20795898p.rfihub.com Open in urlscan Pro
193.0.160.129  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

• https://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=MTg3NTgxOTYxNTk4ODU1MjE2OA==&forward= HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=MTg3NTgxOTYxNTk4ODU1MjE2OA==&forward=&google_tc= HTTP 302
• https://p.rfihub.com/cm?forward=&google_gid=CAESEDueiDq_A2JG6JK8KOyP6Rw&google_cver=1

Request Chain 2

• https://stags.bluekai.com/site/4722?id=1875819615988552168&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
• https://p.rfihub.com/cm?bk_uuid=%2B1lQBy9999OF8EH5&forward=

Request Chain 9

• https://ads.yahoo.com/cms/v1?esig=1~84c296ca4cae9f73fbcc48363a3cd4cd34be98f5&nwid=10000648372&sigv=1 HTTP 302
• https://p.rfihub.com/cm?xid=E0

Request Chain 29

• https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D HTTP 302
• https://p.rfihub.com/cm?in=1&pub=17945&userid=2e591577-8d7a-4779-9a6e-1bf1b1bb7830

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set ca.html Show response 20795898p.rfihub.com/	6 KB 3 KB	3373ms 31ms	Document text/html	193.0.160.129 Rocket Fuel Inc.
General Check archive.org Show headers Download Go to Full URL https://20795898p.rfihub.com/ca.html?rfiidc=1875819615988552168&rfiaid=3901ddd8fb00432cb06db01d80fbba30&ver=9&rb=34743&ca=20795898&_o=34743&_t=20795898&pe=https%3A%2F%2Fwww.vueling.com%2Fit%2Fservizio-assistenza-clienti%2Finformativa-sulla-privacy%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26CRM%3DAVI_201907_eStoreSummerPromo_B_201974&pf=&ra=9773993256870122 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 193.0.160.129 , Netherlands, ASN54312 (ROCKETFUEL - Rocket Fuel Inc., US), Reverse DNS Software Jetty(9.0.6.v20130930) / Resource Hash 518648cb37258d80b1daced6217b4e96ddf4028f003e73fab2b13d8a4705d4f0 Request headers Host 20795898p.rfihub.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Set-Cookie eud=H4sIAAAAAAAAAF3QKw6AMBCE4fBKCARBuAgtFDhfj1GJrKysRHKESiQSWYXeX36Z7CSzrhiU2ZbdaK2OZZ09HOAI3_ALZ9iW0g4-YQ8HOMIf-yvcw76WTnBopK8W--EEP3CmO-zpkcN2xL8m6R8wEk7l0AEAAA;Path=/;Domain=.rfihub.com;Expires=Fri, 14-Aug-2020 23:36:58 GMT rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzNLW0sDA1NTI0sxDiM9QtDa3KKygO9SixMEuW4jU0NTM2NzUyMrQwNjYAAI-i2Co0AAAA;Path=/;Domain=.rfihub.com;Expires=Fri, 14-Aug-2020 23:36:58 GMT ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzNLW0sDA1NTI0sxDiM9QtDa3KKygO9SixMEsGALW2SH8lAAAA;Path=/;Domain=.rfihub.com Expires Thu, 01 Jan 1970 00:00:00 GMT Cache-Control no-cache Content-Type text/html Content-Encoding gzip Vary Accept-Encoding, User-Agent Transfer-Encoding chunked Server Jetty(9.0.6.v20130930)
GET		cm p.rfihub.com/ Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=MTg3NTgxOTYxNTk4ODU1MjE2OA==&forward= https://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=MTg3NTgxOTYxNTk4ODU1MjE2OA==&forward=&google_tc= https://p.rfihub.com/cm?forward=&google_gid=CAESEDueiDq_A2JG6JK8KOyP6Rw&google_cver=1	0 0
GET H/1.1	200 OK	setuid ib.adnxs.com/	43 B 845 B	21ms 20ms	Image image/gif	185.33.223.80 AppNexus
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=18&code=1875819615988552168 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US), Reverse DNS 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.13.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://20795898p.rfihub.com/ca.html?rfiidc=1875819615988552168&rfiaid=3901ddd8fb00432cb06db01d80fbba30&ver=9&rb=34743&ca=20795898&_o=34743&_t=20795898&pe=https%3A%2F%2Fwww.vueling.com%2Fit%2Fservizio-assistenza-clienti%2Finformativa-sulla-privacy%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26CRM%3DAVI_201907_eStoreSummerPromo_B_201974&pf=&ra=9773993256870122 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 21 Jul 2019 23:37:00 GMT AN-X-Request-Uuid 69445cf9-03b9-4c82-8e4c-11d582c65f85 Content-Type image/gif Server nginx/1.13.4 P3P policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive X-Proxy-Origin 212.8.240.141; 212.8.240.141; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.245:80 Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET		cm p.rfihub.com/ Redirect Chain https://stags.bluekai.com/site/4722?id=1875819615988552168&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D https://p.rfihub.com/cm?bk_uuid=%2B1lQBy9999OF8EH5&forward=	0 0
GET		tap.php pixel.rubiconproject.com/	0 0
GET		Pug simage2.pubmatic.com/AdServer/	0 0
GET		ibs:dpid=1121&dpuuid=1875819615988552168&redir= dpm.demdex.net/	0 0
GET		cx msec.xp1.ru4.com/	0 0
GET		sync pixel.advertising.com/ups/55856/	0 0
GET		rum dsum-sec.casalemedia.com/	0 0
GET		cm p.rfihub.com/ Redirect Chain https://ads.yahoo.com/cms/v1?esig=1~84c296ca4cae9f73fbcc48363a3cd4cd34be98f5&nwid=10000648372&sigv=1 https://p.rfihub.com/cm?xid=E0	0 0
GET		idsync soma.smaato.net/oapi/	0 0
GET		sd us-u.openx.net/w/1.0/	0 0
GET		360947.gif idsync.rlcdn.com/	0 0
GET		partner sync.search.spotxchange.com/	0 0
GET H2	200	sync partners.tremorhub.com/	43 B 183 B	283ms 90ms	Image image/gif	2600:1f18:612b:4216:e0a:8e15:4ca3:bca3 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://partners.tremorhub.com/sync?UIRF=1875819615988552168&r=s8nvWBosUAQk Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:1f18:612b:4216:e0a:8e15:4ca3:bca3 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS Software Apache-Coyote/1.1 / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Referer https://20795898p.rfihub.com/ca.html?rfiidc=1875819615988552168&rfiaid=3901ddd8fb00432cb06db01d80fbba30&ver=9&rb=34743&ca=20795898&_o=34743&_t=20795898&pe=https%3A%2F%2Fwww.vueling.com%2Fit%2Fservizio-assistenza-clienti%2Finformativa-sulla-privacy%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26CRM%3DAVI_201907_eStoreSummerPromo_B_201974&pf=&ra=9773993256870122 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Sun, 21 Jul 2019 23:36:58 GMT server Apache-Coyote/1.1 p3p CP='This is not a P3P policy. See https://telaria.com/privacy-policy/' content-type image/gif
GET		g.pixel aa.agkn.com/adscores/	0 0
GET		usermatch.gif beacon.krxd.net/	0 0
GET		sync x.bidswitch.net/	0 0
GET		cm p.rfihub.com/	0 0
GET		/ sync-tm.everesttech.net/upi/pid/Mlpt2JaG/	0 0
GET		activity ckm-m.xp1.ru4.com/	0 0
GET		activity ckm-m.xp1.ru4.com/	0 0
GET		ping_match.gif pm.w55c.net/	0 0
GET		activity ckm-m.xp1.ru4.com/	0 0
GET		/ sync-tm.everesttech.net/upi/pid/CepIAyXi/	0 0
GET H2	200	/ trc.taboola.com/sg/rocketfuel-network/1/rtb-h/	0 148 B	1098ms 32ms	Image text/plain	151.101.114.2 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://trc.taboola.com/sg/rocketfuel-network/1/rtb-h/?taboola_hm=1875819615988552168 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://20795898p.rfihub.com/ca.html?rfiidc=1875819615988552168&rfiaid=3901ddd8fb00432cb06db01d80fbba30&ver=9&rb=34743&ca=20795898&_o=34743&_t=20795898&pe=https%3A%2F%2Fwww.vueling.com%2Fit%2Fservizio-assistenza-clienti%2Finformativa-sulla-privacy%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26CRM%3DAVI_201907_eStoreSummerPromo_B_201974&pf=&ra=9773993256870122 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 21 Jul 2019 23:36:59 GMT via 1.1 varnish server nginx x-timer S1563752219.447728,VS0,VE8 x-served-by cache-hhn4062-HHN x-cache MISS status 200 accept-ranges bytes content-length 0 x-cache-hits 0
GET		bct mid.rkdms.com/	0 0
GET		1875819615988552168 dmx.districtm.io/s/10023/	0 0
GET		cksync.php contextual.media.net/	0 0
GET		cm p.rfihub.com/ Redirect Chain https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D https://p.rfihub.com/cm?in=1&pub=17945&userid=2e591577-8d7a-4779-9a6e-1bf1b1bb7830	0 0
GET		pixel live.rezync.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

p.rfihub.com

URL

https://p.rfihub.com/cm?forward=&google_gid=CAESEDueiDq_A2JG6JK8KOyP6Rw&google_cver=1

Domain

p.rfihub.com

URL

https://p.rfihub.com/cm?bk_uuid=%2B1lQBy9999OF8EH5&forward=

Domain

pixel.rubiconproject.com

URL

https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=1875819615988552168&expires=30&next=

Domain

simage2.pubmatic.com

URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA==&piggybackCookie=1875819615988552168&r=

Domain

dpm.demdex.net

URL

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1875819615988552168&redir=

Domain

msec.xp1.ru4.com

URL

https://msec.xp1.ru4.com/cx?_i=57753720&_u=1875819615988552168&redirect=

Domain

pixel.advertising.com

URL

https://pixel.advertising.com/ups/55856/sync?uid=1875819615988552168&_origin=1

Domain

dsum-sec.casalemedia.com

URL

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819615988552168&forward=

Domain

p.rfihub.com

URL

https://p.rfihub.com/cm?xid=E0

Domain

soma.smaato.net

URL

https://soma.smaato.net/oapi/idsync?redirect=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fpub%3D720%26partnerId%3DSomaCookieUserId

Domain

us-u.openx.net

URL

https://us-u.openx.net/w/1.0/sd?id=537073062&val=1875819615988552168&r=

Domain

idsync.rlcdn.com

URL

https://idsync.rlcdn.com/360947.gif?partner_uid=1875819615988552168

Domain

sync.search.spotxchange.com

URL

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819615988552168&img=1

Domain

aa.agkn.com

URL

https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=1875819615988552168

Domain

beacon.krxd.net

URL

https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=1875819615988552168

Domain

x.bidswitch.net

URL

https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819615988552168&expires=30

Domain

p.rfihub.com

URL

https://p.rfihub.com/cm?pub=24472&in=1

Domain

sync-tm.everesttech.net

URL

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D

Domain

ckm-m.xp1.ru4.com

URL

https://ckm-m.xp1.ru4.com/activity?_o=62795&_t=cm_adx

Domain

ckm-m.xp1.ru4.com

URL

https://ckm-m.xp1.ru4.com/activity?_o=62795&_t=cm_apn_in

Domain

pm.w55c.net

URL

https://pm.w55c.net/ping_match.gif?st=x1&rurl=https%3A%2F%2Fs.xp1.ru4.com%2Fcx%3F_i%3D50217510%26_u%3D_wfivefivec_

Domain

ckm-m.xp1.ru4.com

URL

https://ckm-m.xp1.ru4.com/activity?_o=37516008&_t=lr_cm

Domain

sync-tm.everesttech.net

URL

https://sync-tm.everesttech.net/upi/pid/CepIAyXi/?redir=https%3A%2F%2Fmsec.xp1.ru4.com%2Fcx%3F_i%3D52583729%26_u%3D%24%7BUSER_ID%7D

Domain

mid.rkdms.com

URL

https://mid.rkdms.com/bct?pid=b151435b-9c0e-4361-9268-647f8ff9b20c&puid=1875819615988552168&_ct=img

Domain

dmx.districtm.io

URL

https://dmx.districtm.io/s/10023/1875819615988552168

Domain

contextual.media.net

URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=1875819615988552168

Domain

p.rfihub.com

URL

https://p.rfihub.com/cm?in=1&pub=17945&userid=2e591577-8d7a-4779-9a6e-1bf1b1bb7830

Domain

live.rezync.com

URL

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819615988552168

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| rfiEventHandler function| rfiFirePixels

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNrQwN7UwtDQzNLW0sDA1NTI0sxDiM9QtDa3KKygO9SixMEsGALW2SH8lAAAA
			.rfihub.com/	1970-01-19 11:44:08	Name: rud Value: H4sIAAAAAAAAAOMSNrQwN7UwtDQzNLW0sDA1NTI0sxDiM9QtDa3KKygO9SixMEuW4jU0NTM2NzUyMrQwNjYAAI-i2Co0AAAA
			.rfihub.com/	1970-01-19 11:44:08	Name: eud Value: H4sIAAAAAAAAAF3QKw6AMBCE4fBKCARBuAgtFDhfj1GJrKysRHKESiQSWYXeX36Z7CSzrhiU2ZbdaK2OZZ09HOAI3_ALZ9iW0g4-YQ8HOMIf-yvcw76WTnBopK8W--EEP3CmO-zpkcN2xL8m6R8wEk7l0AEAAA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20795898p.rfihub.com
aa.agkn.com
beacon.krxd.net
ckm-m.xp1.ru4.com
contextual.media.net
dmx.districtm.io
dpm.demdex.net
dsum-sec.casalemedia.com
ib.adnxs.com
idsync.rlcdn.com
live.rezync.com
mid.rkdms.com
msec.xp1.ru4.com
p.rfihub.com
partners.tremorhub.com
pixel.advertising.com
pixel.rubiconproject.com
pm.w55c.net
simage2.pubmatic.com
soma.smaato.net
sync-tm.everesttech.net
sync.search.spotxchange.com
trc.taboola.com
us-u.openx.net
x.bidswitch.net
aa.agkn.com
beacon.krxd.net
ckm-m.xp1.ru4.com
contextual.media.net
dmx.districtm.io
dpm.demdex.net
dsum-sec.casalemedia.com
idsync.rlcdn.com
live.rezync.com
mid.rkdms.com
msec.xp1.ru4.com
p.rfihub.com
pixel.advertising.com
pixel.rubiconproject.com
pm.w55c.net
simage2.pubmatic.com
soma.smaato.net
sync-tm.everesttech.net
sync.search.spotxchange.com
us-u.openx.net
x.bidswitch.net
151.101.114.2
185.33.223.80
193.0.160.129
2600:1f18:612b:4216:e0a:8e15:4ca3:bca3
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
518648cb37258d80b1daced6217b4e96ddf4028f003e73fab2b13d8a4705d4f0
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855