
vary
Accept

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537073062&val=2810035118678862684&r=
x-forwarded-for
37.120.237.174
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 10 Nov 2025 22:40:53 GMT
content-type
text/plain; charset=utf-8
vary
Origin
/
ps.eyeota.net/match/bounce/
Redirect Chain
  • https://p.rfihub.com/cm?pub=24472&in=1
  • https://ps.eyeota.net/match?uid=2810035118678862684&bid=omt9pi0
  • https://ps.eyeota.net/match/bounce/?uid=2810035118678862684&bid=omt9pi0
70 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match/bounce/?uid=2810035118678862684&bid=omt9pi0
Protocol
HTTP/1.1
Server
54.156.26.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-26-12.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Mon, 10 Nov 2025 22:40:54 GMT
Content-Type
image/gif

Redirect headers

Location
/match/bounce/?uid=2810035118678862684&bid=omt9pi0
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Mon, 10 Nov 2025 22:40:54 GMT
cksync.php
contextual.media.net/ 		43 B
492 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=2810035118678862684
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.34.124.26 Sterling, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-34-124-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
expires
Mon, 10 Nov 2025 22:40:54 GMT
alt-svc
h3=":443"; ma=93600
content-length
43
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif
vary
Accept-Encoding
/
wt.rqtrk.eu/ 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wt.rqtrk.eu/?pid=afd6afd5-a807-471d-940d-aa3c19fc7dca&src=www&type=100&sid=1&cb=9t1K1vNdfn14&uid=2810035118678862684&url=https%3A%2F%2Fwww.united.com%2Fen%2Fus&gdpr=&gdpr_pd=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.241.145 , Canada, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
haproxy-ca-013.roqad.pl
Software
istio-envoy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cache-control
no-cache,private
pragma
no-cache
x-envoy-upstream-service-time
6
expires
Mon, 10 Nov 2025 22:40:53 GMT
content-length
43
p3p
CP="NOI DSP COR DEVa PSAa PSDa OUR BUS UNI COM NAV STA"
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif
server
istio-envoy
usersync.aspx
dis.criteo.com/dis/
Redirect Chain
  • https://i.liadm.com/s/90096?bidder_id=246506&bidder_uuid=2810035118678862684
  • https://i.liadm.com/s/90096?bidder_id=246506&bidder_uuid=2810035118678862684&_li_chk=true&previous_uuid=9b6b6184e8c24175b898cc8c7aa66fc7
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
43 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Protocol
H2
Server
74.119.117.57 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache
pragma
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
291075
expires
Mon, 10 Nov 2025 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date
Mon, 10 Nov 2025 22:40:53 GMT
content-type
image/gif
server
Kestrel

Redirect headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Location
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Content-Length
0
Date
Mon, 10 Nov 2025 22:40:54 GMT
trace-id
4ec3ac69cd589733
Request-Time
3
Connection
keep-alive
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=2810035118678862684&forward=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=2810035118678862684&forward=&C=1
43 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=2810035118678862684&forward=&C=1
Protocol
H3
Server
104.18.27.193 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=OYRmLQrekBoKyV9dr4pIxsq2Ayqg0jQGFd2fAmXYkEZqdAm6p7eeLFLxv1ux65nHt3aNkBH44KO95gld5PiQ3oXn9JIr9OJFehKg5X0UBnM%2FVN%2Bd%2BEic"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif
vary
accept-encoding
priority
u=1,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
99c90de30c167119-YYZ
content-length
43
server
cloudflare

Redirect headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=a1Y3WmNonqO6e2Q5UACk7VNAqJ8RqlV7Sc8NFL165FGOGBik73oCVi1ksh3e3%2FOM3HCLC%2Fl2oPHdje6vTPVtHjAcCxRSuAYRmBZA2hoyE0%2BmY9WjD%2F6g"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Mon, 10 Nov 2025 22:40:54 GMT
vary
accept-encoding
priority
u=1,i
cache-control
no-cache
location
/rum?cm_dsp_id=57&external_user_id=2810035118678862684&forward=&C=1
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
99c90de23b027119-YYZ
content-length
0
server
cloudflare
360947.gif
idsync.rlcdn.com/ 		42 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/360947.gif?partner_uid=2810035118678862684
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.154.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cache-control
no-cache, no-store
timing-allow-origin
*
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
42
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif
sync
partners.tremorhub.com/ 		43 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://partners.tremorhub.com/sync?UIRF=2810035118678862684&r=oUTgldmectUw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.6.235.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-235-195.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif
server
nginx
g.pixel
aa.agkn.com/adscores/ 		0
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=2810035118678862684
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.234.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-234-68.jfk50.r.cloudfront.net
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
GET, OPTIONS
via
1.1 ffe4e0abd2cbcf4c7b615060019b4ed0.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
x-amz-cf-id
RWJYriZQH9CIkPvoR8yNyXYP03YTuyNwgVVxrDdjA_CidCSjiPcf3Q==
date
Mon, 10 Nov 2025 22:40:54 GMT
x-amz-cf-pop
JFK50-P12
server
AAWebServer
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=2810035118678862684&expires=30&gdpr=&gdpr_consent=&gdpr_pd={GDPR_PD}
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=2810035118678862684&expires=30&gdpr=&gdpr_consent=&gdpr_pd={GDPR_PD}
43 B
289 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=2810035118678862684&expires=30&gdpr=&gdpr_consent=&gdpr_pd={GDPR_PD}
Protocol
H2
Server
35.211.202.130 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
130.202.211.35.bc.googleusercontent.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/gif

Redirect headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
location
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=2810035118678862684&expires=30&gdpr=&gdpr_consent=&gdpr_pd={GDPR_PD}
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 10 Nov 2025 22:40:54 GMT
/
sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=aRJp9gAC77630ABL
85 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=aRJp9gAC77630ABL
Protocol
H2
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/

Response headers

x-robots-tag
noindex
cache-control
no-cache
x-timer
S1762814454.249257,VS0,VE0
age
2727
pragma
no-cache
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
85
date
Mon, 10 Nov 2025 22:40:54 GMT
content-type
image/png
x-served-by
cache-yul1970021-YUL
server
Jetty(9.4.35.v20201120)
x-cache-hits
9745

Redirect headers

x-robots-tag
noindex
cache-control
no-cache
location
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=aRJp9gAC77630ABL
x-timer
S1762814454.170819,VS0,VE16
pragma
no-cache
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
content-length
0
date
Mon, 10 Nov 2025 22:40:54 GMT
x-served-by
cache-yul1970021-YUL
server
Jetty(9.4.35.v20201120)
x-cache-hits
0
favicon.ico
20860958p.rfihub.com/ 		153 B
390 B 		Other
General
Check archive.org
Download Go to
Full URL
https://20860958p.rfihub.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.38.167.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.4.51.v20230217) /
Resource Hash
efbdf57e49d74fae952481c9742eabc1a141365a003f3640c2be5a68f1532ce7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer
https://20860958p.rfihub.com/ca.html?ver=9&rb=43805&ca=20860958&_o=43805&_t=20860958&pe=https%3A%2F%2Fwww.united.com%2Fen%2Fus%2Ffsr%2Fchoose-flights%3Ff%3DCHI%26t%3DWAW%26tt%3D1%26sc%3D7%26px%3D1%26pst%3DaM4%253D-D-S%26taxng%3D1%26newHP%3DTrue%26clm%3D30%26d%3D2025-11-26%26st%3Dbestmatches%26tqp%3DR&pf=https%3A%2F%2Fwww.united.com%2Fen%2Fus&ra=8396035328089124

Response headers

Cache-Control
must-revalidate,no-cache,no-store
Content-Length
153
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html;charset=iso-8859-1
Server
Jetty(9.4.51.v20230217)

Verdicts & Comments Add Verdict or Comment

2 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

function| rfiEventHandler function| rfiFirePixels

30 Cookies

Domain/Path Name / Value
i.liadm.com/s Name: _li_ss
Value: CggKBgjdARCWHA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNrIwNDAwNjU0tDAzt7AwMzKzMBHiM9StiA8NdCnOLSvItgwCAPIxLxUlAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNrIwNDAwNjU0tDAzt7AwMzKzMBHiM9StiA8NdCnOLSvItgwCAPIxLxUlAAAA
.rqtrk.eu/ Name: browser_id
Value: 1:69b9fe07-0e12-4a6b-b01d-3acd57f65c6e
.casalemedia.com/ Name: CMID
Value: aRJp9tHM6ZYADVRpAUV1igAA
.casalemedia.com/ Name: CMPS
Value: 3578
.casalemedia.com/ Name: CMPRO
Value: 3578
.openx.net/ Name: i
Value: cc908f7a-aaed-4b36-b8d3-e825939177ab|1762814454
.rlcdn.com/ Name: rlas3
Value: tf+o7ksAuqcJT4Dk2KXCd7RZXBhWS8kjb8/sQ+aykWI=
.adnxs.com/ Name: XANDR_PANID
Value: ffmpyfxd2vRusuHBCHZOE0mHZo6ftJe6D_JDnub7O2yb32y6bstS51c113VNX_TQe7yrVXSW2IPmSvytYqZhTi6GTJin4vKvnenCyJcO2so.
.adnxs.com/ Name: uuid2
Value: 5730320173781293035
.rezync.com/ Name: zync-uuid
Value: 043c1d33-739a-4852-815b-70c0a2bcceb3:1762814454.2052798
live.rezync.com/ Name: sd-session-id
Value: .eJwNzDEOwyAMQNG7eA6VsQ04XCYCwoDapFVIl0a5exm_9PQvWD712NJe9xPieXzrBOXVRnWIF_T22-oTIpBaRHbWqg-qnrwK3BP02nt770tbh0HhYldmE3hORtSRUeuyCVgwUS6lZo42-PEScfIgdBRmhfsPnEolXQ.aRJp9g.0HrpvKm2XMaQJ3FO79yQWFJfpiM
.liadm.com/ Name: lidid
Value: 9b6b6184-e8c2-4175-b898-cc8c7aa66fc7
.doubleclick.net/ Name: IDE
Value: AHWqTUlrok4f3A8YxqFqLTHt7fjhAeiYelFOPkPRo2viYq4tRDhWMTFz6DPVEjF9pfY
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-2810035118678862684&KRTB&23796-2810035118678862684
.pubmatic.com/ Name: PugT
Value: 1762814454
.bidswitch.net/ Name: tuuid
Value: 7355aa3f-c488-4742-a2f9-f27657f160ef
.bidswitch.net/ Name: c
Value: 1762814454
.bidswitch.net/ Name: tuuid_lu
Value: 1762814454
.media.net/ Name: visitor-id
Value: 4058160544646977000V10
.media.net/ Name: data-rk
Value: 2810035118678862684~~3
.rlcdn.com/ Name: pxrc
Value: CPbTycgGEgYIuuoBEAA=
.eyeota.net/ Name: mako_uid
Value: 19a6fedeadb-3c430000010a4e43
.eyeota.net/ Name: SERVERID
Value: 20035~DM
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_-OSMXR2dA12dfEoNC9wCsz28k_NikwPTCxMcopIdwziNTQ3M7IwNDExNTE1MJrFiOAbWxpabELj70Ljn0Ljv0Lj_0LjL2JC5a9C429Cl2dB5d9C4psYGRhsYkVzHzeafcKo_Edo_FmSqHwAJWBbUy0BAAA
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAA_-OSMXR2dA12dfEoNC9wCsz28k_NikwPTCxMcopIdwQA2WKd6h4AAAA
.demdex.net/ Name: demdex
Value: 83836817803981138581306372679771576079
.adnxs.com/ Name: anj
Value: dTM7k!M4/YErk#WF']wIg2Ilcv?iGJ!]tbPl1MNu::wpAk_>vZcvjYTi-X^VlvuvTfRZPmn:rD[0jO`b!_6-zQEVk`!%`12Y(^2s
.dpm.demdex.net/ Name: dpm
Value: 83836817803981138581306372679771576079

1 Console Messages

Source Level URL
Text
network error URL: https://20860958p.rfihub.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20860958p.rfihub.com
a.rfihub.com
aa.agkn.com
cm.g.doubleclick.net
contextual.media.net
dis.criteo.com
dpm.demdex.net
dsum-sec.casalemedia.com
i.liadm.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
live.rezync.com
p.rfihub.com
partners.tremorhub.com
ps.eyeota.net
sync-tm.everesttech.net
us-u.openx.net
wt.rqtrk.eu
x.bidswitch.net
104.18.27.193
104.36.113.107
107.20.119.47
108.138.106.17
142.250.176.194
151.101.66.49
199.38.167.131
23.34.124.26
34.98.64.218
35.211.202.130
35.244.154.8
44.240.78.119
51.222.241.145
52.6.235.195
54.156.26.12
68.67.161.208
74.119.117.57
99.84.234.68
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
8c16063f7882f70aaa2b1b19030c2d93dcf592782d7ba9e980df85e1504aaf60
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbdf57e49d74fae952481c9742eabc1a141365a003f3640c2be5a68f1532ce7