blog.pixalate.com Open in urlscan Pro
2606:4700::6811:71b4 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Submission: On December 04 via api (December 4th 2019, 8:18:40 pm UTC) from CZ

Summary HTTP 113 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 44 IPs in 7 countries across 40 domains to perform 113 HTTP transactions. The main IP is 2606:4700::6811:71b4, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is blog.pixalate.com.

This is the only time blog.pixalate.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	2606:4700::68... 2606:4700::6811:71b4	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	2606:2800:133... 2606:2800:133:7403:4a68:7eff:710b:1ddf	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
9	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
3	2001:4de0:ac1... 2001:4de0:ac19::1:b:3a	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1 2	2606:4700::68... 2606:4700::6811:ba49	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY - Fastly)
8	2606:4700::68... 2606:4700::6810:fc05	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3 6	2.18.232.15 2.18.232.15	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1 4	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2606:4700::68... 2606:4700::6810:5505	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	72.247.226.64 72.247.226.64	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	2606:4700::68... 2606:4700::6811:f4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2.16.186.18 2.16.186.18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6811:e9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	129.146.196.240 129.146.196.240	31898 (ORACLE-BM...) (ORACLE-BMC-31898 - Oracle Corporation)
1	34.236.69.39 34.236.69.39	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2.16.186.48 2.16.186.48	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	72.247.224.172 72.247.224.172	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
15 17	52.209.158.90 52.209.158.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	52.28.145.127 52.28.145.127	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	35.158.167.38 35.158.167.38	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	8.39.36.142 8.39.36.142	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1 2	151.101.114.2 151.101.114.2	54113 (FASTLY) (FASTLY - Fastly)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
1	2a00:1288:110... 2a00:1288:110:c305::a000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
1 2	35.157.28.223 35.157.28.223	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	35.157.125.245 35.157.125.245	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	37.252.173.62 37.252.173.62	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.89.139.175 52.89.139.175	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	3.227.144.17 3.227.144.17	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
113	44

20 2606:4700::6811:71b4 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

blog.pixalate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 93.184.220.178 (London, United Kingdom)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:7403:4a68:7eff:710b:1ddf (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:ba49 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42:1b::622 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:fc05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

static.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.232.15 (Ascension Island) 3 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-15.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5505 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.247.226.64 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-226-64.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f4cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.186.18 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-18.deploy.static.akamaitechnologies.com

embedwistia-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e9cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 129.146.196.240 (United States)

ASN31898 (ORACLE-BMC-31898 - Oracle Corporation, US)

api-public-oci-origin.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.236.69.39 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-236-69-39.compute-1.amazonaws.com

distillery.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.48 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-48.deploy.static.akamaitechnologies.com

a.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.247.224.172 (United States) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-224-172.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 52.209.158.90 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-209-158-90.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.145.127 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-28-145-127.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.158.167.38 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-158-167-38.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.247.225.98 (United States) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.2 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY - Fastly, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::a000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.28.223 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-28-223.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.125.245 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-125-245.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.62 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.89.139.175 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-89-139-175.us-west-2.compute.amazonaws.com

pipedream.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.227.144.17 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-227-144-17.compute-1.amazonaws.com

fg8vvsvnieiv3ej16jby.litix.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	adroll.com 15 redirects a.adroll.com s.adroll.com d.adroll.com	26 KB
20	pixalate.com blog.pixalate.com	356 KB
11	hubspot.net cdn2.hubspot.net	281 KB
8	hubspot.com static.hubspot.com track.hubspot.com forms.hubspot.com	4 KB
8	wistia.com fast.wistia.com distillery.wistia.com pipedream.wistia.com	202 KB
7	addthis.com 3 redirects s7.addthis.com api-public.addthis.com api-public-oci-origin.addthis.com	190 KB
6	facebook.com www.facebook.com staticxx.facebook.com graph.facebook.com	2 KB
5	facebook.net connect.facebook.net	255 KB
4	hsforms.com forms.hsforms.com	11 KB
4	google-analytics.com 1 redirects www.google-analytics.com	35 KB
3	yahoo.com 1 redirects ups.analytics.yahoo.com ads.yahoo.com	891 B
3	akamaihd.net embedwistia-a.akamaihd.net	161 KB
3	doubleclick.net 3 redirects stats.g.doubleclick.net cm.g.doubleclick.net	639 B
3	gstatic.com fonts.gstatic.com	36 KB
3	bootstrapcdn.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com	89 KB
3	bizible.com cdn.bizible.com	34 KB
2	litix.io fg8vvsvnieiv3ej16jby.litix.io	419 B
2	openx.net 1 redirects us-u.openx.net	342 B
2	bidswitch.net 1 redirects x.bidswitch.net	908 B
2	3lift.com 1 redirects eb2.3lift.com	692 B
2	outbrain.com 1 redirects sync.outbrain.com	735 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 2 redirects pixel.advertising.com	784 B
2	twitter.com platform.twitter.com	29 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	hsforms.net 1 redirects js.hsforms.net	116 KB
1	rlcdn.com idsync.rlcdn.com	40 B
1	adnxs.com ib.adnxs.com	879 B
1	taboola.com trc.taboola.com	191 B
1	pubmatic.com simage2.pubmatic.com	862 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	hsleadflows.net js.hsleadflows.net	61 KB
1	hs-analytics.net js.hs-analytics.net	25 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	190 B
1	addthisedge.com v1.addthisedge.com	829 B
1	moatads.com z.moatads.com	1 KB
1	jquery.com code.jquery.com	67 KB
1	linkedin.com platform.linkedin.com	55 KB
113	40

	Domain	Requested by
20	blog.pixalate.com	blog.pixalate.com cdn.bizible.com
16	d.adroll.com	14 redirects
11	cdn2.hubspot.net	blog.pixalate.com cdn2.hubspot.net
6	track.hubspot.com
6	fast.wistia.com	blog.pixalate.com fast.wistia.com
5	connect.facebook.net	blog.pixalate.com connect.facebook.net
4	s.adroll.com	1 redirects s.adroll.com
4	forms.hsforms.com	js.hsforms.net
4	www.google-analytics.com	1 redirects blog.pixalate.com
3	www.facebook.com	blog.pixalate.com
3	embedwistia-a.akamaihd.net	blog.pixalate.com cdn.bizible.com
3	fonts.gstatic.com	cdn2.hubspot.net js.hsforms.net
3	s7.addthis.com	1 redirects blog.pixalate.com s7.addthis.com
3	cdn.bizible.com	blog.pixalate.com cdn.bizible.com
2	fg8vvsvnieiv3ej16jby.litix.io	cdn.bizible.com
2	cm.g.doubleclick.net	2 redirects
2	us-u.openx.net	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	sync.outbrain.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	pixel.advertising.com	2 redirects
2	api-public-oci-origin.addthis.com	blog.pixalate.com
2	api-public.addthis.com	2 redirects
2	graph.facebook.com	s7.addthis.com
2	platform.twitter.com	blog.pixalate.com platform.twitter.com
2	fonts.googleapis.com	blog.pixalate.com
2	js.hsforms.net	1 redirects blog.pixalate.com
2	stackpath.bootstrapcdn.com	blog.pixalate.com cdn2.hubspot.net
1	pipedream.wistia.com	cdn.bizible.com
1	idsync.rlcdn.com
1	ib.adnxs.com
1	trc.taboola.com
1	ads.yahoo.com
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	d.adroll.mgr.consensu.org	1 redirects
1	a.adroll.com	blog.pixalate.com
1	forms.hubspot.com	cdn.bizible.com
1	distillery.wistia.com	cdn.bizible.com
1	staticxx.facebook.com	connect.facebook.net
1	js.hsleadflows.net	blog.pixalate.com
1	js.hs-analytics.net	blog.pixalate.com
1	www.google.de	blog.pixalate.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	maxcdn.bootstrapcdn.com	blog.pixalate.com
1	static.hubspot.com	blog.pixalate.com
1	code.jquery.com	blog.pixalate.com
1	platform.linkedin.com	blog.pixalate.com
113	53

This site contains links to these domains. Also see Links.

Domain
www.pixalate.com
www.facebook.com
www.linkedin.com
www.twitter.com
www.monkeyfrogmedia.com
www.alexa.com
twitter.com
www.mediaratingcouncil.org
www.addthis.com

Subject Issuer	Validity	Valid
blog.pixalate.com CloudFlare Inc ECC CA-2	`2019-08-22` - `2020-08-21`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
ssl766686.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-06-28` - `2020-01-04`	6 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-10` - `2020-03-21`	a year	crt.sh
hubspot.com CloudFlare Inc ECC CA-2	`2019-12-04` - `2020-10-09`	10 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
hubspot.net CloudFlare Inc ECC CA-2	`2019-04-16` - `2020-04-16`	a year	crt.sh
ssl431287.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-07-24` - `2020-01-30`	6 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
moatads.com DigiCert ECC Secure Server CA	`2018-11-10` - `2020-02-09`	a year	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
www.google.de GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2019-08-13` - `2020-08-12`	a year	crt.sh
ssl817706.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-13` - `2020-02-19`	6 months	crt.sh
*.addthis.com DigiCert SHA2 Secure Server CA	`2019-02-04` - `2021-02-03`	2 years	crt.sh
*.wistia.com Amazon	`2019-05-28` - `2020-06-28`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2020-03-19`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-10-30` - `2020-04-27`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-06-27` - `2019-12-24`	6 months	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-17` - `2020-05-04`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.litix.io Amazon	`2019-01-22` - `2020-02-22`	a year	crt.sh

This page contains 4 frames:

Primary Page: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Frame ID: 4651DE3C60A91C9B3DAAB20339D07BA4
Requests: 114 HTTP requests in this frame

Frame: https://fast.wistia.com/embed/iframe/bfz1rmsyhr
Frame ID: D07C697F48F5081E9F8341F2DE033954
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html?origin=http%3A%2F%2Fblog.pixalate.com
Frame ID: 68A2AC5D287C8E95D3306086E16B059E
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Frame ID: 797908EA570740C50CDBE32A2AEA8140
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.linkedin\.com\/in\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

113
Requests

81 %
HTTPS

49 %
IPv6

40
Domains

53
Subdomains

44
IPs

7
Countries

2039 kB
Transfer

5604 kB
Size

20
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: http://www.pixalate.com/
Title:

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/products/analytics
Title: Analytics

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/products/blocking
Title: Blocking

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/products/mrt
Title: Media Ratings Terminal

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#sov
Title: Share of Voice

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#breakout
Title: Breakout Apps

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#viewability
Title: Viewability

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#unique-visitors
Title: Unique Visitors

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#active-users
Title: Active Users

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#incentivized-apps
Title: Incentivized Apps

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/trends/#downloads
Title: Downloads

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/sellertrustindex/global
Title: Global

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/sellertrustindex/mobile
Title: Mobile

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/sellertrustindex/video
Title: Video

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/press
Title: Press

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/jobs
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site
Title:

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/share?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site
Title:

Search URL Search Domain Scan URL

URL: http://www.monkeyfrogmedia.com/
Title: Monkey Frog Media

Search URL Search Domain Scan URL

URL: https://www.alexa.com/siteinfo/monkeyfrogmedia.com
Title: Alexa rankings

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/ratings/
Title: Media Rating Terminal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pixalate
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/pixalateinc
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/pixalate
Title:

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/sellertrustindex
Title: Seller Trust Indexes

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/terms
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/privacypolicy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.pixalate.com/gdpr
Title: GDPR Compliance

Search URL Search Domain Scan URL

URL: http://www.mediaratingcouncil.org/063014%20Viewable%20Ad%20Impression%20Guideline_Final.pdf
Title: MRC

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

http://js.hsforms.net/forms/v2.js HTTP 301
https://js.hsforms.net/forms/v2.js

Request Chain 27

http://static.hubspot.com/final/img/content/email-template-images/placeholder_200x200.png HTTP 307
https://static.hubspot.com/final/img/content/email-template-images/placeholder_200x200.png

Request Chain 29

http://s7.addthis.com/js/300/addthis_widget.js HTTP 308
https://s7.addthis.com/js/300/addthis_widget.js

Request Chain 35

http://connect.facebook.net/en_US/fbevents.js HTTP 307
https://connect.facebook.net/en_US/fbevents.js

Request Chain 36

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 48

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 54

http://www.google-analytics.com/r/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=1&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=1367353038&gjid=1304879794&cid=933755144.1575490696&tid=UA-24557568-1&_gid=2004057757.1575490696&_r=1&cg1=%2Fblog&z=1746952732 HTTP 307
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=1&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=1367353038&gjid=1304879794&cid=933755144.1575490696&tid=UA-24557568-1&_gid=2004057757.1575490696&_r=1&cg1=%2Fblog&z=1746952732 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_gid=2004057757.1575490696&gjid=1304879794&_v=j79&z=1746952732 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_v=j79&z=1746952732 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_v=j79&z=1746952732&slf_rd=1&random=1606404396

Request Chain 72

http://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_enzy0 HTTP 308
https://api-public-oci-origin.addthis.com/url/shares.json?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_enzy0

Request Chain 74

http://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_5b5c0 HTTP 308
https://api-public-oci-origin.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_5b5c0

Request Chain 76

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 77

http://www.google-analytics.com/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=2&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aEBAAEAB~&jid=&gjid=&cid=933755144.1575490696&tid=UA-24557568-1&_gid=2004057757.1575490696&cg1=%2Fblog&z=923689242 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=2&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aEBAAEAB~&jid=&gjid=&cid=933755144.1575490696&tid=UA-24557568-1&_gid=2004057757.1575490696&cg1=%2Fblog&z=923689242

Request Chain 92

https://s.adroll.com/j/exp/5BQD2CMYB5DNBF3JWVPUSC/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 93

https://d.adroll.mgr.consensu.org/consent/iabcheck/5BQD2CMYB5DNBF3JWVPUSC?_s=1696b64230ed7fe110fb1cb215ea1b58&_b=2 HTTP 302
https://d.adroll.com/consent/check/5BQD2CMYB5DNBF3JWVPUSC/?_s=1696b64230ed7fe110fb1cb215ea1b58&_b=2

Request Chain 94

https://d.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&pv=30828458574.023586&cookie=&adroll_s_ref=&keyw=&arrfrr=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site HTTP 302
https://s.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA/DBJXNZQFNRHYZMMXUKUUPQ.js

Request Chain 97

https://d.adroll.com/cm/aol/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP359b6b92-16d3-11ea-ac71-020f29226de4 HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP359b6b92-16d3-11ea-ac71-020f29226de4&verify=true

Request Chain 98

https://d.adroll.com/cm/index/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expiration=1607026698 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expiration=1607026698&C=1

Request Chain 99

https://d.adroll.com/cm/n/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expires=365

Request Chain 100

https://d.adroll.com/cm/outbrain/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&rdrctExp=true

Request Chain 101

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 102

https://d.adroll.com/cm/r/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 103

https://d.adroll.com/cm/taboola/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

Request Chain 104

https://d.adroll.com/cm/triplelift/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&dongle=c85e&gdpr=1&cmp_cs=

Request Chain 105

https://d.adroll.com/cm/b/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

Request Chain 106

https://d.adroll.com/cm/x/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

Request Chain 107

https://d.adroll.com/cm/l/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=63821fb79c7d154e1839a549e0987fbc

Request Chain 108

https://d.adroll.com/cm/o/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=63821fb79c7d154e1839a549e0987fbc HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=63821fb79c7d154e1839a549e0987fbc

Request Chain 109

https://d.adroll.com/cm/g/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Y4Ift5x9FU4YOaVJ4Jh_vA HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=Y4Ift5x9FU4YOaVJ4Jh_vA&google_tc= HTTP 302
https://d.adroll.com/cm/g/in

113 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set momtaxi-session-hijacking-auto-refresh-ad-fraud-site Show response
blog.pixalate.com/ 76 KB
17 KB 420ms
359ms Document
text/html 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / HubSpot
Resource Hash: d103456901231230fce5470a6d01f98f933764dd6d3137f441a071800cb661e2

Request headers

Host: blog.pixalate.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d0024307f926d0ffb55f6a1fea966247c1575490694; expires=Fri, 03-Jan-20 20:18:14 GMT; path=/; domain=.blog.pixalate.com; HttpOnly __cfruid=8b3584fe31aadaf2826718a069b08024f8d0c9ef-1575490695; path=/; domain=.blog.pixalate.com; HttpOnly
CF-Ray: 540077eabbba59be-VIE
Content-Encoding: gzip
CF-Cache-Status: MISS
Cache-Control: s-maxage=120,max-age=5
Link: </hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>; rel=preload; as=script
Vary: Accept-Encoding
Access-Control-Allow-Credentials: false
Edge-Cache-Tag: CT-5317456915,CG-2364596,P-2364596,L-6560952454,L-6572417230,L-7967130127,CW-5736346489,CW-5738079236,E-5443883678,E-6156886350,E-6563082215,PGS-ALL,SW-4,SD-46
X-HS-Cache-Config: BrowserCache-5s-EdgeCache-120s
X-HS-Combine-CSS: Retry-0
X-HS-Content-Id: 5317456915
X-HS-Hub-Id: 2364596
X-Powered-By: HubSpot
X-Trace: 2B3D042D2E3286CFC7013FB2EF01827639620860A1000000000000000000
Server: cloudflare

GET
H/1.1 200
OK index.js Show response
blog.pixalate.com/hs/hsstatic/HubspotToolsMenu/static-1.47/js/ 8 KB
4 KB 97ms
97ms Script
application/javascript 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.pixalate.com/hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js
Protocol: HTTP/1.1
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75b857fc1e6ed070dffbbbf67e18a4e99ff49d805f5a924a0417ff0138ddf6d8

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 9b097dfab92228268a37145aac5629c1.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
X-Amz-Cf-Pop: IAD89-C1
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Mon, 04 Nov 2019 16:40:20 GMT
Server: cloudflare
ETag: W/"54b13e36e568fb12dcb53751d3045f0e"
Vary: Accept-Encoding
x-amz-version-id: Oye6KN0Ikl1ArcIW0aXcJXP_s4jLsAe8
Cache-Control: s-maxage=31536000, max-age=31536000
Access-Control-Allow-Credentials: false
CF-Ray: 540077ecfd4d59be-VIE
X-Amz-Cf-Id: TZQW5Utu2FJclCkFiCA8yUw-7AQn4knsGpvakxsPWIIiBH7k7MGizw==

GET
H/1.1 200
OK project.js Show response
blog.pixalate.com/hs/hsstatic/cos-i18n/static-1.10/bundles/ 1 KB
1 KB 136ms
124ms Script
application/javascript 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.pixalate.com/hs/hsstatic/cos-i18n/static-1.10/bundles/project.js
Protocol: HTTP/1.1
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
X-Amz-Cf-Pop: IAD89-C1
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 13 Sep 2017 02:51:30 GMT
Server: cloudflare
ETag: W/"0011aaf4067b097bcbfd9dc99a4b94c0"
Vary: Accept-Encoding
x-amz-version-id: p6iak7Gl9Xyg7crK_8XyTwctOBvKD1DL
Cache-Control: s-maxage=31536000, max-age=31536000
Access-Control-Allow-Credentials: false
CF-Ray: 540077ed0d31cbbc-VIE
X-Amz-Cf-Id: vZurWJv0B01SukHmm_UlnqtjGrBQlBlH70V6DLpFD3ecTjTiaCKh9Q==

GET
H/1.1 200
OK jquery-1.7.1.js Show response
blog.pixalate.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
33 KB 150ms
137ms Script
application/javascript 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.pixalate.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 443f1433224715dbc774145b9ac2efe4.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
X-Amz-Cf-Pop: IAD89-C2
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Tue, 25 Nov 2014 17:03:30 GMT
Server: cloudflare
ETag: W/"ddb84c1587287b2df08966081ef063bf"
Vary: Accept-Encoding
x-amz-version-id: null
Cache-Control: s-maxage=31536000, max-age=31536000
Access-Control-Allow-Credentials: false
CF-Ray: 540077ed1bb3cbc0-VIE
X-Amz-Cf-Id: zBzo8X77H1pUDUC8ohnVz2Rul1eOFN04-VPYKR0G8WpQujQvnWjW3w==

GET
H/1.1 200
OK bizible.js Show response
cdn.bizible.com/scripts/ 86 KB
33 KB 37ms
19ms Script
application/x-javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.bizible.com/scripts/bizible.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (amb/6BA7) / ASP.NET
Resource Hash: e63918930e9c6948c3c5db63462373afb64724c6d2538236cd676d35edda9ec9

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Dec 2019 02:35:27 GMT
Server: ECS (amb/6BA7)
X-Powered-By: ASP.NET
Etag: "995277d4baad51:0"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 33443

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 16ms
8ms Script
text/javascript 2606:2800:133:7403:4a68:7eff:710b:1ddf
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.linkedin.com/in.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:2800:133:7403:4a68:7eff:710b:1ddf , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: 48bc887e1845f952350f354d2e85b8d2db8d5ece35a371870b0daad994318053

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: ECST
X-Cache: HIT
X-CDN-Proto: HTTP1
X-Li-Pop: prod-ech2
Content-Length: 55596
X-LI-UUID: KJG0vK9B3RWwlUzpWisAAA==
Last-Modified: Wed, 04 Dec 2019 19:27:47 GMT
Server: ECAcc (frc/8F0A)
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: prod-lva1
Expires: Wed, 4 Dec 2019 20:27:47 GMT

GET
H/1.1 200
OK layout.min.css
cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/ 5 KB
2 KB 36ms
22ms Stylesheet
text/css 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 786719
Transfer-Encoding: chunked
x-amz-meta-md5-hash: 0b0c633d59ab0af9553a98c0e7d97349
Connection: keep-alive
Last-Modified: Thu, 18 May 2017 21:11:43 GMT
Server: cloudflare
ETag: W/"0b0c633d59ab0af9553a98c0e7d97349"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: s-maxage=1209600, max-age=1209600
X-HS-CF-Lambda: us-east-1.setCacheTagHeaders 43
X-Amz-Cf-Pop: IAD89-C2
CF-RAY: 540077ed1819cbb4-VIE

GET
H2 200 quint-featured-blog-v4.css
blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/5443883678/1569526090893/Custom/system/css/ 71 KB
14 KB 536ms
498ms Stylesheet
text/css 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/5443883678/1569526090893/Custom/system/css/quint-featured-blog-v4.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5d46c406432516c03941fb8fc5c4d799a7309b3784fcff795612979bcda1e2e

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 4DF2852E79B0E5B5
status: 200
content-type: text/css
x-amz-id-2: tw1h1f1KR9F2RytII4DS0yqGDTr9NNtmlULJTqyWWVzYOicXp2tNee9f3FKcm8H4DrQLytwuBjw=
last-modified: Thu, 26 Sep 2019 19:28:11 GMT
server: cloudflare
etag: W/"bfc1d72eccbd3b008071819c63501349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: DmGNo_QiEo6FnmRbe9jhu2gpj7u2.vWK
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 540077ed3de0cbbc-VIE

GET
H2 200 pix-news-signup.min.css
blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6156886350/1569526090522/Custom/page/css/ 15 KB
3 KB 210ms
172ms Stylesheet
text/css 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6156886350/1569526090522/Custom/page/css/pix-news-signup.min.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c4eb9ecf12b3ed1715fb6c76f16b65cc42fed88fb7b7175815cc72be708607e

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 4A5595D65AA824F9
status: 200
content-type: text/css
x-amz-id-2: K74i85SWk770GriqfKt7okogPGo7WKomPYe6x3Czc8EnCnINBJBv9IE+tRhQ22u5SceIxWXanHY=
last-modified: Thu, 26 Sep 2019 19:28:11 GMT
server: cloudflare
etag: W/"0b59512a16937564660d74b5651a21dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: eFy4aH5o4NERKYW556Frk2Vm78hz1rEp
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 540077ed3de1cbbc-VIE

GET
H2 200 custom_style.min.css
blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6563082215/1569526091088/Custom/2018/css/ 14 KB
3 KB 221ms
183ms Stylesheet
text/css 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6563082215/1569526091088/Custom/2018/css/custom_style.min.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125516b61147133fdad84c2f139b44b4396479c006b163057d02a73bf3672aed

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 11DEBEB98CBD1D09
status: 200
content-type: text/css
x-amz-id-2: 7k1zZJFM8n2hb8N+tQBp3xa/CDZcBjeuCDLTZp1qDUTpzxlQjiU3bcmTWBbKPRSGW5L8XuU90tc=
last-modified: Thu, 26 Sep 2019 19:28:12 GMT
server: cloudflare
etag: W/"5d7fca0c56017697328ba2a76c1c438e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: mOTNzCoxq63UKYOTxih4BhhNwJ0G6ccE
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 540077ed3de6cbbc-VIE

GET
H/1.1 200
OK animate.css
cdn2.hubspot.net/hubfs/459002/ 71 KB
5 KB 48ms
34ms Stylesheet
text/css 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn2.hubspot.net/hubfs/459002/animate.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d34c3af0d3b74cbb878ca4472668ebae02410ed1bfe8e85b244bb582d1dcb2ea

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 87459a7837f980cdc57ba8a2c23a55ae.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
x-amz-meta-cache-tag: F-4023988436,P-459002,FLS-ALL
Age: 199023
Transfer-Encoding: chunked
Edge-Cache-Tag: F-4023988436,P-459002,FLS-ALL
X-Cache: Miss from cloudfront
X-HS-CF-Lambda: us-east-1.setCacheTagHeaders 43
Content-Encoding: gzip
x-amz-request-id: 324AE1CC0DFDAD37
x-amz-id-2: VusJMWTq+q5jZl2fotviOJH6DjvylQQZejXkG1FViphuxdmmHCII3l0kdZeYgPpJw6+HpGBgA6Q=
Last-Modified: Fri, 06 Oct 2017 12:01:57 GMT
Server: cloudflare
Connection: keep-alive
ETag: W/"07f146141537e04ee282a965d8053198"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: s-maxage=1209600, max-age=1209600
x-amz-version-id: eQQLxrgBVRzdcd39HnBkXraMQA.p1H1A
X-Amz-Cf-Pop: VIE50-C1
CF-RAY: 540077ed1814cbb4-VIE
X-Amz-Cf-Id: 26Ex_w-SoeNFY5sTIT4_oFD13kXO9UbIqgoSU9Kq_ho3SaXq0pIyDA==

GET
H/1.1 200
OK jquery.min.2.1.1.js Show response
cdn2.hubspot.net/hubfs/459002/ 82 KB
30 KB 333ms
319ms Script
application/javascript 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
CF-Cache-Status: REVALIDATED
x-amz-meta-cache-tag: F-4040384383,P-459002,FLS-ALL
X-Amz-Cf-Pop: FRA2-C1
Transfer-Encoding: chunked
Edge-Cache-Tag: F-4040384383,P-459002,FLS-ALL
X-Cache: Miss from cloudfront
X-HS-CF-Lambda: us-east-1.setCacheTagHeaders 43
Content-Encoding: gzip
x-amz-request-id: 3572FCAC66FFAC26
x-amz-id-2: V1LXCwP7QhKkoe+e2uUpUHNOPFjxddMxClESoBkQI43pK5ZCYXdzBy7hnChhQD3z8zwLipqOU2w=
Last-Modified: Fri, 06 Oct 2017 12:01:58 GMT
Server: cloudflare
Connection: keep-alive
ETag: W/"d021c983bd6e7291b43a5cc1fb2ebe99"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 49L1KdCG8iPJMTiywXicFzJycYAqzBZC
CF-RAY: 540077ed1929cbc4-VIE
X-Amz-Cf-Id: feij6DxGvwE_LRAwuY_t0wI7zKMVyHB4LiZL1erUhZzec-lo4eBCwQ==

GET
H/1.1 200
OK jquery-ui.min.js Show response
code.jquery.com/ui/1.12.0/ 247 KB
67 KB 21ms
7ms Script
application/javascript 2001:4de0:ac19::1:b:2b
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.0/jquery-ui.min.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jul 2016 17:14:47 GMT
Server: nginx
ETag: W/"577fdf87-3ddc9"
Vary: Accept-Encoding
X-HW: 1575490695.dop016.fr8.shc,1575490695.dop016.fr8.t,1575490695.cds056.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 67684

GET
H/1.1 200
OK owl.carousel.css
cdn2.hubspot.net/hubfs/459002/ 5 KB
2 KB 42ms
29ms Stylesheet
text/css 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn2.hubspot.net/hubfs/459002/owl.carousel.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 9c157874a076ffdde5f5a44c4371f3a1.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
x-amz-meta-cache-tag: F-4148758830,P-459002,FLS-ALL
Age: 199023
Transfer-Encoding: chunked
Edge-Cache-Tag: F-4148758830,P-459002,FLS-ALL
X-Cache: Miss from cloudfront
X-HS-CF-Lambda: us-east-1.setCacheTagHeaders 43
Content-Encoding: gzip
x-amz-request-id: CEC55EACE256CFE8
x-amz-id-2: d6Of5VV8ahh7u3M5GCgoUluGP6ko3458KkPD4qWVPWHDR0ifpZPTtAnAnMH8pkfDUNn+hzg6PP0=
Last-Modified: Fri, 06 Oct 2017 12:02:06 GMT
Server: cloudflare
Connection: keep-alive
ETag: W/"b51416af9e8adbe3d16f5f2526aba221"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: s-maxage=1209600, max-age=1209600
x-amz-version-id: eztVN8AZJEym.Nd5C5bAF.1s.uD51XhL
X-Amz-Cf-Pop: VIE50-C1
CF-RAY: 540077ed1f1dcbb8-VIE
X-Amz-Cf-Id: Artkr8dLKIbv-ttxRbeUjliHxoVsXimcW853S51V78DlH7iNe_RnxQ==

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 9ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:3a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:20 GMT
access-control-allow-origin: *
etag: "1544639720"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 7050

GET
H/1.1 200
OK owl.carousel.min.js Show response
cdn2.hubspot.net/hubfs/459002/ 39 KB
11 KB 191ms
177ms Script
application/javascript 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn2.hubspot.net/hubfs/459002/owl.carousel.min.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
CF-Cache-Status: REVALIDATED
x-amz-meta-cache-tag: F-4148747595,P-459002,FLS-ALL
X-Amz-Cf-Pop: FRA2-C1
Transfer-Encoding: chunked
Edge-Cache-Tag: F-4148747595,P-459002,FLS-ALL
X-Cache: Miss from cloudfront
X-HS-CF-Lambda: us-east-1.setCacheTagHeaders 43
Content-Encoding: gzip
x-amz-request-id: 61EB13ADB7C3AED8
x-amz-id-2: ZdObPNKJJFJSabuGMva003ECaMUcimP8DvwXrau+MSc5uv2uapBkUx8VzQfZ9Yyvm27b1o45Fvo=
Last-Modified: Fri, 06 Oct 2017 12:02:06 GMT
Server: cloudflare
Connection: keep-alive
ETag: W/"ffaa3c82ad2c6e216e68aca44746e1be"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: s-maxage=1209600, max-age=1209600
x-amz-version-id: FgABW6LPW7qtshG_bSbHkb_1Z18.sUub
CF-RAY: 540077ed1ed7cba0-VIE
X-Amz-Cf-Id: O5xl9ZFjvgzx17oDzqwRTkY8NwRyNv2U8wNlaUlPug6QDxCNd5BANQ==

GET
H2

200

v2.js Show response
js.hsforms.net/forms/
Redirect Chain

http://js.hsforms.net/forms/v2.js
https://js.hsforms.net/forms/v2.js

418 KB
116 KB

62ms
28ms

Script
application/javascript

2606:4700::6811:ba49
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba49 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1e54f3fe3290ecc4c8474d7bee91ecdb173921702de9a8f127ac28a18bacdcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 c5bb940b2890383b4ca2d8b74b68699a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 175
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-amz-version-id: rSLg1kM0E2wc3M1ChjIUpj5ak3JTv4Dg
last-modified: Wed, 04 Dec 2019 04:40:02 GMT
server: cloudflare
etag: W/"dc174e11f10c1ab65b7ec8796e0f0477"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
x-amz-cf-pop: IAD89-C2
cf-ray: 540077ed68648c62-VIE
x-amz-cf-id: 4T-v72QXCnO82RBYH9rk96ZqNUGPRDUTsswWX1LLvWg5qajIg0uM6w==

Redirect headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://js.hsforms.net/forms/v2.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 540077ed1825cbb4-VIE
Expires: Wed, 04 Dec 2019 21:18:15 GMT

GET
H2 200 pixalate-logo-red-small.png
blog.pixalate.com/hubfs/2018NewTemplate/ 9 KB
10 KB 114ms
77ms Image
image/webp 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/2018NewTemplate/pixalate-logo-red-small.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01586a8ad1e043dbae6c7b901ecbbc9f2f58ade2cd73a3af8afe67a84c18c59a

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 40e8cff7eb9a18d9e3d7f191f1493514.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6560429671,FD-6563016193,P-2364596,FLS-ALL
x-amz-cf-pop: VIE50-C1
cf-polished: origFmt=png, origSize=13752
edge-cache-tag: F-6560429671,FD-6563016193,P-2364596,FLS-ALL
status: 200
content-length: 9272
content-disposition: inline; filename="pixalate-logo-red-small.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 3C681D3B58ECB85F
x-amz-id-2: 2bnxIdPpvON/lv1gxn7vK5x+4a+oMF5dw8SmpyoYNENMJocaEHe92N6UdMPjmm9DWGKxZJK1PAI=
x-cache: Miss from cloudfront
last-modified: Mon, 19 Nov 2018 20:42:29 GMT
server: cloudflare
etag: "1b1b9a8402520e602c7aa172bc7901d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: CllHKPoTUoXYY_t9dfq1p53A36PQTbMf
accept-ranges: bytes
cf-ray: 540077ed3de9cbbc-VIE
x-amz-cf-id: _JiRwZk4mtKAqjwuHrHK0ZcyisV1m7jxsr7zwMXaX-C9agc5xGKx1g==
cf-bgj: imgq:85

GET
H2 200 arrow-down-light.png
blog.pixalate.com/hubfs/2018NewTemplate/ 114 B
570 B 48ms
48ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/2018NewTemplate/arrow-down-light.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9deab837bb0082dfa4b2fa8381ac4267ef9fb8f51c387f1e64c70b707fce5a

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6572503175,FD-6563016193,P-2364596,FLS-ALL
age: 348457
cf-polished: origSize=142, status=webp_bigger
edge-cache-tag: F-6572503175,FD-6563016193,P-2364596,FLS-ALL
status: 200
content-length: 114
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 2DEF498EF2544782
x-amz-id-2: heC2giYnVAYFuXzQDq7B0iZ9fLX/VoAFrQ1t6tX857TscZagDgLIx/26ZFZI6fxB4Y+2+8IfxpM=
last-modified: Tue, 20 Nov 2018 19:36:01 GMT
server: cloudflare
etag: "9d5f272be0f11919143598106315d018"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: drezDNruNNr5roQEzUnsdpu6RZBUvuT1
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
cf-ray: 540077edbfeacbbc-VIE
x-amz-cf-id: S2UYsoTzNDnPvqH-jFxQC8UccobeFviqr-WZoLvdNU1DGlUQpEjQkg==
cf-bgj: imgq:85

GET
H2 200 arrow-up-light.png
blog.pixalate.com/hubfs/2018NewTemplate/ 114 B
573 B 48ms
48ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/2018NewTemplate/arrow-up-light.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5d98f9e6d484dc763ba3c26182c61e15a0d6a6fe542d29167390231b5f26598

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 551f31cb488dd469e1bc714539d352b3.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6572503176,FD-6563016193,P-2364596,FLS-ALL
x-amz-cf-pop: CPH50-C1
cf-polished: origSize=145, status=webp_bigger
edge-cache-tag: F-6572503176,FD-6563016193,P-2364596,FLS-ALL
status: 200
content-length: 114
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: A3BFF85122D7A407
x-amz-id-2: A/1KF0IH0/HMMQnM7XgQkERpwq77R5nDi9Jbm1LCY/eCTnswEGgc51yhHBuLVLuSXKs8D7ElLIA=
last-modified: Tue, 20 Nov 2018 19:36:01 GMT
server: cloudflare
etag: "dc9e105795f9ba8b669c0299c5caf1b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: kPvz0UXX4zM2_Xh396fnpFAwB.CefW74
accept-ranges: bytes
cf-ray: 540077ee297acbbc-VIE
x-amz-cf-id: 6sd_PzN6vXv1kMNDYutJr-jRrH7y2kEpIctl5lPrXqHirtMmNys4Xw==
cf-bgj: imgq:85

GET
H2 200 facebook.png
blog.pixalate.com/hubfs/Blog_V2_08_26_2016/social/ 7 KB
8 KB 290ms
288ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/Blog_V2_08_26_2016/social/facebook.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e95e97ff2ba95b7d83c22fd708da63cfd80413e35c6bd46d834a223d81597b9

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 ab8469a6d336e6ae83223495412c7557.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-meta-cache-tag: F-4363867728,P-2364596,FLS-ALL
x-amz-cf-pop: MUC51-C1
edge-cache-tag: F-4363867728,P-2364596,FLS-ALL
status: 200
content-length: 7379
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: BC1C31CF6BDD6F0C
x-amz-id-2: 3Ncc9s1KkSpQQNR5N+Z/WmCGo828uqGoiqiOSxE4Q46wk/t2rrzXjjoQ3jNYNssfc7XVJttA3pQ=
last-modified: Fri, 06 Oct 2017 04:04:18 GMT
server: cloudflare
etag: "28ee394bc0e0027b344feec84742cf5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: UISw3pvMfuI4kYuqgHwqsJNgHZABWSM8
accept-ranges: bytes
cf-ray: 540077ee8addcbbc-VIE
x-amz-cf-id: PksAEkHlfk158S6yo7X3SWsBPsxliJX-cWPnHqGmatxpmDjTyI_kMw==

GET
H2 200 linkedin.png
blog.pixalate.com/hubfs/Blog_V2_08_26_2016/social/ 3 KB
3 KB 54ms
53ms Image
image/webp 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/Blog_V2_08_26_2016/social/linkedin.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8b820b6934a6f26ee52b4fe0cd5572bce9e80f30ec08848fe601c9c5d7e09b2

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 3a65445020a52e9a185051db037167bb.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4363854358,P-2364596,FLS-ALL
x-amz-cf-pop: VIE50-C1
cf-polished: origFmt=png, origSize=7008
edge-cache-tag: F-4363854358,P-2364596,FLS-ALL
status: 200
content-length: 2630
content-disposition: inline; filename="linkedin.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: EBC4050A0F3B3551
x-amz-id-2: 67s8lJfzSO2u+1knZJfLKAQNrAczckZbeRk5lKZHgcIr5+qBZnvO2DtjEM1HqAdtLccEd/p84WU=
x-cache: Miss from cloudfront
last-modified: Fri, 06 Oct 2017 04:04:18 GMT
server: cloudflare
etag: "67690024a3a02097c4dcd3f72be3628d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: EqGqmUyROdrwC.2kLev7ESSXJ.eSFI6t
accept-ranges: bytes
cf-ray: 540077eebb52cbbc-VIE
x-amz-cf-id: qGV_PKYWvXLrjcdxbz_l8SXV5fhEzo9YfrOP8ovKHsQOFmca4sVh-A==
cf-bgj: imgq:85

GET
H2 200 twitter.png
blog.pixalate.com/hubfs/Blog_V2_08_26_2016/social/ 10 KB
11 KB 529ms
529ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/Blog_V2_08_26_2016/social/twitter.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f2ca08c793dc02f2cea9aec445f67b553ef83a0039870cb0c896a25d5f910f

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 3fb796f78a92d0a74fc25170230bcfe7.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-meta-cache-tag: F-4481191435,P-2364596,FLS-ALL
x-amz-cf-pop: MUC51-C1
edge-cache-tag: F-4481191435,P-2364596,FLS-ALL
status: 200
content-length: 10453
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 34194E6A90BAFCAE
x-amz-id-2: povjp9WaIaEbRI6gmdc/57RHLl5LBn40z3dHsLVkWeJKL6rzIbhA14ry8sEu+U5nYBp/JXA//7E=
last-modified: Fri, 06 Oct 2017 04:04:27 GMT
server: cloudflare
etag: "9455a9d1a2bb0e0f96ef7411431bb7ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: DF0qSz3OFAfx__S6gCIg7zggNq_rfK8m
accept-ranges: bytes
cf-ray: 540077ef0c7dcbbc-VIE
x-amz-cf-id: Be1eldNz8VKcRA-8bpzsocOBfBYTf-qgt5X3OTNvS2h5iRYfSnEbyw==

GET
H2 200 bfz1rmsyhr.jsonp Show response
fast.wistia.com/embed/medias/ 7 KB
2 KB 148ms
148ms Script
application/javascript 2a04:4e42:1b::622
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/bfz1rmsyhr.jsonp

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

74acb31e414ad2354b6e467a9191a6800d29cbaef6d0e2e57701944478cbed4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: br
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 63410
x-cache: MISS, HIT, MISS
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
status: 200
strict-transport-security: max-age=0
content-length: 1763
via: 1.1 varnish, 1.1 varnish
x-request-id: 30bccd736371b7578f2647ca2700037c
x-served-by: cache-sea4441-SEA, cache-hhn4055-HHN
x-runtime: 0.073831
referrer-policy: strict-origin-when-cross-origin
x-timer: S1575490696.727187,VS0,VE143
x-download-options: noopen
vary: Accept-Encoding,Referer,X-Forwarded-Proto,X-Normalized-User-Agent,X-ECMA-Override
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 74
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
link: <https://embedwistia-a.akamaihd.net>; rel=preconnect; crossorigin
x-cache-hits: 0, 1, 0

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 587 KB
112 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::622
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

51f8f580cb1282b20683b603c2a9494859a5ee5da723bdc07eda7491d0f71d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: br
age: 2698
x-cache: HIT, HIT
status: 200
strict-transport-security: max-age=0
content-length: 114005
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-sea4454-SEA, cache-hhn4055-HHN
x-browser-version: 74
last-modified: Wed, 04 Dec 2019 19:27:40 GMT
x-timer: S1575490696.786886,VS0,VE0
etag: "5de808ac-1bd55"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 430

GET
H2 200 mom-taxi-double-chart.png
blog.pixalate.com/hs-fs/hubfs/Blog_Media/Blog%20photos/ 68 KB
69 KB 294ms
292ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hs-fs/hubfs/Blog_Media/Blog%20photos/mom-taxi-double-chart.png?width=640&name=mom-taxi-double-chart.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 685ca908640c88662bf8afdeb49ae01f6c48d743a96741495379e50187b45705

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 ef6762d67d012a06d2761f42352c9e53.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-C1
edge-cache-tag: F-5317383371,FD-5067035820,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 69986
last-modified: Mon, 25 Nov 2019 20:04:08 GMT
server: cloudflare
etag: "fa134df95db29fda9b6f9c7dfe816d92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 540077f0bb22cbbc-VIE
x-amz-cf-id: DcJLIrdSUEnyxp0ietM3O_IpeDS3BI0kFzaMLaJ4NsJVdZDCaSyCtg==

GET
H2 200 monkey-frog-media-alexa-rank.png
blog.pixalate.com/hs-fs/hubfs/Blog_Media/Blog%20photos/ 65 KB
65 KB 280ms
278ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hs-fs/hubfs/Blog_Media/Blog%20photos/monkey-frog-media-alexa-rank.png?width=640&name=monkey-frog-media-alexa-rank.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7bfa53db0a9731fe61f657e0f0d646da3726d385dc9e96b189b874c930601a51

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 88b63cb2f8aab28c7291262ffc15282f.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-C1
edge-cache-tag: F-5317382789,FD-5067035820,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 66524
last-modified: Mon, 25 Nov 2019 20:13:32 GMT
server: cloudflare
etag: "f4160864ae184af90c950f63592a8fd5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 540077f0bb26cbbc-VIE
x-amz-cf-id: gbnOryVhMDGTQeBtzFYccoSlRf0MS4HtjWt6qrlkw9M5ub9Kx74YcA==

GET
H2 200 Momtaxi%20Pixalate%20MRT.png
blog.pixalate.com/hs-fs/hubfs/Blog_Media/Blog%20photos/ 106 KB
106 KB 362ms
360ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hs-fs/hubfs/Blog_Media/Blog%20photos/Momtaxi%20Pixalate%20MRT.png?width=640&name=Momtaxi%20Pixalate%20MRT.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23eb75306a47d9df84e6e5a1bf6bffdfd4d2bee3604eace0b0025db2c18fe47b

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 ef6762d67d012a06d2761f42352c9e53.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-C1
edge-cache-tag: F-5326237387,FD-5067035820,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 108034
last-modified: Mon, 25 Nov 2019 20:13:32 GMT
server: cloudflare
etag: "0e68b938963c45d1c74d827d9ae55616"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 540077f0bb28cbbc-VIE
x-amz-cf-id: QgRT7Hwu3x5ZF3SS7HCLKr46_cvjLrCwZu1BwBnxZ2f6HUbL1Z2sKA==

GET
H2

200

placeholder_200x200.png
static.hubspot.com/final/img/content/email-template-images/
Redirect Chain

http://static.hubspot.com/final/img/content/email-template-images/placeholder_200x200.png
https://static.hubspot.com/final/img/content/email-template-images/placeholder_200x200.png

3 KB
3 KB

20ms
19ms

Image
image/png

2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.hubspot.com/final/img/content/email-template-images/placeholder_200x200.png

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f54b94e67a2d5c83ce9d64cd8a440e2a1291d0d7ef708582dd8d198d9e479ebb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
cf-cache-status: HIT
last-modified: Fri, 18 May 2012 14:21:11 GMT
server: cloudflare
age: 811669
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=31556926
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
cf-ray: 540077f0ca0acbb0-VIE
content-length: 2860
expires: Fri, 04 Dec 2020 02:07:01 GMT

Redirect headers

Location: https://static.hubspot.com/final/img/content/email-template-images/placeholder_200x200.png
Non-Authoritative-Reason: HSTS

GET
H2 200 pixalate-logo-red-small.png
blog.pixalate.com/hs-fs/hubfs/2018NewTemplate/ 4 KB
4 KB 624ms
623ms Image
image/png 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hs-fs/hubfs/2018NewTemplate/pixalate-logo-red-small.png?width=104&name=pixalate-logo-red-small.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08309a7f07ea5531a44c2270c920f0c7310f512401967f5d97e09048840146b9

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 c8c9787916110356915bbdbddd0a32d6.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-C2
edge-cache-tag: F-6560429671,FD-6563016193,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 4016
last-modified: Fri, 22 Nov 2019 16:01:48 GMT
server: cloudflare
etag: "c00a92e7a21829a983f9999acf4eebdf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 540077f0bb2acbbc-VIE
x-amz-cf-id: 918h7oPveriMvlE6lvg7gAznJyWKVjDyR8XYvJbXQsTSrnWXBkebkQ==

GET
H2

200

addthis_widget.js Show response
s7.addthis.com/js/300/
Redirect Chain

http://s7.addthis.com/js/300/addthis_widget.js
https://s7.addthis.com/js/300/addthis_widget.js

349 KB
113 KB

109ms
40ms

Script
application/javascript

2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.15 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-232-15.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 30 Oct 2019 19:35:04 GMT
server: nginx/1.15.8
etag: W/"5db9e5e8-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Wed, 04 Dec 2019 20:18:15 GMT
x-host: s7.addthis.com
content-length: 114924

Redirect headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Server: nginx/1.15.8
X-Distribution: 99
Content-Type: text/html
Location: https://s7.addthis.com/js/300/addthis_widget.js
X-Host: s7.addthis.com
Connection: keep-alive
Content-Length: 171

GET
H2 200 Pixalate_Logo_WHITE.png
blog.pixalate.com/hubfs/Blog_V2_08_26_2016/logo/ 2 KB
2 KB 256ms
255ms Image
image/webp 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.pixalate.com/hubfs/Blog_V2_08_26_2016/logo/Pixalate_Logo_WHITE.png
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fc28c5a0aa805d38e272e054b61fac5aedd3e30b763ec73e23b35cbac79e7d2

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 c3b74c81fdcb7942211a6c721efa13fd.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4390130803,P-2364596,FLS-ALL
x-amz-cf-pop: FRA2-C1
cf-polished: origFmt=png, origSize=3289
edge-cache-tag: F-4390130803,P-2364596,FLS-ALL
status: 200
content-length: 2066
content-disposition: inline; filename="Pixalate_Logo_WHITE.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: F663165EBB7F7884
x-amz-id-2: ZclJG38/D8a3WbV8K3MlDRNgEvRsGUeBaPIQGTnLkeOIpxo21yvAo5SDFe06iNu2jebNrO87h1E=
x-cache: Miss from cloudfront
last-modified: Fri, 06 Oct 2017 04:04:20 GMT
server: cloudflare
etag: "8f8294f9be1f82b331a46fae5371d20c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: zhyMqb8j82ekSVSXkkgi.nqt_LEaiaJA
accept-ranges: bytes
cf-ray: 540077f0bb2ccbbc-VIE
x-amz-cf-id: eoI8l6FPiVIWAKwECEY_Js4OqdFEO87pFKgps5HKr9JOxUJMaKNbBA==
cf-bgj: imgq:85

GET
H/1.1 200
OK 2364596.js Show response
blog.pixalate.com/hs/scriptloader/ 1 KB
1 KB 239ms
238ms Script
application/javascript 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.pixalate.com/hs/scriptloader/2364596.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf3f3c22f3edd5307cc124785eca888f4b45ebc637d172de7edb72e871e3394b

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:16 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Server: cloudflare
X-Trace: 2B8BFB3E5DDDA81B814BE3F7EFCAE481961106681A000000000000000000
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: public, max-age=60
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
CF-Ray: 540077f0b9d0cbc0-VIE
Content-Length: 497
Expires: Wed, 04 Dec 2019 20:19:15 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
894 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,500,700,300|Raleway:400,500,600,700,300

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

839a61bbbe60ea8dd1032fd4e88eff812ae0c65f8f4cda42bb88411151dfc726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 04 Dec 2019 20:18:15 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 04 Dec 2019 20:18:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 04 Dec 2019 20:18:15 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 7ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:3a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
access-control-allow-origin: *
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 6241

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 17ms
17ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700,300|Open+Sans+Condensed:700|IM+Fell+English:400italic|Quicksand:400,700|Montserrat:400,700,300

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e91889ec0c9c91d100fb5081a8517418c04f09f3cfba6e6464d5308326122ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 04 Dec 2019 20:18:15 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 04 Dec 2019 20:18:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 04 Dec 2019 20:18:15 GMT

GET
H2

200

fbevents.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/fbevents.js
https://connect.facebook.net/en_US/fbevents.js

121 KB
26 KB

7ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
content-length: 26702
x-xss-protection: 0
pragma: public
x-fb-debug: TRorz0FqxZ0j1OZ4Y2Fks9Hyfvvh4tBvhkteYUVbUYDX2Jkl2xH11HQLWXnCRx4z9jYhDt7qPL9Gi+ZyYPbJFw==
x-fb-trip-id: 420120009
date: Wed, 04 Dec 2019 20:18:15 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/fbevents.js
Non-Authoritative-Reason: HSTS

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

43 KB
17 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6278
date: Wed, 04 Dec 2019 18:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 04 Dec 2019 20:33:37 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET
H2 200 ProximaNova-SboldWeb.woff
cdn2.hubspot.net/hubfs/2364596/Fonts/ 61 KB
62 KB 54ms
26ms Font
application/font-woff 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/2364596/Fonts/ProximaNova-SboldWeb.woff
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a613bac553b6d7613ac126b2773e62896b3a3019640d7538c7b0539910e3edfb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6563082215/1569526091088/Custom/2018/css/custom_style.min.css
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 fdf9e7e5ec65d753124196745d150f16.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4458187480,P-2364596,FLS-ALL
age: 348452
edge-cache-tag: F-4458187480,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: gzip
content-type: application/font-woff
x-amz-request-id: 56ECE32617F18F6D
x-amz-id-2: PO99OsU/88adrZsm/qzp1t1eYN/4rLMDNvasr++3fnvvNX5jPL6fYpiqnsGt+ER5NSScPB9jss4=
last-modified: Fri, 06 Oct 2017 04:04:23 GMT
server: cloudflare
etag: W/"d03916041c22cfb1742518422af3ced8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: pozDeFuLDsvzugxCMNkjJ2kJRP9T_gx7
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-cf-pop: CPH50-C1
cf-ray: 540077f0ed538c7a-VIE
x-amz-cf-id: mAJlzv4qIPDgV_GsiAGdxyi0ivyeO-LTBt9jr6I6JNlq3Cq7CYdyJw==

GET
H2 200 ProximaNova-RegWeb.woff
cdn2.hubspot.net/hubfs/2364596/Fonts/ 61 KB
62 KB 278ms
251ms Font
application/font-woff 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/2364596/Fonts/ProximaNova-RegWeb.woff
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc1ee5027017280427cacd991ea73f1592cbc478f0335ff1dbb9c2c41c43db0a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6563082215/1569526091088/Custom/2018/css/custom_style.min.css
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 172e63b20fb363ed969de28ae3937e21.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4326927003,P-2364596,FLS-ALL
x-amz-request-id: 150FF2ED29F05703
edge-cache-tag: F-4326927003,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: gzip
content-type: application/font-woff
x-amz-id-2: DSMpyUozdsDuoMaQ239aXFhGqvPUyrIKBzPeUD9sQHjSR1aqwLZJVyB/M9pyw6bhKyG53njJZXs=
last-modified: Fri, 06 Oct 2017 04:04:16 GMT
server: cloudflare
etag: W/"7b4f4434dd85d1ce03848ae5c5c6081b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: tXAYclEfyEQA361gB9wiAHqdSnL.hesr
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-cf-pop: FRA2-C1
cf-ray: 540077f0ed548c7a-VIE
x-amz-cf-id: u7oJZgY87qrppuRtaxVRDNO-P_QXSDRyULVOmeyH7ScUiryeHF3OHg==

GET
H2 200 bfz1rmsyhr
fast.wistia.com/embed/iframe/ Frame D07C 0
0 149ms
148ms Document
text/html 2a04:4e42:1b::622
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/iframe/bfz1rmsyhr

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: fast.wistia.com
:scheme: https
:path: /embed/iframe/bfz1rmsyhr
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Response headers

status: 200
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
timing-allow-origin: *
cache-control: public, no-cache
link: <https://embedwistia-a.akamaihd.net>; rel=preconnect; crossorigin
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
x-request-id: 11a23f1384230e26c5dd6d8946ce76c7
x-runtime: 0.078389
content-encoding: br
via: 1.1 varnish 1.1 varnish
accept-ranges: bytes
date: Wed, 04 Dec 2019 20:18:15 GMT
age: 63410
x-served-by: cache-sea4426-SEA, cache-hhn4055-HHN
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 1, 0
x-timer: S1575490696.803656,VS0,VE143
vary: Accept-Encoding,Referer,X-Forwarded-Proto,X-Normalized-User-Agent,X-ECMA-Override
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: chrome
x-browser-version: 74
set-cookie: wistia-http2-push-disabled=1; path=/; domain=fast.wistia.com; expires=Wed, 04 Dec 2019 21:17:15 GMT
content-length: 2649

GET
H2 200 8d1d82a4-bd55-4dbb-9582-522c77c4d124 Show response
forms.hsforms.com/embed/v3/form/2364596/ 4 KB
1 KB 151ms
150ms Script
application/javascript 2606:4700::6810:5505
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2364596/8d1d82a4-bd55-4dbb-9582-522c77c4d124?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

035c0e8822254fe4d2b1741af98a8fbb98b2aeaaab7dbf1a55a3cc204d8b08b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
content-disposition: attachment; filename=no-rfd.txt
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 991
server: cloudflare
x-trace: 2B862C5EDF1915DAA86445C18230A291C5A0A45E79000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 540077f0ef9759fa-VIE

GET
H2 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
75 KB 8ms
7ms Font
font/woff2 2001:4de0:ac19::1:b:3a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: cdn2.hubspot.net
URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:36:18 GMT
access-control-allow-origin: *
etag: "1544639778"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 77171

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v14/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v14/4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2

Requested by

Host: cdn2.hubspot.net
URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,500,700,300|Raleway:400,500,600,700,300
Origin: http://blog.pixalate.com

Response headers

date: Tue, 19 Nov 2019 09:07:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:48 GMT
server: sffe
age: 1336275
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14096
x-xss-protection: 0
expires: Wed, 18 Nov 2020 09:07:00 GMT

GET
H2 200 BebasNeue.otf
cdn2.hubspot.net/hubfs/2364596/Fonts/ 45 KB
45 KB 426ms
426ms Font
application/x-font-otf 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/2364596/Fonts/BebasNeue.otf
Requested by: Host: cdn2.hubspot.net
URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08f85a5e4b9822bdb6c835c44e083b0f9e4a056e26deda7c7cbd0d5a64b3a058

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/5443883678/1569526090893/Custom/system/css/quint-featured-blog-v4.css
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 161da0b4a35876d11292625c13ca0f51.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-meta-cache-tag: F-4486502995,P-2364596,FLS-ALL
x-amz-request-id: D2B584B7D81B8E84
edge-cache-tag: F-4486502995,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-type: application/x-font-otf
content-length: 45572
x-amz-id-2: +ZoNRXlp3lyHoWyPT3SxBCZh1MAjJSxQD8EKpPNImtm17dEWJ1w4jGiOOIujEd8NnCkNKBZELuI=
last-modified: Fri, 06 Oct 2017 04:04:27 GMT
server: cloudflare
etag: "855c60cea8ab2eed7695fe3d106b5029"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 8uYSZKNZmzPl9jDnFLjJfKYh.ze.fJwG
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-cf-pop: MUC51-C1
accept-ranges: bytes
cf-ray: 540077f0ed5c8c7a-VIE
x-amz-cf-id: x6V5WF-8TG2lSBk1qHezuLVNTK8GCOwGY9J7TyaNhqLJEDH4UrL-SA==

GET
H2 200 ProximaNova-LightWeb.woff
cdn2.hubspot.net/hubfs/2364596/Fonts/ 60 KB
60 KB 368ms
368ms Font
application/font-woff 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/2364596/Fonts/ProximaNova-LightWeb.woff
Requested by: Host: cdn2.hubspot.net
URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4197979fbdaa50f515c3b3b6b8588b8d83221e59c561460353078fa52bb4b3b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/6563082215/1569526091088/Custom/2018/css/custom_style.min.css
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4326926998,P-2364596,FLS-ALL
x-amz-request-id: 1BCC83DBBAA42B2A
edge-cache-tag: F-4326926998,P-2364596,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: gzip
content-type: application/font-woff
x-amz-id-2: DMT79zoisjYd6if/LIuhrzTYBYvlH02dtpNsj9VB1N75LuLa7yf+tKsmgmX5TOVdTF50cL2/Qrs=
last-modified: Fri, 06 Oct 2017 04:04:16 GMT
server: cloudflare
etag: W/"44c729dce76e3025c97acafd17d52c5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 15QZ1tYD7GGEYgjYg2AU7XK_deKpVLU4
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-cf-pop: FRA2-C1
cf-ray: 540077f0ed5d8c7a-VIE
x-amz-cf-id: 28Z4nPFFVHnyeXW1_0ZjqVPpuG0G-07S9rtUp_OgS_yd19YiBqa88Q==

GET
H/1.1 200
OK moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 91ms
29ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2019 20:13:52 GMT
Server: AmazonS3
x-amz-request-id: CD83941857724976
ETag: "f14b4e1f799b14f798a195f43cf58376"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=20953
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 948
x-amz-id-2: 0ZTpgIpnUMxQCBXeH9ew/82I9oq7GJ2Gfze78bXzMcqS1BRoWTIwh8fvZ+vN96IwbFGZ6f5C0Hk=

GET
H2 200 8d1d82a4-bd55-4dbb-9582-522c77c4d124 Show response
forms.hsforms.com/embed/v3/form/2364596/ 4 KB
1 KB 163ms
163ms Script
application/javascript 2606:4700::6810:5505
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2364596/8d1d82a4-bd55-4dbb-9582-522c77c4d124?callback=hs_reqwest_1&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa325978abf1bcbe3394a9735cb1c14c6a0de9ddff12fb2fb9a62e5f6a832a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
content-disposition: attachment; filename=no-rfd.txt
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 991
server: cloudflare
x-trace: 2B1FAE9BC5F0D091864E8BE34F1B0C20DD317C0E21000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 540077f1a83359fa-VIE

GET
H2 200 a1861c24-9c13-4436-a3e8-7e58b334c431 Show response
forms.hsforms.com/embed/v3/form/2364596/ 19 KB
4 KB 127ms
126ms Script
application/javascript 2606:4700::6810:5505
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2364596/a1861c24-9c13-4436-a3e8-7e58b334c431?callback=hs_reqwest_2&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e05257f824e6ba4fa111e5aecca2ba0087144910cb3bdd247bef02703dd3b6fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B34E2CF8E5E25B006B113D97A069E0D6B9D16525A000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
content-disposition: attachment; filename=no-rfd.txt
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077f1a83559fa-VIE

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

6ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f475f632b4e8b98884378f672af692a899510e09ae053aff7eeb666c9b8ed6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: bZTybtDRUXYr924ifgMI5w==
status: 200
date: Wed, 04 Dec 2019 20:18:16 GMT
expires: Wed, 04 Dec 2019 20:25:42 GMT
alt-svc: h3-23=":443"; ma=3600
content-length: 1779
x-fb-debug: paszKDxHnb7avTUTdJ2IVGHg8i9GZo2yeX8ujONnROasMQsfbexyUArMyW0zlkie3DNaFz+jyDTR4iOA/g17FQ==
x-fb-trip-id: 420120009
x-fb-content-md5: e36a92f153ad334873cc433572378dbf
etag: "044ae3e7397f61a87c06bed08e572e33"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/all.js#xfbml=1&status=0
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40E8) /
Resource Hash: 13c88608140b103dd0eb9040e4466efcb7b0a1d7784bdd802c702e3a25fea222

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 26 Nov 2019 18:14:56 GMT
Server: ECS (fcn/40E8)
Etag: "6448d12e510c748220c730e694411504+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28852

GET
H/1.1 200
OK ipv
cdn.bizible.com/m/ 43 B
569 B 18ms
17ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=e3335c6b502c48fca6e5a1f3c77fb070&_biz_s=8e0225&_biz_l=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&_biz_t=1575490695387&_biz_i=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&_biz_n=0&rnd=130811&cdn_o=a&_biz_z=1575490695953
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (amb/6B75) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Dec 2019 20:18:15 GMT
X-AspNetMvc-Version: 5.2
Last-Modified: Fri, 29 Nov 2019 04:07:12 GMT
Server: ECS (amb/6B75)
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Cache: HIT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, no-store
Accept-Ranges: bytes
Content-Type: Image/GIF
Content-Length: 43
Expires: -1

GET
H2 200 slider-next.png
cdn2.hubspot.net/hubfs/459002/ 472 B
905 B 66ms
64ms Image
image/webp 2606:4700::6811:f4cc
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn2.hubspot.net/hubfs/459002/slider-next.png
Requested by: Host: cdn2.hubspot.net
URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f4cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7231384cd133754beef5f02f5f798657cf0bfd6c9fa385f0423bc9764143349d

Request headers

Referer: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/5443883678/1569526090893/Custom/system/css/quint-featured-blog-v4.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 ef3fdf4c8ab8a4babeb402e6d03ee7c3.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4153660270,P-459002,FLS-ALL
x-amz-cf-pop: VIE50-C1
cf-polished: origFmt=png, origSize=729
edge-cache-tag: F-4153660270,P-459002,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: ECB57438C408EF02
x-amz-id-2: /IEtFhFxla8R3f9dUk4M6sxxvSYV4a0nDHa+y78Q/6kWUr17aZnR/xlYmiHPuPmAp+YXg5mq2hg=
accept-ranges: bytes
last-modified: Fri, 06 Oct 2017 12:02:06 GMT
server: cloudflare
etag: "594558444ee97ed45ad5b7f4ef00becf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
content-disposition: inline; filename="slider-next.webp"
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: MvsMNdHk94mEBmyq0cal0zL7wOs.xENQ
content-length: 472
cf-ray: 540077f1db6d5a12-VIE
x-amz-cf-id: V1vHQP7_oOp6hoTtwPns8bs31C9nuVzSQVFEvdrH9eb3el02Wwi-Cw==
cf-bgj: imgq:85

GET
H2 200 slider-prev.png
cdn2.hubspot.net/hubfs/459002/ 464 B
988 B 28ms
27ms Image
image/webp 2606:4700::6811:f4cc
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn2.hubspot.net/hubfs/459002/slider-prev.png
Requested by: Host: cdn2.hubspot.net
URL: http://cdn2.hubspot.net/hubfs/459002/jquery.min.2.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f4cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c33ded46caef2883f390c1068443591268befb3955b7123382415c0165a36261

Request headers

Referer: https://blog.pixalate.com/hs-fs/hub/2364596/hub_generated/template_assets/5443883678/1569526090893/Custom/system/css/quint-featured-blog-v4.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:15 GMT
via: 1.1 463ec8106e26bd73ca76717b290577c7.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4153660275,P-459002,FLS-ALL
age: 717609
cf-polished: origFmt=png, origSize=735
edge-cache-tag: F-4153660275,P-459002,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 7AB94A9DBB77C4D7
x-amz-id-2: NsNF+Mn2mAB/2DB8Dj7FZzFxz3ybEBUCwrjvMa0kLW67tSKza+yuJHjLvdeRrTzNx4hzMqJThNU=
accept-ranges: bytes
last-modified: Fri, 06 Oct 2017 12:02:06 GMT
server: cloudflare
etag: "173217bbdb4beb0a07877e9e4c19a75b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
content-disposition: inline; filename="slider-prev.webp"
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: HT3y2kRHq_JkLvzfDVQ4vGhBcgSWWOa2
x-amz-cf-pop: PMO50
content-length: 464
cf-ray: 540077f1db6e5a12-VIE
x-amz-cf-id: cm1LvkOatLPrdqyYCiNk4DDpWwJSh8bOasypWVXwEr9UquQdfyuwXg==
cf-bgj: imgq:85

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-54884f47565d2484/ 2 KB
829 B 159ms
158ms Script
application/javascript 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-54884f47565d2484/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.15 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-15.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: dda55958f5925aa09110964105f39e517ed51005c0da3daf056df25d622bbcf6

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
content-encoding: gzip
surrogate-key: ra-54884f47565d2484
server: Jetty(9.4.8.v20180619)
etag: 119378077--gzip
vary: Accept-Encoding
cache-tag: ra-54884f47565d2484
status: 200
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-type: application/javascript;charset=utf-8
content-length: 584

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

http://www.google-analytics.com/r/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=1&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixal...
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=1&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixa...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_gid=2004057757.1575490696&gjid=1304879794&_v=j79&z=1746952732
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_v=j79&z=1746952732
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_v=j79&z=1746952732&slf_rd=1&random=1606404396

42 B
109 B

29ms
29ms

Image
image/gif

2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_v=j79&z=1746952732&slf_rd=1&random=1606404396

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:16 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24557568-1&cid=933755144.1575490696&jid=1367353038&_v=j79&z=1746952732&slf_rd=1&random=1606404396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 134132097137679 Show response
connect.facebook.net/signals/config/ 349 KB
85 KB 66ms
66ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134132097137679?v=2.9.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

9e151e508742f6e89e60a7fdbdba78a4b05ec445a97bff052df1b811814f4431

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: eUIsJ4/HK9m+2FvmOeu5Dh/MJNJCI3gXVgZ8/A7vioXEQj4zuCpHl40oQzYpe7dga84fd015+DHoVsEameiHHQ==
x-fb-trip-id: 420120009
date: Wed, 04 Dec 2019 20:18:16 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 wistia-mux.js Show response
fast.wistia.com/assets/external/ 92 KB
24 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::622
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/wistia-mux.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

df2b19c1f72a6a8904e22da5fa5eab050d224287844db62cc4ca7cb44f3f31e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
content-encoding: br
age: 2699
x-cache: HIT, HIT
status: 200
strict-transport-security: max-age=0
content-length: 24801
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-sea4475-SEA, cache-hhn4055-HHN
x-browser-version: 74
last-modified: Wed, 04 Dec 2019 19:27:40 GMT
x-timer: S1575490696.017167,VS0,VE0
etag: "5de808ac-60e1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 239

GET
H/1.1 200
OK BizibleAcct.js Show response
cdn.bizible.com/ 378 B
880 B 259ms
259ms Script
text/javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.bizible.com/BizibleAcct.js?_biz_u=e3335c6b502c48fca6e5a1f3c77fb070&_biz_h=-1906410348&cdn_o=a&jsVer=4.19.11.01
Requested by: Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b95c36ab99b61c3286c88df4c1bbc3e278a4ddf3882b6e5e3059ec467a551959

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:15 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Etag: F946C67B
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, must-revalidate, max-age=21600
Content-Type: text/javascript; charset=utf-8
Content-Length: 326

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-ttf

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d12183924739a0c3a90d68d21aaa347e62a901671d5a836455935dda54bf0caf

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

Content-Type: application/x-font-ttf;charset=utf-8

GET
H/1.1 200
OK cd27424c7ed43753c876fe62a38838b2778f11a3.webp
embedwistia-a.akamaihd.net/deliveries/ 82 KB
82 KB 1098ms
1026ms Image
image/webp 2.16.186.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embedwistia-a.akamaihd.net/deliveries/cd27424c7ed43753c876fe62a38838b2778f11a3.webp?image_crop_resized=1280x720
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.18 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-18.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: feec9e2ed13cb9ccb991647925a2eacd3c049dbd1f6368791cea849201ea96b3

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:17 GMT
Access-Control-Request-Method: *
Last-Modified: Thu, 07 Sep 2017 21:28:55 UTC
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
Cache-Control: max-age=31535987
content-disposition: inline
Connection: keep-alive
Accept-Ranges: none
Content-Length: 83502
X-Served-By: bakeryaws-breadroute1e-dosa

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,700,300|Open+Sans+Condensed:700|IM+Fell+English:400italic|Quicksand:400,700|Montserrat:400,700,300
Origin: http://blog.pixalate.com

Response headers

date: Wed, 20 Nov 2019 05:05:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1264352
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Thu, 19 Nov 2020 05:05:44 GMT

GET
H/1.1 200
OK widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html
platform.twitter.com/widgets/ Frame 68A2 0
0 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html?origin=http%3A%2F%2Fblog.pixalate.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41AF) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 04 Dec 2019 20:18:16 GMT
Etag: "7d3f6ed140174a20e7c8be261a70a863+gzip"
Last-Modified: Tue, 26 Nov 2019 18:11:58 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41AF)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5816

GET
H2 200 a1861c24-9c13-4436-a3e8-7e58b334c431 Show response
forms.hsforms.com/embed/v3/form/2364596/ 19 KB
4 KB 128ms
128ms Script
application/javascript 2606:4700::6810:5505
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2364596/a1861c24-9c13-4436-a3e8-7e58b334c431?callback=hs_reqwest_3&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

787b04049cd2275f2aee136eb9f4aba8e7d8df537a4e638fe326d0ff4ea208ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2BE8BC7A2950AD2AD3AB52039BB08199D0D3143803000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
content-disposition: attachment; filename=no-rfd.txt
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077f3b9e859fa-VIE

GET
H/1.1 200
OK 2364596.js Show response
js.hs-analytics.net/analytics/1575490500000/ 73 KB
25 KB 151ms
138ms Script
text/javascript 2606:4700::6811:45b0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://js.hs-analytics.net/analytics/1575490500000/2364596.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/hs/scriptloader/2364596.js
Protocol: HTTP/1.1
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a89529f562c219ed2e8a45b162b2032a246bb3f257228c4bde11889b1c72b46

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:16 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
x-amz-request-id: 0EA7A10C1B2023D2
Transfer-Encoding: chunked
Content-Type: text/javascript
Connection: keep-alive
x-amz-id-2: 9kOCVTot13hSbZTxehSJKp/koBmlggjMREZLDQVTrjZqbMS17ZjsQaYAitc4LxgikOzJ2aCrcxw=
Last-Modified: Tue, 29 Oct 2019 20:32:08 GMT
Server: cloudflare
ETag: W/"bedb915d721db25a0e6f23dfb6f430f6"
Vary: Accept-Encoding
x-amz-version-id: null
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: false
CF-RAY: 540077f43e7ccbc0-VIE
Expires: Wed, 04 Dec 2019 20:23:16 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 377 KB
61 KB 153ms
153ms Script
application/javascript 2606:4700::6811:e9cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/hs/scriptloader/2364596.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a55c02888038e59252778d81b592f942ea904c3dca19f539e3376b4a0a0c6b2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
via: 1.1 a6b8be163644b3d1ad05590234a3f70f.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD79-C3
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2019 01:52:48 GMT
server: cloudflare
etag: W/"54006d8d669ba60aff038448ad347c84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-version-id: Mo8RDmG1YId30ggWGmkBlVvLfaalQv4Q
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 540077f41de0cb9c-VIE
x-amz-cf-id: Ld2O09_ZABGTkKRWkwXSKtqIKbCFYlY-JyS8QtZwpF3ZvygtL-iOAA==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 187 KB
56 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=a4ba0b9cc8f25f6c75ea060816f53e16&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

e43d01ea8e63c4574a00b00576b5ba1f5b8e0d42090b22f8c74078cb847a960a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: U+3ho7V6l5odbI+/EEhhpA==
status: 200
date: Wed, 04 Dec 2019 20:18:16 GMT
expires: Thu, 03 Dec 2020 19:06:58 GMT
alt-svc: h3-23=":443"; ma=3600
content-length: 56818
x-fb-debug: ZSmj3ZNNNBe0rJqw0mvrIusUQprS7Ddh1J8Gj2PBlTLn8BfA7LM910SlSDr0ha2kv5dEXGACUz4WyCOSZqPPeA==
x-fb-trip-id: 420120009
x-fb-content-md5: fd58ba9a8317e9ea1dc9abae75f9aebd
etag: "2f52aff0992edf9f05717dd6130e8bcf"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 /
www.facebook.com/tr/ 44 B
257 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134132097137679&ev=PageView&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&rl=&if=false&ts=1575490696367&sw=1600&sh=1200&v=2.9.14&r=stable&ec=0&o=30&fbp=fb.1.1575490696367.143813977&it=1575490695987&coo=false&rqm=GET

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-23=":443"; ma=3600
content-length: 44
expires: Wed, 04 Dec 2019 20:18:16 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,700,300|Open+Sans+Condensed:700|IM+Fell+English:400italic|Quicksand:400,700|Montserrat:400,700,300
Origin: http://blog.pixalate.com

Response headers

date: Thu, 21 Nov 2019 23:39:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 1111142
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 0
expires: Fri, 20 Nov 2020 23:39:14 GMT

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 34ms
34ms Script
application/javascript 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.15 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-232-15.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 04 Dec 2019 20:18:16 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 200 xd_arbiter.php
staticxx.facebook.com/connect/ Frame 7979 0
0 7ms
6ms Document
text/html 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter.php?version=44

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=a4ba0b9cc8f25f6c75ea060816f53e16&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter.php?version=44
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
accept-encoding: gzip, deflate, br
cookie: fr=0c6E6UaoqkCsgHWe2..Bd6BSI...1.0.Bd6BSI.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Response headers

status: 200
content-type: text/html; charset=utf-8
expires: Wed, 02 Dec 2020 02:41:21 GMT
strict-transport-security: max-age=15552000; preload
content-encoding: br
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public,max-age=31536000,immutable
x-fb-debug: E4N1Y6diLKA/9/BSYxMZ8Raqurv5WoZ3e2bjY/TlX8xloCpyt7GBcmCrpI5NmwBpEYY7aCSwey5TI5i1U67jFQ==
content-length: 12363
x-fb-trip-id: 420120009
date: Wed, 04 Dec 2019 20:18:16 GMT
alt-svc: h3-23=":443"; ma=3600

GET
H2 200 /
www.facebook.com/tr/ 44 B
110 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134132097137679&ev=Microdata&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&rl=&if=false&ts=1575490696871&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware%22%2C%22meta%3Adescription%22%3A%22Pixalate%20has%20uncovered%20a%20family%20of%20web%20site%20committing%20session%20hijacking%20%E2%80%94%20a%20form%20of%20Sophisticated%20Invalid%20Traffic%20(SIVT)%2C%20as%20defined%20by%20the%20MRC.%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Pixalate%20has%20uncovered%20a%20family%20of%20web%20site%20committing%20session%20hijacking%20%E2%80%94%20a%20form%20of%20Sophisticated%20Invalid%20Traffic%20(SIVT)%2C%20as%20defined%20by%20the%20MRC.%22%2C%22og%3Atitle%22%3A%22Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.pixalate.com%2Fhubfs%2FBlog_Media%2FBlog%2520photos%2FMomtaxi%2520Pixalate%2520MRT.png%23keepProtocol%22%2C%22og%3Aurl%22%3A%22http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%2F%22%2C%22%40id%22%3A%22https%3A%2F%2Ffast.wistia.net%2Fembed%2Fiframe%2Fbfz1rmsyhr%22%2C%22%40type%22%3A%22VideoObject%22%2C%22duration%22%3A%22PT2M14S%22%2C%22name%22%3A%22Pixalate%20Video%20-%20MomTaxi%20site%22%2C%22thumbnailUrl%22%3A%22https%3A%2F%2Fembed-ssl.wistia.com%2Fdeliveries%2Fcd27424c7ed43753c876fe62a38838b2778f11a3.jpg%3Fimage_crop_resized%3D1280x720%22%2C%22embedUrl%22%3A%22https%3A%2F%2Ffast.wistia.net%2Fembed%2Fiframe%2Fbfz1rmsyhr%22%2C%22uploadDate%22%3A%222017-09-06%22%2C%22description%22%3A%22a%20Pixalate%20Videos%20(Public)%20video%22%7D%5D&sw=1600&sh=1200&v=2.9.14&r=stable&ec=1&o=30&fbp=fb.1.1575490696367.143813977&it=1575490695987&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-23=":443"; ma=3600
content-length: 44
expires: Wed, 04 Dec 2019 20:18:16 GMT

GET
H/1.1 200
OK / Show response
graph.facebook.com/ 275 B
923 B 66ms
60ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: http://graph.facebook.com/?id=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_6dbw0
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Server: 2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash: 87913f04d559ac4658a295416ab5e512ebf8f135435596ff152882bc59444a2d

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:16 GMT
Content-Encoding: gzip
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
x-fb-rev: 1001494434
Connection: keep-alive
Alt-Svc: h3-23=":443"; ma=3600
Content-Length: 209
Pragma: no-cache
X-FB-Debug: l15xjV11NsGOvUOZnMLvSvDsPDl3Jkv4fuok5HwFSDNx60Ywl5kVFfVGbOfz/+MKAIvHCFsh9vFvOCo5wH7aDw==
x-fb-trace-id: G+9GpDHfmut
ETag: "10060f7be56bf0c35a63edd938f7fd52cad431b5"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
x-fb-request-id: AGT5aac7q7C25LKQPy_lKcC
Cache-Control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

shares.json Show response
api-public-oci-origin.addthis.com/url/
Redirect Chain

http://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_enzy0
https://api-public-oci-origin.addthis.com/url/shares.json?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_enzy0

33 B
325 B

350ms
175ms

Script
application/json

129.146.196.240
Oracle Corporation

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public-oci-origin.addthis.com/url/shares.json?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_enzy0

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

129.146.196.240 , United States, ASN31898 (ORACLE-BMC-31898 - Oracle Corporation, US),

Reverse DNS

Software

nginx/1.15.8 /

Resource Hash

d0b58434026ee2114d9c57d86e1ad7ea1ca0a5db5f1a866e8f327f6c1d8772b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
surrogate-key: blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
last-modified: Wed, 04 Dec 2019 20:18:17 GMT
server: nginx/1.15.8
vary: Accept-Encoding
content-type: application/json
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 33

Redirect headers

Location: https://api-public-oci-origin.addthis.com/url/shares.json?url=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_enzy0
Date: Wed, 04 Dec 2019 20:18:17 GMT
Server: nginx/1.15.8
Connection: keep-alive
Content-Length: 171
Content-Type: text/html

GET
H/1.1 200
OK / Show response
graph.facebook.com/ 119 B
786 B 44ms
38ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: http://graph.facebook.com/?id=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_121o0
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Server: 2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash: 4fc961d1f70f372d3ec6bbe832d45509a16b974d85ab8afdac53cc81454e35bd

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 04 Dec 2019 20:18:16 GMT
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
x-fb-rev: 1001494434
Connection: keep-alive
Alt-Svc: h3-23=":443"; ma=3600
Content-Length: 119
Pragma: no-cache
X-FB-Debug: xMIEPWY4eCnAmlxFQrHwqYapNQMjKhCN44IrZThLG0Rbq+a8GgF6YnAFtRWrWle3gr5hMCYFFvx4lFHKVsH+UA==
x-fb-trace-id: EEdZZq1DJHK
ETag: "363342bb1d71f2ab98823c954ada0c0ffcdc55c0"
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
x-fb-request-id: AP6EswpVXCYuy6N6NCG5snq
Cache-Control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

shares.json Show response
api-public-oci-origin.addthis.com/url/
Redirect Chain

http://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_5b5c0
https://api-public-oci-origin.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_5b5c0

33 B
326 B

509ms
175ms

Script
application/json

129.146.196.240
Oracle Corporation

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public-oci-origin.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_5b5c0

Requested by

Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

129.146.196.240 , United States, ASN31898 (ORACLE-BMC-31898 - Oracle Corporation, US),

Reverse DNS

Software

nginx/1.15.8 /

Resource Hash

d0ae78fed69fec7293df1a84d0d26e4f15d4d3342fb4149b2611db2ee9c706ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
surrogate-key: blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
last-modified: Wed, 04 Dec 2019 20:18:17 GMT
server: nginx/1.15.8
vary: Accept-Encoding
content-type: application/json
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 33

Redirect headers

Location: https://api-public-oci-origin.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&callback=_ate.cbs.rcb_5b5c0
Date: Wed, 04 Dec 2019 20:18:17 GMT
Server: nginx/1.15.8
Connection: keep-alive
Content-Length: 171
Content-Type: text/html

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

43 KB
17 KB

7ms
5ms

Script
text/javascript

2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6280
date: Wed, 04 Dec 2019 18:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 04 Dec 2019 20:33:37 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET
H2

200

collect
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=2&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalat...
https://www.google-analytics.com/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=2&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixala...

35 B
108 B

8ms
6ms

Image
image/gif

2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=2&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aEBAAEAB~&jid=&gjid=&cid=933755144.1575490696&tid=UA-24557568-1&_gid=2004057757.1575490696&cg1=%2Fblog&z=923689242

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Nov 2019 12:53:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1149917
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j79&a=1158823179&t=pageview&_s=2&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&ul=en-us&de=UTF-8&dt=Pixalate%20discovers%20sophisticated%20sites%20that%20hijack%20sessions%20without%20malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aEBAAEAB~&jid=&gjid=&cid=933755144.1575490696&tid=UA-24557568-1&_gid=2004057757.1575490696&cg1=%2Fblog&z=923689242
Non-Authoritative-Reason: HSTS

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 45ms
44ms Image
image/gif 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=8d1d82a4-bd55-4dbb-9582-522c77c4d124&fci=bb876da6-7e38-4e13-842a-a6315cbf4f81&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2364596&pi=5317456915&ct=blog-post&ccu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&cpi=5317456915&cgi=4380051770&lpi=5317456915&lvi=5317456915&lvc=en-us&pu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&t=Pixalate+discovers+sophisticated+sites+that+hijack+sessions+without+malware&cts=1575490697687&vi=f60d2038b142e27be161f082c8297cab&nc=true&u=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&b=90197253.1.1575490697682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077fcab0acbb0-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 50ms
49ms Image
image/gif 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=a1861c24-9c13-4436-a3e8-7e58b334c431&fci=361057c6-93d7-43da-a36b-11b25457eb27&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2364596&pi=5317456915&ct=blog-post&ccu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&cpi=5317456915&cgi=4380051770&lpi=5317456915&lvi=5317456915&lvc=en-us&pu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&t=Pixalate+discovers+sophisticated+sites+that+hijack+sessions+without+malware&cts=1575490697689&vi=f60d2038b142e27be161f082c8297cab&nc=true&u=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&b=90197253.1.1575490697682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077fcab0ecbb0-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
214 B 44ms
43ms Image
image/gif 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=8d1d82a4-bd55-4dbb-9582-522c77c4d124&fci=5c32dcdc-1566-48a4-8c1d-73fa7887ad40&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2364596&pi=5317456915&ct=blog-post&ccu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&cpi=5317456915&cgi=4380051770&lpi=5317456915&lvi=5317456915&lvc=en-us&pu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&t=Pixalate+discovers+sophisticated+sites+that+hijack+sessions+without+malware&cts=1575490697690&vi=f60d2038b142e27be161f082c8297cab&nc=true&u=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&b=90197253.1.1575490697682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077fcab10cbb0-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 44ms
43ms Image
image/gif 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=8d1d82a4-bd55-4dbb-9582-522c77c4d124&fci=5c32dcdc-1566-48a4-8c1d-73fa7887ad40&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2364596&pi=5317456915&ct=blog-post&ccu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&cpi=5317456915&cgi=4380051770&lpi=5317456915&lvi=5317456915&lvc=en-us&pu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&t=Pixalate+discovers+sophisticated+sites+that+hijack+sessions+without+malware&cts=1575490697691&vi=f60d2038b142e27be161f082c8297cab&nc=true&u=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&b=90197253.1.1575490697682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077fcab11cbb0-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 45ms
44ms Image
image/gif 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=a1861c24-9c13-4436-a3e8-7e58b334c431&fci=2698f7d9-2d61-478c-9822-f0c2761d264a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2364596&pi=5317456915&ct=blog-post&ccu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&cpi=5317456915&cgi=4380051770&lpi=5317456915&lvi=5317456915&lvc=en-us&pu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&t=Pixalate+discovers+sophisticated+sites+that+hijack+sessions+without+malware&cts=1575490697691&vi=f60d2038b142e27be161f082c8297cab&nc=true&u=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&b=90197253.1.1575490697682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077fcab14cbb0-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 86ms
85ms Image
image/gif 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2364596&pi=5317456915&ct=blog-post&ccu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&cpi=5317456915&cgi=4380051770&lpi=5317456915&lvi=5317456915&lvc=en-us&pu=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&t=Pixalate+discovers+sophisticated+sites+that+hijack+sessions+without+malware&cts=1575490697692&vi=f60d2038b142e27be161f082c8297cab&nc=true&u=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&b=90197253.1.1575490697682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 540077fcab15cbb0-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 hls_video.js Show response
fast.wistia.com/assets/external/engines/ 285 KB
62 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::622
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/engines/hls_video.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

dcb83dae2c32806f87cd99a06f24256e29a9100c6f07147bdf5d55cb2c1cafb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
content-encoding: br
age: 2700
x-cache: HIT, HIT
status: 200
strict-transport-security: max-age=0
content-length: 63804
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-sea4483-SEA, cache-hhn4055-HHN
x-browser-version: 74
last-modified: Wed, 04 Dec 2019 19:27:40 GMT
x-timer: S1575490698.694614,VS0,VE0
etag: "5de808ac-f93c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 168

POST
H2 204 x Show response
distillery.wistia.com/ 0
95 B 318ms
108ms XHR
text/plain 34.236.69.39
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.69.39 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-236-69-39.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type: text/plain

Response headers

status: 204
date: Wed, 04 Dec 2019 20:18:17 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: *

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 167 B
554 B 144ms
144ms XHR
application/json 2606:4700::6810:fc05
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2364596&utk=f60d2038b142e27be161f082c8297cab&__hstc=90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1&__hssc=90197253.1.1575490697682&contentId=5317456915&currentUrl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site

Requested by

Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa7cbeba3c4fd7706bbd1a1a60be76d3afc62ba969e6a5a0848affd7d33b96de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-ray: 540077fcbb67cbb0-VIE
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: http://blog.pixalate.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H/1.1 200
OK roundtrip.js Show response
a.adroll.com/j/ 35 KB
12 KB 75ms
53ms Script
text/javascript 2.16.186.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://a.adroll.com/j/roundtrip.js
Requested by: Host: blog.pixalate.com
URL: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Protocol: HTTP/1.1
Server: 2.16.186.48 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-48.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1894bf26f25a0760600ab765f9b228ada17262e32d1ac3a18ce48e144dfe80f4

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: J7Jf6IQGpyCDjOAhyhZOhCzfX_7vZ6SY
Content-Encoding: gzip
ETag: "4946ab35e9ef900136f721ffc5d975cf"
Last-Modified: Tue, 26 Nov 2019 20:44:45 GMT
Server: AmazonS3
x-amz-request-id: AB387CC23B83C427
x-amz-server-side-encryption: AES256
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=3600, must-revalidate
Date: Wed, 04 Dec 2019 20:18:17 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11216
x-amz-id-2: rmh+Qpe/f9+JHpy0173OAtSo2b47BOj4MTaJP8t8sqoTZ5cAleRtged2+nPINH5le39/89lT2rc=

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 blank.gif
fast.wistia.com/assets/images/ 1 KB
1 KB 6ms
6ms Image
image/gif 2a04:4e42:1b::622
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/assets/images/blank.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

date: Wed, 04 Dec 2019 20:18:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 2701
x-cache: HIT, HIT
status: 200
strict-transport-security: max-age=0
content-length: 1214
x-served-by: cache-sea4458-SEA, cache-hhn4030-HHN
x-browser-version: 74
last-modified: Wed, 04 Dec 2019 14:03:46 GMT
x-timer: S1575490698.735215,VS0,VE0
etag: "5de7bcc2-4be"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 274

GET
H/1.1 200
OK 04e47157d88b64753a6edccbf59d0bbc02f4642a.m3u8 Show response
embedwistia-a.akamaihd.net/deliveries/ 4 KB
5 KB 559ms
491ms XHR
application/vnd.apple.mpegurl 2.16.186.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://embedwistia-a.akamaihd.net/deliveries/04e47157d88b64753a6edccbf59d0bbc02f4642a.m3u8?origin_v2=1
Requested by: Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.18 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-18.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bcd014d2b986d01bf2348954846403eae8b303406e7bc1126cb3d5d5fcb414d8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

Date: Wed, 04 Dec 2019 20:18:18 GMT
Access-Control-Request-Method: *
Expires: Thu, 03 Dec 2020 20:17:55 GMT
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Cache-Control: max-age=31535977
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 4132
X-Served-By: bakeryaws-breadroute1e-tandoor

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/5BQD2CMYB5DNBF3JWVPUSC/index.js
https://s.adroll.com/j/exp/index.js

28 B
680 B

69ms
28ms

Script
application/javascript

72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: YZz6r09yJkoAzJNgNDAYF5y8lZtPwWkk
x-amz-request-id: 23610177B884EC04
x-amz-server-side-encryption: AES256
Date: Wed, 04 Dec 2019 20:18:18 GMT
Connection: keep-alive
Content-Length: 28
x-amz-id-2: U0Ee1ysIJFaq/ysuWkRoJbxsCuXBkEj6V4PLn07xCUtAZtUEJ5o51EqU0eWGoBScBUVlZ3bV7d8=
Last-Modified: Tue, 19 Nov 2019 18:47:22 GMT
Server: AmazonS3
ETag: "5816cced8568d223aa09d889f300692b"
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 04 Dec 2019 20:18:18 GMT
Server: AkamaiGHost
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H2

200

/ Show response
d.adroll.com/consent/check/5BQD2CMYB5DNBF3JWVPUSC/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/5BQD2CMYB5DNBF3JWVPUSC?_s=1696b64230ed7fe110fb1cb215ea1b58&_b=2
https://d.adroll.com/consent/check/5BQD2CMYB5DNBF3JWVPUSC/?_s=1696b64230ed7fe110fb1cb215ea1b58&_b=2

86 B
553 B

57ms
57ms

Script
application/javascript

52.209.158.90
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/5BQD2CMYB5DNBF3JWVPUSC/?_s=1696b64230ed7fe110fb1cb215ea1b58&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.158.90 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-209-158-90.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 0bf74d8944dc1b39c088db09f1155713e798203d45128ae26dffb5a744a7eb8c

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:17 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
content-length: 86

Redirect headers

status: 302
date: Wed, 04 Dec 2019 20:18:17 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/5BQD2CMYB5DNBF3JWVPUSC/?_s=1696b64230ed7fe110fb1cb215ea1b58&_b=2

GET
H/1.1

200
OK

DBJXNZQFNRHYZMMXUKUUPQ.js Show response
s.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA/
Redirect Chain

https://d.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&pv=30828458574.023586&cookie=&adroll_s_ref=&keyw=&arrfrr=...
https://s.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA/DBJXNZQFNRHYZMMXUKUUPQ.js

4 KB
2 KB

91ms
41ms

Script
text/javascript

72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA/DBJXNZQFNRHYZMMXUKUUPQ.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c64f72b8ed1ddf4f0285e511f7dccc5cfebc425c0c7ce5512d58e8e8f21732f1

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: NlRKUr1dgewCuX8hGqwdzYg7qX4faBr2
Content-Encoding: gzip
x-amz-request-id: 6D0F65D30AC510B6
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Wed, 04 Dec 2019 20:18:18 GMT
Connection: keep-alive
Content-Length: 1538
x-amz-id-2: 4n4xTHUnWFKI06KAdfApXH7S0lGH13dr5mM+EccGYpMS3CjV6H4I/v4M1sur8F1+f2ylAui/f/A=
Last-Modified: Wed, 23 Oct 2019 23:05:23 GMT
Server: AmazonS3
ETag: "937bc8156a4df25788a4657a01a3c938"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

date: Wed, 04 Dec 2019 20:18:17 GMT
x-segment-display-name
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
content-length: 0
pragma: no-cache
x-conversion-value: 0.0
server: nginx/1.16.1
x-rule: */*
x-segment-eid: DBJXNZQFNRHYZMMXUKUUPQ
location: https://s.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA/DBJXNZQFNRHYZMMXUKUUPQ.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: 4C74BBE5ONGGFOUG745GWA
x-segment-name: 7c7eb7e2
x-advertisable-eid: 5BQD2CMYB5DNBF3JWVPUSC
x-conversion-currency

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 87ms
72ms Script
text/javascript 72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://s.adroll.com/j/sendrolling.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/pixel/5BQD2CMYB5DNBF3JWVPUSC/4C74BBE5ONGGFOUG745GWA/DBJXNZQFNRHYZMMXUKUUPQ.js
Protocol: HTTP/1.1
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: bIrEGMd6iijtog1S6wRV99x79MQhDedS
Content-Encoding: gzip
x-amz-request-id: A1432E40D252A0B5
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Wed, 04 Dec 2019 20:18:18 GMT
Connection: keep-alive
Content-Length: 2039
x-amz-id-2: 6xdIPAoJXcpZ6QGmofSS+xeKKcNgi/aE1nIvksh0wv/HWLGQnbHRC/Oki5H/uQMwL2m7YtlmHgU=
Last-Modified: Wed, 04 Dec 2019 17:29:12 GMT
Server: AmazonS3
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 1569027256672653 Show response
connect.facebook.net/signals/config/ 349 KB
86 KB 56ms
56ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1569027256672653?v=2.9.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

ae978850520d9ba719145394d38b0003e704b20df79606acb51da8c8c611b79c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: sQIc0kTL7XutGus2ubpTKNbQqlfViRNefbaoOiPzLWXRh/ikzjZ7PEkIZx2++LppyVzzhLWrZGp3ERbbB+I/Vg==
x-fb-trip-id: 420120009
date: Wed, 04 Dec 2019 20:18:18 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://pixel.advertising.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP359b6b92-16d3-11ea-ac71-02...
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP359b6b92-16d3-11ea-ac71-02...

0
503 B

44ms
44ms

Image
text/plain

35.158.167.38
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP359b6b92-16d3-11ea-ac71-020f29226de4&verify=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.158.167.38 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-158-167-38.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Wed, 04 Dec 2019 20:18:18 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Wed, 04 Dec 2019 20:18:18 GMT
strict-transport-security: max-age=31536000
content-length: 0
location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP359b6b92-16d3-11ea-ac71-020f29226de4&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expiration=1607026698
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expiration=1607026698&C=1

43 B
898 B

40ms
40ms

Image
image/gif

72.247.225.98
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expiration=1607026698&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.98 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Dec 2019 20:18:18 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 04 Dec 2019 20:18:18 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 04 Dec 2019 20:18:18 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expiration=1607026698&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Wed, 04 Dec 2019 20:18:18 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expires=365

0
239 B

692ms
173ms

Image
image/gif

8.39.36.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 5daa34953a867809056448757b76591b
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&expires=365
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 124

GET
H2

200

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&rdrctExp=true

0
432 B

142ms
141ms

Image
text/plain

151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&rdrctExp=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:18 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: CHIDC2, MDW, HHN, Europe2
x-traceid: a2352886c0e1554ac5d44050bfd4cd47
x-timer: S1575490698.297379,VS0,VE103
x-cache: MISS, MISS
status: 200
backend-ip: 157.52.75.48
x-cache-hits: 0, 0
accept-ranges: bytes, bytes
content-length: 0
x-served-by: cache-mdw17348-MDW, cache-hhn4046-HHN

Redirect headers

date: Wed, 04 Dec 2019 20:18:18 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: CHIDC2, MDW, HHN, Europe2
x-traceid: 9d6945dbfff1876b7466a3f9a5dde5e2
x-timer: S1575490698.152626,VS0,VE105
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&rdrctExp=true
x-cache: MISS, MISS
status: 302
backend-ip: 157.52.75.22
x-cache-hits: 0, 0
accept-ranges: bytes, bytes
content-length: 0
x-served-by: cache-mdw17322-MDW, cache-hhn4046-HHN

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
862 B

19ms
18ms

Image
text/html

185.64.189.110
PubMatic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Dec 2019 20:18:18 GMT
X-lat: Pug22036:0:414
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Cache-Control: no-store, no-cache, private
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
X-Cnection: close
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 220

GET
H/1.1

200
OK

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
0

10120ms
10038ms

Image
text/html

2a00:1288:110:c305::a000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1288:110:c305::a000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 165

GET
H2

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

0
191 B

45ms
44ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Wed, 04 Dec 2019 20:18:18 GMT
via: 1.1 varnish
server: nginx
x-timer: S1575490698.226024,VS0,VE9
x-served-by: cache-fra19172-FRA
x-cache: MISS
status: 204
accept-ranges: bytes
x-cache-hits: 0

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://eb2.3lift.com/xuid?mid=4714&xuid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&dongle=c85e&gdpr=1&cmp_cs=

37 B
334 B

26ms
26ms

Image
image/gif

35.157.28.223
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&dongle=c85e&gdpr=1&cmp_cs=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.28.223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-28-223.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 04 Dec 2019 20:18:18 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 37
content-type: image/gif

Redirect headers

status: 302
date: Wed, 04 Dec 2019 20:18:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM&dongle=c85e&gdpr=1&cmp_cs=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://x.bidswitch.net/sync?dsp_id=44&user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

43 B
379 B

37ms
37ms

Image
image/gif

35.157.125.245
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.125.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-125-245.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 04 Dec 2019 20:18:18 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

Redirect headers

status: 302
date: Wed, 04 Dec 2019 20:18:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://ib.adnxs.com/setuid?entity=172&code=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

43 B
879 B

93ms
30ms

Image
image/gif

37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Dec 2019 20:18:20 GMT
AN-X-Request-Uuid: ad3702ea-0d91-4c60-a6e0-9855c197685f
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 95.174.67.164; 95.174.67.164; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.37:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
location: https://ib.adnxs.com/setuid?entity=172&code=NjM4MjFmYjc5YzdkMTU0ZTE4MzlhNTQ5ZTA5ODdmYmM
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 93

GET
H2

204

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://idsync.rlcdn.com/377928.gif?partner_uid=63821fb79c7d154e1839a549e0987fbc

0
40 B

174ms
174ms

Image
text/plain

35.190.72.21
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=63821fb79c7d154e1839a549e0987fbc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Wed, 04 Dec 2019 20:18:18 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
location: https://idsync.rlcdn.com/377928.gif?partner_uid=63821fb79c7d154e1839a549e0987fbc
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC
https://us-u.openx.net/w/1.0/sd?id=537103138&val=63821fb79c7d154e1839a549e0987fbc
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=63821fb79c7d154e1839a549e0987fbc

43 B
109 B

40ms
40ms

Image
image/gif

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=63821fb79c7d154e1839a549e0987fbc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.2 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
via: 1.1 google
server: OXGW/16.167.2
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Wed, 04 Dec 2019 20:18:18 GMT
via: 1.1 google
server: OXGW/16.167.2
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=63821fb79c7d154e1839a549e0987fbc
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=08708d951606ecd3a9a64a91b6dce743-1575490697919&xid_ch=f&advertisable=5BQD2CMYB5DNBF3JWVPUSC&google_nid=adroll5
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Y4Ift5x9FU4YOaVJ4Jh_vA
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=Y4Ift5x9FU4YOaVJ4Jh_vA&google_tc=
https://d.adroll.com/cm/g/in

42 B
537 B

68ms
67ms

Image
image/gif

52.209.158.90
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.158.90 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-209-158-90.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 20:18:18 GMT
server: HTTP server (unknown)
location: https://d.adroll.com/cm/g/in
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
156 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1569027256672653&ev=PageView&dl=http%3A%2F%2Fblog.pixalate.com%2Fmomtaxi-session-hijacking-auto-refresh-ad-fraud-site&rl=&if=false&ts=1575490698145&cd[segment_eid]=DBJXNZQFNRHYZMMXUKUUPQ&sw=1600&sh=1200&v=2.9.14&r=stable&ec=0&o=29&fbp=fb.1.1575490696367.143813977&it=1575490695987&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 20:18:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-23=":443"; ma=3600
content-length: 44
expires: Wed, 04 Dec 2019 20:18:18 GMT

GET
H/1.1 200
OK seg-1-v1-a1.ts Show response
embedwistia-a.akamaihd.net/deliveries/04e47157d88b64753a6edccbf59d0bbc02f4642a.m3u8/ 74 KB
74 KB 513ms
513ms XHR
video/mp2t 2.16.186.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://embedwistia-a.akamaihd.net/deliveries/04e47157d88b64753a6edccbf59d0bbc02f4642a.m3u8/seg-1-v1-a1.ts
Requested by: Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.18 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-18.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a3fb5ba01b36ec3b9a1d155b1d5dee6ea09dfc96510081f610cc49e7725c0b10

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com

Response headers

Date: Wed, 04 Dec 2019 20:18:18 GMT
Access-Control-Request-Method: *
Expires: Thu, 03 Dec 2020 20:17:14 GMT
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Cache-Control: max-age=31535936
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 75576
X-Served-By: bakeryaws-breadroute1e-yufka

POST
H/1.1 200
OK mput Show response
pipedream.wistia.com/ 2 B
312 B 369ms
347ms XHR
text/html 52.89.139.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://pipedream.wistia.com/mput?topic=metrics

Requested by

Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js

Protocol

HTTP/1.1

Server

52.89.139.175 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-89-139-175.us-west-2.compute.amazonaws.com

Software

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 04 Dec 2019 20:18:18 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: text/html;charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK perf Show response
blog.pixalate.com/_hcms/ 2 B
662 B 210ms
210ms XHR
text/plain 2606:4700::6811:71b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.pixalate.com/_hcms/perf
Requested by: Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Server: 2606:4700::6811:71b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/json

Response headers

CF-Ray: 5400780f2cffcbc0-VIE
Date: Wed, 04 Dec 2019 20:18:20 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
X-Trace: 2B2387D86C97D5D71BDE38A0C8FA9ED0219B07AB6B000000000000000000
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: none
Content-Length: 2

OPTIONS
H/1.1 200
OK / Show response
fg8vvsvnieiv3ej16jby.litix.io/ 0
247 B 447ms
107ms XHR
text/plain 3.227.144.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://fg8vvsvnieiv3ej16jby.litix.io/
Requested by: Host: cdn.bizible.com
URL: http://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.227.144.17 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-227-144-17.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: http://blog.pixalate.com
Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 04 Dec 2019 20:18:23 GMT
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 0
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET

POST
H/1.1 200
OK / Show response
fg8vvsvnieiv3ej16jby.litix.io/ 0
172 B 108ms
107ms XHR
text/plain 3.227.144.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://fg8vvsvnieiv3ej16jby.litix.io/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.227.144.17 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-227-144-17.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://blog.pixalate.com/momtaxi-session-hijacking-auto-refresh-ad-fraud-site
Origin: http://blog.pixalate.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 04 Dec 2019 20:18:23 GMT
Connection: keep-alive
Content-Length: 0
Access-Control-Allow-Methods: POST, GET

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pixalate.com/	1970-01-19 05:38:12	Name: __hssc Value: 90197253.1.1575490697682
.pixalate.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.facebook.com/	1970-01-19 07:47:46	Name: fr Value: 0c6E6UaoqkCsgHWe2..Bd6BSI...1.0.Bd6BSI.
.pixalate.com/	1970-01-19 14:23:46	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%7D
.pixalate.com/	1970-01-19 07:47:46	Name: _fbp Value: fb.1.1575490696367.143813977
blog.pixalate.com/	1970-01-19 14:23:46	Name: __distillery Value: 64c5733_9394a863-f722-4c5c-8961-1a776979568d-03df09cd6-6d30c9995ad0-12ee
.pixalate.com/	1970-01-19 14:23:46	Name: _biz_uid Value: e3335c6b502c48fca6e5a1f3c77fb070
.pixalate.com/	1970-01-19 14:23:46	Name: _biz_pendingA Value: %5B%5D
.pixalate.com/	1970-01-19 05:39:37	Name: _gid Value: GA1.2.2004057757.1575490696
.pixalate.com/	1970-01-19 23:09:22	Name: _ga Value: GA1.2.933755144.1575490696
.pixalate.com/	1970-01-19 14:23:46	Name: _biz_nA Value: 1
blog.pixalate.com/	1970-01-19 05:38:12	Name: __atuvs Value: 5de81487374276c0000
.pixalate.com/	1970-01-19 05:38:12	Name: _biz_sid Value: 8e0225
.pixalate.com/	1970-01-19 14:59:46	Name: hubspotutk Value: f60d2038b142e27be161f082c8297cab
blog.pixalate.com/	1970-01-19 15:09:51	Name: __atuvc Value: 1%7C49
.pixalate.com/	1970-01-19 14:59:46	Name: __hstc Value: 90197253.f60d2038b142e27be161f082c8297cab.1575490697681.1575490697681.1575490697681.1
blog.pixalate.com/	1969-12-31 23:59:59	Name: loglevel Value: WARN
.blog.pixalate.com/	1969-12-31 23:59:59	Name: __cfruid Value: 8b3584fe31aadaf2826718a069b08024f8d0c9ef-1575490695
.pixalate.com/	1970-01-19 05:38:10	Name: _gat Value: 1
.blog.pixalate.com/	1970-01-19 06:21:22	Name: __cfduid Value: d0024307f926d0ffb55f6a1fea966247c1575490694

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://js.hsforms.net/forms/v2.js(Line 13) Message: Couldn't find target container .footer.pix-news-signup for HubSpot Form a1861c24-9c13-4436-a3e8-7e58b334c431. Not rendering form onto the page

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.adroll.com
ads.yahoo.com
api-public-oci-origin.addthis.com
api-public.addthis.com
blog.pixalate.com
cdn.bizible.com
cdn2.hubspot.net
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
distillery.wistia.com
dsum-sec.casalemedia.com
eb2.3lift.com
embedwistia-a.akamaihd.net
fast.wistia.com
fg8vvsvnieiv3ej16jby.litix.io
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
graph.facebook.com
ib.adnxs.com
idsync.rlcdn.com
js.hs-analytics.net
js.hsforms.net
js.hsleadflows.net
maxcdn.bootstrapcdn.com
pipedream.wistia.com
pixel.advertising.com
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
s.adroll.com
s7.addthis.com
simage2.pubmatic.com
stackpath.bootstrapcdn.com
static.hubspot.com
staticxx.facebook.com
stats.g.doubleclick.net
sync.outbrain.com
track.hubspot.com
trc.taboola.com
ups.analytics.yahoo.com
us-u.openx.net
v1.addthisedge.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
x.bidswitch.net
z.moatads.com
129.146.196.240
151.101.114.2
151.101.14.2
172.217.16.194
185.64.189.110
2.16.186.18
2.16.186.48
2.18.232.15
2001:4de0:ac19::1:b:2b
2001:4de0:ac19::1:b:3a
2606:2800:133:7403:4a68:7eff:710b:1ddf
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5505
2606:4700::6810:fc05
2606:4700::6811:45b0
2606:4700::6811:71b4
2606:4700::6811:ba49
2606:4700::6811:e9cc
2606:4700::6811:f2cc
2606:4700::6811:f4cc
2a00:1288:110:c305::a000
2a00:1450:4001:806::2003
2a00:1450:4001:818::2004
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::2003
2a00:1450:4001:820::200a
2a00:1450:400c:c08::9c
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::622
3.227.144.17
34.236.69.39
34.95.120.147
35.157.125.245
35.157.28.223
35.158.167.38
35.190.72.21
37.252.173.62
52.209.158.90
52.28.145.127
52.89.139.175
72.247.224.172
72.247.225.98
72.247.226.64
8.39.36.142
93.184.220.178
01586a8ad1e043dbae6c7b901ecbbc9f2f58ade2cd73a3af8afe67a84c18c59a
035c0e8822254fe4d2b1741af98a8fbb98b2aeaaab7dbf1a55a3cc204d8b08b7
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08309a7f07ea5531a44c2270c920f0c7310f512401967f5d97e09048840146b9
08f85a5e4b9822bdb6c835c44e083b0f9e4a056e26deda7c7cbd0d5a64b3a058
0bf74d8944dc1b39c088db09f1155713e798203d45128ae26dffb5a744a7eb8c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
125516b61147133fdad84c2f139b44b4396479c006b163057d02a73bf3672aed
13c88608140b103dd0eb9040e4466efcb7b0a1d7784bdd802c702e3a25fea222
1894bf26f25a0760600ab765f9b228ada17262e32d1ac3a18ce48e144dfe80f4
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
23eb75306a47d9df84e6e5a1bf6bffdfd4d2bee3604eace0b0025db2c18fe47b
251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c4eb9ecf12b3ed1715fb6c76f16b65cc42fed88fb7b7175815cc72be708607e
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
48bc887e1845f952350f354d2e85b8d2db8d5ece35a371870b0daad994318053
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fc961d1f70f372d3ec6bbe832d45509a16b974d85ab8afdac53cc81454e35bd
51f8f580cb1282b20683b603c2a9494859a5ee5da723bdc07eda7491d0f71d43
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e95e97ff2ba95b7d83c22fd708da63cfd80413e35c6bd46d834a223d81597b9
685ca908640c88662bf8afdeb49ae01f6c48d743a96741495379e50187b45705
71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394
7231384cd133754beef5f02f5f798657cf0bfd6c9fa385f0423bc9764143349d
74acb31e414ad2354b6e467a9191a6800d29cbaef6d0e2e57701944478cbed4d
75b857fc1e6ed070dffbbbf67e18a4e99ff49d805f5a924a0417ff0138ddf6d8
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1
787b04049cd2275f2aee136eb9f4aba8e7d8df537a4e638fe326d0ff4ea208ad
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bfa53db0a9731fe61f657e0f0d646da3726d385dc9e96b189b874c930601a51
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
839a61bbbe60ea8dd1032fd4e88eff812ae0c65f8f4cda42bb88411151dfc726
87913f04d559ac4658a295416ab5e512ebf8f135435596ff152882bc59444a2d
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9a55c02888038e59252778d81b592f942ea904c3dca19f539e3376b4a0a0c6b2
9a89529f562c219ed2e8a45b162b2032a246bb3f257228c4bde11889b1c72b46
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9e151e508742f6e89e60a7fdbdba78a4b05ec445a97bff052df1b811814f4431
9fc28c5a0aa805d38e272e054b61fac5aedd3e30b763ec73e23b35cbac79e7d2
a3f2ca08c793dc02f2cea9aec445f67b553ef83a0039870cb0c896a25d5f910f
a3fb5ba01b36ec3b9a1d155b1d5dee6ea09dfc96510081f610cc49e7725c0b10
a5d98f9e6d484dc763ba3c26182c61e15a0d6a6fe542d29167390231b5f26598
a613bac553b6d7613ac126b2773e62896b3a3019640d7538c7b0539910e3edfb
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
aa7cbeba3c4fd7706bbd1a1a60be76d3afc62ba969e6a5a0848affd7d33b96de
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179
ae978850520d9ba719145394d38b0003e704b20df79606acb51da8c8c611b79c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b95c36ab99b61c3286c88df4c1bbc3e278a4ddf3882b6e5e3059ec467a551959
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc1ee5027017280427cacd991ea73f1592cbc478f0335ff1dbb9c2c41c43db0a
bcd014d2b986d01bf2348954846403eae8b303406e7bc1126cb3d5d5fcb414d8
c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079
c33ded46caef2883f390c1068443591268befb3955b7123382415c0165a36261
c4197979fbdaa50f515c3b3b6b8588b8d83221e59c561460353078fa52bb4b3b
c5d46c406432516c03941fb8fc5c4d799a7309b3784fcff795612979bcda1e2e
c64f72b8ed1ddf4f0285e511f7dccc5cfebc425c0c7ce5512d58e8e8f21732f1
c8b820b6934a6f26ee52b4fe0cd5572bce9e80f30ec08848fe601c9c5d7e09b2
cf3f3c22f3edd5307cc124785eca888f4b45ebc637d172de7edb72e871e3394b
d0ae78fed69fec7293df1a84d0d26e4f15d4d3342fb4149b2611db2ee9c706ee
d0b58434026ee2114d9c57d86e1ad7ea1ca0a5db5f1a866e8f327f6c1d8772b4
d103456901231230fce5470a6d01f98f933764dd6d3137f441a071800cb661e2
d12183924739a0c3a90d68d21aaa347e62a901671d5a836455935dda54bf0caf
d1e54f3fe3290ecc4c8474d7bee91ecdb173921702de9a8f127ac28a18bacdcf
d34c3af0d3b74cbb878ca4472668ebae02410ed1bfe8e85b244bb582d1dcb2ea
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcb83dae2c32806f87cd99a06f24256e29a9100c6f07147bdf5d55cb2c1cafb7
dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277
dd9deab837bb0082dfa4b2fa8381ac4267ef9fb8f51c387f1e64c70b707fce5a
dda55958f5925aa09110964105f39e517ed51005c0da3daf056df25d622bbcf6
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
df2b19c1f72a6a8904e22da5fa5eab050d224287844db62cc4ca7cb44f3f31e9
e05257f824e6ba4fa111e5aecca2ba0087144910cb3bdd247bef02703dd3b6fc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43d01ea8e63c4574a00b00576b5ba1f5b8e0d42090b22f8c74078cb847a960a
e63918930e9c6948c3c5db63462373afb64724c6d2538236cd676d35edda9ec9
e91889ec0c9c91d100fb5081a8517418c04f09f3cfba6e6464d5308326122ec1
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f475f632b4e8b98884378f672af692a899510e09ae053aff7eeb666c9b8ed6bd
f54b94e67a2d5c83ce9d64cd8a440e2a1291d0d7ef708582dd8d198d9e479ebb
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fa325978abf1bcbe3394a9735cb1c14c6a0de9ddff12fb2fb9a62e5f6a832a12
feec9e2ed13cb9ccb991647925a2eacd3c049dbd1f6368791cea849201ea96b3

blog.pixalate.com Open in urlscan Pro 2606:4700::6811:71b4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

113 Requests

81 %HTTPS

49 %IPv6

40 Domains

53 Subdomains

44 IPs

7 Countries

2039 kBTransfer

5604 kBSize

20 Cookies

31 Outgoing links

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

blog.pixalate.com Open in urlscan Pro
2606:4700::6811:71b4 Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

81 %
HTTPS

49 %
IPv6

40
Domains

53
Subdomains

44
IPs

7
Countries

2039 kB
Transfer

5604 kB
Size

20
Cookies

113 HTTP transactions
4 data transactions