urlscan.io logo urlscan.io
SecurityTrails logo

www.forbes.com Open in urlscan Pro
151.101.2.49  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://protect-au.mimecast.com/s/OWzKCmOxols5vlLBsGfC0o?domain=urldefense.proofpoint.com
Effective URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Submission: On October 03 via manual from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 8 domains to perform 34 HTTP transactions. The main IP is 151.101.2.49, located in San Francisco, United States and belongs to FASTLY - Fastly, US. The main domain is www.forbes.com.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on October 1st 2018. Valid for: 4 months.
This is the only time www.forbes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 103.13.69.19 136792 (MIMECAST-...)
1 1 67.231.154.66 22843 (PROOFPOIN...)
5 151.101.2.49 54113 (FASTLY)
21 2a00:1450:400... 15169 (GOOGLE)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 35.172.77.143 14618 (AMAZON-AES)
1 104.90.192.189 16625 (AKAMAI-AS)
1 2 63.240.4.60 4264 (CERNET-AS...)
1 2a00:1450:400... 15169 (GOOGLE)
34 8
2    103.13.69.19 (Mascot, Australia)

ASN136792 (MIMECAST-AS-AP Mimecast Australia Pty Ltd, AU)
PTR: protect-au.mimecast.com
protect-au.mimecast.com
1    67.231.154.66 (Sunnyvale, United States)

ASN22843 (PROOFPOINT-ASN-US-EAST - Proofpoint, Inc., US)
PTR: urldefense.proofpoint.com
urldefense.proofpoint.com
5    151.101.2.49 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
www.forbes.com
thumbor.forbes.com
21    2a00:1450:4001:821::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
cdn.ampproject.org
3    2a02:26f0:6c00:291::2599 (European Union)

ASN20940 (AKAMAI-ASN1, US)
i.forbesimg.com
1    35.172.77.143 (Seattle, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-172-77-143.compute-1.amazonaws.com
q.quora.com
1    104.90.192.189 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-90-192-189.deploy.static.akamaitechnologies.com
contextual.media.net
2    63.240.4.60 (United States)

ASN4264 (CERNET-ASN-BLOCK - California Education and Research Federation Network, US)
fast.forbes.com
1    2a00:1450:4001:821::2014 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
amp-error-reporting.appspot.com
Domain Requested by
21 cdn.ampproject.org www.forbes.com
cdn.ampproject.org
4 thumbor.forbes.com www.forbes.com
3 i.forbesimg.com www.forbes.com
2 fast.forbes.com 1 redirects www.forbes.com
2 protect-au.mimecast.com 2 redirects
1 amp-error-reporting.appspot.com cdn.ampproject.org
1 contextual.media.net cdn.ampproject.org
1 q.quora.com www.forbes.com
1 www.forbes.com
1 urldefense.proofpoint.com 1 redirects
34 10
Subject Issuer Validity Valid
g2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2018-10-01 -
2019-01-17		 4 months crt.sh
misc-sni.google.com
Google Internet Authority G3		 2018-08-28 -
2018-11-20		 3 months crt.sh
blogs.forbes.com
GeoTrust RSA CA 2018		 2018-05-09 -
2019-05-09		 a year crt.sh
*.quora.com
Amazon		 2017-11-09 -
2018-12-09		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2018-02-28 -
2019-02-28		 a year crt.sh
*.forbes.com
GeoTrust RSA CA 2018		 2018-04-13 -
2020-02-11		 2 years crt.sh
*.appspot.com
Google Internet Authority G3		 2018-08-28 -
2018-11-20		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Frame ID: C8BC094AB9B3E4956B39F98BF8C07A22
Requests: 34 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?cid=8CU66O230&cs=7
Frame ID: 3260E3EAA6538F8A8A5F2A8C0014381C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://protect-au.mimecast.com/s/OWzKCmOxols5vlLBsGfC0o?domain=urldefense.proofpoint.com HTTP 307
    https://protect-au.mimecast.com/redirect/eNpNUttu4jAQ_ZWVH3giqZ0QSJCiLVC6vVCk0kXQqpJlHAMu8QVfSNvV_vs6dFfal9F... HTTP 307
    https://urldefense.proofpoint.com/v2/url?u=https-3A__www.forbes.com_sites_simonrockman1_2018_10_02_pwned-2Dtra... HTTP 302
    https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /.*Varnish/i

Page Statistics

34
Requests

97 %
HTTPS

33 %
IPv6

8
Domains

10
Subdomains

8
IPs

5
Countries

496 kB
Transfer

1235 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protect-au.mimecast.com/s/OWzKCmOxols5vlLBsGfC0o?domain=urldefense.proofpoint.com HTTP 307
    https://protect-au.mimecast.com/redirect/eNpNUttu4jAQ_ZWVH3giqZ0QSJCiLVC6vVCk0kXQqpJlHAMu8QVfSNvV_vs6dFfal9FczozHc84vYKh2YAg0c8zEldrX7FIwZ5QzhEsbUyVi4kEX1IqCIewCE9BJFzDLKzAs0iLpoSRPu8AJN1cVC6MgHAQ818HtJ3ECizhDMernIanbpgSGfm_qUN87p-3w9eL1IsQV2zJpWayNUlutuHTt668Xp-Rc_u7LMzxKRxg3TRNvldmw84bYcsdssEJJo-hBEIlwAlGOEcQwwbqRrIqSq68_BUfJYEhrQsyoNyy4uiYuzBSYCI07VXnV3F6Pdh1a3snxYXlcrT_fk81nlBKYVb3BY8eUN809N4PrWWSyNXpcPJ_mK_2yvn8ev90899n4J7k7TndGThFuOqJEnh5u8yMd623ts_RpXiyglx-n_eBu4rGdZNjM-WZRNNG0Y8t6j5b3x6PMMkGLQx7NJmo347fV4uawaqrtTDP7cZU_oDc56rAy3Ja1NE5f8GjZiwo8GS3TUQLh-QwIwnAPTHzgWKAoEBQhlPVzOCjSXksLCdyCfy0hQWg7bLJn9LBczEKCeuuUYIZ-Ufwf1MrKtPohvo73xBhuL7U7xSdO4506fWnHsB1XskUFXTHqIuJjwQWjxJ45bsf4zVsA_HiaR4tvTy0l3H2As6welJdBNuDv-uD3H0r43Y8 HTTP 307
    https://urldefense.proofpoint.com/v2/url?u=https-3A__www.forbes.com_sites_simonrockman1_2018_10_02_pwned-2Dtrains-2Don-2Dan-2Dinsecure-2Dplatform_amp_&d=DwIFAg&c=JnBkUqWXzx2bz-3a05d47Q&r=HwKir7FL-r5X1QRYvNWpZXKYBjHY6eBTaJqEgrnE1_w&m=1uckI8qcBpflu53SN9R0unyvh7JCu_sC5_rNibR9w-E&s=lh1UKqqn55mc9k8-LCogLiIdRHkWwdfLpesyD8M1jnA&e= HTTP 302
    https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://fast.forbes.com/fps/cookie_backup.php?ch=channel_1&se=&su=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&pt=GoogleAMP&i=blogAndPostId/blog/post/5652-193&au=blogAuthorId/blog/author/3336942&at=individual&ts=1538607678543&re=&rn=0.915781813818022&mb=t&op=user_msg HTTP 302
  • https://fast.forbes.com/fps/cookie_callback.php?ch=channel_1&se=&su=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&pt=GoogleAMP&i=blogAndPostId/blog/post/5652-193&au=blogAuthorId/blog/author/3336942&at=individual&ts=1538607678543&re=&rn=0.915781813818022&mb=t&op=user_msg

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Redirect Chain
  • https://protect-au.mimecast.com/s/OWzKCmOxols5vlLBsGfC0o?domain=urldefense.proofpoint.com
  • https://protect-au.mimecast.com/redirect/eNpNUttu4jAQ_ZWVH3giqZ0QSJCiLVC6vVCk0kXQqpJlHAMu8QVfSNvV_vs6dFfal9FczozHc84vYKh2YAg0c8zEldrX7FIwZ5QzhEsbUyVi4kEX1IqCIewCE9BJFzDLKzAs0iLpoSRPu8AJN1cVC6MgHAQ8...
  • https://urldefense.proofpoint.com/v2/url?u=https-3A__www.forbes.com_sites_simonrockman1_2018_10_02_pwned-2Dtrains-2Don-2Dan-2Dinsecure-2Dplatform_amp_&d=DwIFAg&c=JnBkUqWXzx2bz-3a05d47Q&r=HwKir7FL-r...
  • https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
120 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
1ad250e743dd9e32d547f69fe7b681ce98f8dd2f2915328070ce807146118126
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.forbes.com
:scheme
https
:path
/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
cache-control
public, max-age=1800
content-type
text/html; charset=utf-8
content-encoding
gzip
backend
simplesite
x-yourttl
1800.000
accept-ranges
bytes bytes bytes
x-frame-options
SAMEORIGIN
x-cicero-cache
MISS
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=10886400; includeSubDomains; preload
age
0 0
date
Wed, 03 Oct 2018 23:01:18 GMT
via
1.1 varnish
x-served-by
cache-hhn1543-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1538607678.943539,VS0,VE166
vary
Accept-Encoding, X-is-EU, X-ABtesting
access-control-allow-credentials
true
set-cookie
client_id=a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7; Path=/; Domain=.forbes.com; Expires=Fri, 02 Oct 2020 23:01:18 GMT
content-length
23961

Redirect headers

status
302
date
Wed, 03 Oct 2018 23:01:17 GMT
content-length
0
location
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
v0.js
cdn.ampproject.org/ 		259 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
cd7a266ef27d1a015112a7a065fb54ea09100e19f4973f3c65a9158661d987cc
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
83830
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=3000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-accordion-0.1.js
cdn.ampproject.org/v0/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-accordion-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c6ad4f45983a258f37407b025a4548fc5a499b42a123abc3e0545cc7b2b7234e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
4350
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-ad-0.1.js
cdn.ampproject.org/v0/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-ad-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
35e6d21bc858d5c561d66d63a8a73132363147b00c2a4e07cd1b4f294427c7d2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
18600
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-analytics-0.1.js
cdn.ampproject.org/v0/ 		116 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
60bf5f749e528c9585fe7aec8228a9388a0b7031ea981f9333590cdbba823996
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
37907
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-brightcove-0.1.js
cdn.ampproject.org/v0/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-brightcove-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9081621b16267c2cb8499acf5ac850ebca5646f1b404c17f9e47de5625164229
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17341
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-consent-0.1.js
cdn.ampproject.org/v0/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-consent-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7774ed2afdf5823e55e56748e38c59bd264d7e60a0e2f92cc2163f051878211e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
8319
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/v0/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-fit-text-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
88ead6c87f3749c9a087601b8751e63ce83f5d073a84289acb5579e678a4e253
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
1435
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-geo-0.1.js
cdn.ampproject.org/v0/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-geo-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fe0fd8d3a3ec869104f7a462d233852892846fde2075600d7feb1f3f90d6220e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
2661
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=1800
accept-ranges
bytes
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-iframe-0.1.js
cdn.ampproject.org/v0/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-iframe-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6664a879d5b3c870c1e620edfafefbed25563e6540586ce08b2a1468c4da1641
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
8001
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-image-lightbox-0.1.js
cdn.ampproject.org/v0/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-image-lightbox-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6342d6f2937bf1d8dbce1b25be73f2f8ebbd0fa24ae8d9a5770c285734dab0c3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
9841
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-install-serviceworker-0.1.js
cdn.ampproject.org/v0/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-install-serviceworker-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9331ced0bc643b0efc4fa6d7f9cd3743ffe82fd59b0df62f60e447aa777cd336
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
2609
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-lightbox-0.1.js
cdn.ampproject.org/v0/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-lightbox-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
926b31a830612b27c190e6ef6a5fbc716eaa53e09ed9bbab10abaf816b23d7dd
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
6942
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-sidebar-0.1.js
cdn.ampproject.org/v0/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-sidebar-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0e7c1376400ee27e2e6ae9df529872a898db117894e46b51c1e700ad240d68a6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
3466
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-social-share-0.1.js
cdn.ampproject.org/v0/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-social-share-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6ec670ddae018f085895f1c75c8d547a646e9beb3adb8d03689600bd69ee2333
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
5652
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-bind-0.1.js
cdn.ampproject.org/v0/ 		53 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-bind-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
efd647248c11fbdc8193116423b49853bc15109119d7f3dbb9cbfb48b129308f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
21197
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-sticky-ad-1.0.js
cdn.ampproject.org/v0/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
606421d87da814be0b8d8fff6917a850db438a926c9c3665f874a9fcfcdd3bea
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
2595
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-vimeo-0.1.js
cdn.ampproject.org/v0/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-vimeo-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
bbf2288cf0311845afa58217ab0afdd114cef108b1d47318be6d0fe280402a47
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
16644
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
amp-youtube-0.1.js
cdn.ampproject.org/v0/ 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-youtube-0.1.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
454cf9759008505affbdeb39e39d57f7356d6981a57d54fd2970bb537b6758ab
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17686
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 21:15:00 GMT
server
sffe
date
Wed, 03 Oct 2018 23:01:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Oct 2018 23:01:18 GMT
worksans-semibold-webfont.woff2
i.forbesimg.com/assets/fonts/work-sans/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/fonts/work-sans/worksans-semibold-webfont.woff2
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:291::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
a71818f2e6f6b3318e697aba5e791302640cfef7dce8f5fd1f66ab3f74197083
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Origin
https://www.forbes.com

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 12 Apr 2018 16:43:20 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=27807232
accept-ranges
bytes
content-length
25407
expires
Wed, 21 Aug 2019 19:15:10 GMT
merriweather-bold-webfont.woff2
i.forbesimg.com/assets/fonts/merriweather/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/fonts/merriweather/merriweather-bold-webfont.woff2
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:291::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
780800c79753eaaa39f2b7949257285030d3b070a51969d0382d48643688337c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Origin
https://www.forbes.com

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 12 Apr 2018 15:22:08 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=26571660
accept-ranges
bytes
content-length
23659
expires
Wed, 07 Aug 2019 12:02:18 GMT
worksans-regular-webfont.woff2
i.forbesimg.com/assets/fonts/work-sans/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/fonts/work-sans/worksans-regular-webfont.woff2
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:291::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
b200a5f4eb1019f8bdb0945403b12f11ee18b51cd582b3237990ec940a0c7b5d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Origin
https://www.forbes.com

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 12 Apr 2018 16:43:20 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=24244097
accept-ranges
bytes
content-length
23939
expires
Thu, 11 Jul 2019 13:29:35 GMT
truncated
/ 		338 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a595979636bf958fa3e075437006821aa30e94c77cb2981f9c3972dac0f03547

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml;charset=utf8
960x0.jpg
thumbor.forbes.com/thumbor/711x474/https://specials-images.forbesimg.com/dam/imageserve/34003423/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thumbor.forbes.com/thumbor/711x474/https://specials-images.forbesimg.com/dam/imageserve/34003423/960x0.jpg?fit=scale
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
6057c2941075e10d19c4d6496a578c1d6970ebc14a82f95de3097ad438f1c947

Request headers

:path
/thumbor/711x474/https://specials-images.forbesimg.com/dam/imageserve/34003423/960x0.jpg?fit=scale
pragma
no-cache
cookie
client_id=a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
thumbor.forbes.com
referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
:scheme
https
:method
GET
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
via
1.1 varnish
server
nginx/1.12.2
age
93928
etag
"b8f6a734445f98cfdc1cf9ede57d7167595e9973"
x-cache
HIT
content-type
image/jpeg
status
200
expires
Wed, 02 Oct 2019 21:01:57 GMT
cache-control
max-age=31536000,public
x-cache-hits
8
accept-ranges
bytes
x-timer
S1538607678.413180,VS0,VE0
content-length
52363
x-served-by
cache-hhn1543-HHN
960x0.jpg
thumbor.forbes.com/thumbor/71x47/https://specials-images.forbesimg.com/dam/imageserve/34003423/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thumbor.forbes.com/thumbor/71x47/https://specials-images.forbesimg.com/dam/imageserve/34003423/960x0.jpg?fit=scale
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
84a19c809d6e5f2e1a44a3fced4bb47ef4b458b6e167e1f4ebf721624d44e970

Request headers

:path
/thumbor/71x47/https://specials-images.forbesimg.com/dam/imageserve/34003423/960x0.jpg?fit=scale
pragma
no-cache
cookie
client_id=a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
thumbor.forbes.com
referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
:scheme
https
:method
GET
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
via
1.1 varnish
server
nginx/1.12.2
age
93928
etag
"23dfa901916afd87c0973f12f4fa7e1a7c3420f0"
x-cache
HIT
content-type
image/jpeg
status
200
expires
Wed, 02 Oct 2019 20:58:10 GMT
cache-control
max-age=31536000,public
x-cache-hits
1
accept-ranges
bytes
x-timer
S1538607678.413215,VS0,VE1
content-length
1892
x-served-by
cache-hhn1543-HHN
960x0.jpg
thumbor.forbes.com/thumbor/711x474/https://specials-images.forbesimg.com/dam/imageserve/100465385/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thumbor.forbes.com/thumbor/711x474/https://specials-images.forbesimg.com/dam/imageserve/100465385/960x0.jpg?fit=scale
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
97292e7515ac59eb63d9368bee6cd399d95f8d037765b4689b68453af6d4b244

Request headers

:path
/thumbor/711x474/https://specials-images.forbesimg.com/dam/imageserve/100465385/960x0.jpg?fit=scale
pragma
no-cache
cookie
client_id=a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
thumbor.forbes.com
referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
:scheme
https
:method
GET
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
via
1.1 varnish
server
nginx/1.12.2
age
35314
etag
"13c6daf044f329531ca41eb8b17763b0b1bd2028"
x-cache
HIT
content-type
image/jpeg
status
200
expires
Thu, 03 Oct 2019 13:19:20 GMT
cache-control
max-age=31536000,public
x-cache-hits
1
accept-ranges
bytes
x-timer
S1538607678.413220,VS0,VE1
content-length
33119
x-served-by
cache-hhn1543-HHN
960x0.jpg
thumbor.forbes.com/thumbor/71x47/https://specials-images.forbesimg.com/dam/imageserve/100465385/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thumbor.forbes.com/thumbor/71x47/https://specials-images.forbesimg.com/dam/imageserve/100465385/960x0.jpg?fit=scale
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
92917c3b98d5378c9a86916e5961edfc5ae5e0d3c4876130f643efcbc44519c3

Request headers

:path
/thumbor/71x47/https://specials-images.forbesimg.com/dam/imageserve/100465385/960x0.jpg?fit=scale
pragma
no-cache
cookie
client_id=a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
thumbor.forbes.com
referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
:scheme
https
:method
GET
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 03 Oct 2018 23:01:18 GMT
via
1.1 varnish
server
nginx/1.12.2
age
35314
etag
"8983cc218ba032350391af4731f44d2502903356"
x-cache
HIT
content-type
image/jpeg
status
200
expires
Thu, 03 Oct 2019 13:18:52 GMT
cache-control
max-age=31536000,public
x-cache-hits
1
accept-ranges
bytes
x-timer
S1538607678.413259,VS0,VE1
content-length
1577
x-served-by
cache-hhn1543-HHN
pixel
q.quora.com/_/ad/f9873342e9544d1c8a1dff65dfec5ec8/ 		43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q.quora.com/_/ad/f9873342e9544d1c8a1dff65dfec5ec8/pixel?tag=ViewContent&u=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&=1
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.172.77.143 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-77-143.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 03 Oct 2018 23:01:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
amp-ad-network-doubleclick-impl-0.1.js
cdn.ampproject.org/rtv/011810021759000/v0/ 		99 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011810021759000/v0/amp-ad-network-doubleclick-impl-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3ea4c0a01293db63adf32f748c94f399ae10d714c1f0663c7964d9c45670fd48
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
age
93574
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
34688
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 18:45:00 GMT
server
sffe
date
Tue, 02 Oct 2018 21:01:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Oct 2019 21:01:44 GMT
amp-ad-verifying-keyset.json
cdn.ampproject.org/ 		419 B
702 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/amp-ad-verifying-keyset.json
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
622221d4b92040a92cac29d6aaa27b1602fd92b28997885b56cad5e529e07731
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Origin
https://www.forbes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 03 Oct 2018 22:55:38 GMT
x-content-type-options
nosniff
last-modified
Fri, 19 May 2017 15:06:13 GMT
server
sffe
age
340
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/jwk-set+json
access-control-allow-origin
*
cache-control
public, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
419
x-xss-protection
1; mode=block
expires
Wed, 03 Oct 2018 23:45:38 GMT
Cookie set checksync.php
contextual.media.net/ Frame 3260 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?cid=8CU66O230&cs=7
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-iframe-0.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.192.189 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-90-192-189.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
contextual.media.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/

Response headers

Server
Apache
Content-Type
text/html; charset=UTF-8
Set-Cookie
gdpr_status=1; Expires=Sat, 06 Apr 2019 23:01:18 GMT; domain=.media.net; Path=/;
X-MNET-HL2
E
Vary
Accept-Encoding
Content-Encoding
gzip
Cache-Control
max-age=604800
Expires
Wed, 10 Oct 2018 23:01:18 GMT
Date
Wed, 03 Oct 2018 23:01:18 GMT
Content-Length
2916
Connection
keep-alive
Cookie set cookie_callback.php
fast.forbes.com/fps/
Redirect Chain
  • https://fast.forbes.com/fps/cookie_backup.php?ch=channel_1&se=&su=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&pt=GoogleAMP&i=blog...
  • https://fast.forbes.com/fps/cookie_callback.php?ch=channel_1&se=&su=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&pt=GoogleAMP&i=bl...
43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fast.forbes.com/fps/cookie_callback.php?ch=channel_1&se=&su=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&pt=GoogleAMP&i=blogAndPostId/blog/post/5652-193&au=blogAuthorId/blog/author/3336942&at=individual&ts=1538607678543&re=&rn=0.915781813818022&mb=t&op=user_msg
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
63.240.4.60 , United States, ASN4264 (CERNET-ASN-BLOCK - California Education and Research Federation Network, US),
Reverse DNS
Software
Apache/2.4.17 (Unix) /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
fast.forbes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Cookie
client_id=a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7; fps=3d67653d25c6b7147747581c418393555bb54a3edc52
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Set-Cookie
fps=3d67653d25c6b7147747581c418393555bb54a3edc52; expires=Sat, 02-Oct-2021 19:01:19 GMT; path=/; domain=.forbes.com
Date
Wed, 03 Oct 2018 23:01:19 GMT
Server
Apache/2.4.17 (Unix)
Connection
close
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
/fps/cookie_callback.php?ch=channel_1&se=&su=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fsimonrockman1%2F2018%2F10%2F02%2Fpwned-trains-on-an-insecure-platform%2F&pt=GoogleAMP&i=blogAndPostId/blog/post/5652-193&au=blogAuthorId/blog/author/3336942&at=individual&ts=1538607678543&re=&rn=0.915781813818022&mb=t&op=user_msg
Set-Cookie
fps=3d67653d25c6b7147747581c418393555bb54a3edc52; expires=Sat, 02-Oct-2021 19:01:18 GMT; path=/; domain=.forbes.com
Date
Wed, 03 Oct 2018 23:01:18 GMT
Server
Apache/2.4.17 (Unix)
Connection
close
Content-Length
541
Content-Type
text/html; charset=iso-8859-1
ww.js
cdn.ampproject.org/rtv/011810021759000/ 		38 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011810021759000/ww.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
72d162ba5f18a796cb408c2a1b5a9f3ef2d0e0caa132f09a0b5f12f82dde557a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/plain
Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Origin
https://www.forbes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
gzip
x-content-type-options
nosniff
age
93538
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
12273
x-xss-protection
1; mode=block
last-modified
Tue, 02 Oct 2018 18:45:00 GMT
server
sffe
date
Tue, 02 Oct 2018 21:02:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Oct 2019 21:02:20 GMT
1984cf03-f6a6-48d8-b006-35e246a0b962
https://www.forbes.com/ 		38 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.forbes.com/1984cf03-f6a6-48d8-b006-35e246a0b962
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-bind-0.1.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e91fcbff531e2078db3eab65b694b124832b6fde30ec8c80944dfe54294dfc4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length
39141
Content-Type
text/javascript
r
amp-error-reporting.appspot.com/ 		2 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://amp-error-reporting.appspot.com/r
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2014 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.forbes.com/sites/simonrockman1/2018/10/02/pwned-trains-on-an-insecure-platform/amp/
Origin
https://www.forbes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 03 Oct 2018 23:01:19 GMT
via
1.1 google
x-powered-by
Express
status
200
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
2

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| AMP object| global object| AMP_CONFIG object| log object| __AMP__EXPERIMENT_TOGGLES object| AMPErrors object| AMP_MODE function| reportError object| services object| UrlCache boolean| AMP_TAG object| ampExtendedElements function| BaseCustomElementClass number| ampAdSlotIdCounter object| AMP_FAST_FETCH_SIGNATURE_VERIFIER_ object| experimentBranches object| goog_identity_prom object| listeningFors

3 Cookies

Domain/Path Name / Value
.media.net/ Name: gdpr_status
Value: 1
.forbes.com/ Name: fps
Value: 3d67653d25c6b7147747581c418393555bb54a3edc52
.forbes.com/ Name: client_id
Value: a3cf11b9d9d1c5cc7164d6e5f4d0cd6a0f7

3 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/v0.js(Line 530)
Message:
Powered by AMP ⚡ HTML – Version 1810021759000
console-api error URL: https://cdn.ampproject.org/v0.js(Line 103)
Message:
localStorage not supported.
console-api error URL: https://cdn.ampproject.org/v0.js(Line 4)
Message:
ServiceWorker registration failed:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amp-error-reporting.appspot.com
cdn.ampproject.org
contextual.media.net
fast.forbes.com
i.forbesimg.com
protect-au.mimecast.com
q.quora.com
thumbor.forbes.com
urldefense.proofpoint.com
www.forbes.com
103.13.69.19
104.90.192.189
151.101.2.49
2a00:1450:4001:821::2001
2a00:1450:4001:821::2014
2a02:26f0:6c00:291::2599
35.172.77.143
63.240.4.60
67.231.154.66
0e7c1376400ee27e2e6ae9df529872a898db117894e46b51c1e700ad240d68a6
1ad250e743dd9e32d547f69fe7b681ce98f8dd2f2915328070ce807146118126
1e91fcbff531e2078db3eab65b694b124832b6fde30ec8c80944dfe54294dfc4
35e6d21bc858d5c561d66d63a8a73132363147b00c2a4e07cd1b4f294427c7d2
3ea4c0a01293db63adf32f748c94f399ae10d714c1f0663c7964d9c45670fd48
454cf9759008505affbdeb39e39d57f7356d6981a57d54fd2970bb537b6758ab
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
6057c2941075e10d19c4d6496a578c1d6970ebc14a82f95de3097ad438f1c947
606421d87da814be0b8d8fff6917a850db438a926c9c3665f874a9fcfcdd3bea
60bf5f749e528c9585fe7aec8228a9388a0b7031ea981f9333590cdbba823996
622221d4b92040a92cac29d6aaa27b1602fd92b28997885b56cad5e529e07731
6342d6f2937bf1d8dbce1b25be73f2f8ebbd0fa24ae8d9a5770c285734dab0c3
6664a879d5b3c870c1e620edfafefbed25563e6540586ce08b2a1468c4da1641
6ec670ddae018f085895f1c75c8d547a646e9beb3adb8d03689600bd69ee2333
72d162ba5f18a796cb408c2a1b5a9f3ef2d0e0caa132f09a0b5f12f82dde557a
7774ed2afdf5823e55e56748e38c59bd264d7e60a0e2f92cc2163f051878211e
780800c79753eaaa39f2b7949257285030d3b070a51969d0382d48643688337c
84a19c809d6e5f2e1a44a3fced4bb47ef4b458b6e167e1f4ebf721624d44e970
88ead6c87f3749c9a087601b8751e63ce83f5d073a84289acb5579e678a4e253
9081621b16267c2cb8499acf5ac850ebca5646f1b404c17f9e47de5625164229
926b31a830612b27c190e6ef6a5fbc716eaa53e09ed9bbab10abaf816b23d7dd
92917c3b98d5378c9a86916e5961edfc5ae5e0d3c4876130f643efcbc44519c3
9331ced0bc643b0efc4fa6d7f9cd3743ffe82fd59b0df62f60e447aa777cd336
97292e7515ac59eb63d9368bee6cd399d95f8d037765b4689b68453af6d4b244
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a595979636bf958fa3e075437006821aa30e94c77cb2981f9c3972dac0f03547
a71818f2e6f6b3318e697aba5e791302640cfef7dce8f5fd1f66ab3f74197083
b200a5f4eb1019f8bdb0945403b12f11ee18b51cd582b3237990ec940a0c7b5d
bbf2288cf0311845afa58217ab0afdd114cef108b1d47318be6d0fe280402a47
c6ad4f45983a258f37407b025a4548fc5a499b42a123abc3e0545cc7b2b7234e
cd7a266ef27d1a015112a7a065fb54ea09100e19f4973f3c65a9158661d987cc
efd647248c11fbdc8193116423b49853bc15109119d7f3dbb9cbfb48b129308f
fe0fd8d3a3ec869104f7a462d233852892846fde2075600d7feb1f3f90d6220e