f0587765.xsph.ru Open in urlscan Pro
141.8.192.151 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www1.dramacool.vc/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth
Effective URL:
http://f0587765.xsph.ru/redelivery/auth/pay
Submission: On October 12 via manual (October 12th 2021, 12:10:04 pm UTC) from US — Scanned from DE

Summary HTTP 72 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 20 domains to perform 72 HTTP transactions. The main IP is 141.8.192.151, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is f0587765.xsph.ru.

This is the only time f0587765.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.21.7.106 104.21.7.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	104.26.2.240 104.26.2.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	141.8.192.151 141.8.192.151	35278 (SPRINTHOST) (SPRINTHOST)
23	192.229.221.165 192.229.221.165	15133 (EDGECAST) (EDGECAST)
1	69.16.175.10 69.16.175.10	33438 (HIGHWINDS2) (HIGHWINDS2)
1	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.186.46 142.250.186.46	15169 (GOOGLE) (GOOGLE)
6	184.30.24.193 184.30.24.193	16625 (AKAMAI-AS) (AKAMAI-AS)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	157.240.20.19 157.240.20.19	32934 (FACEBOOK) (FACEBOOK)
1 4	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
1	13.32.29.90 13.32.29.90	16509 (AMAZON-02) (AMAZON-02)
4	104.109.87.90 104.109.87.90	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	66.102.1.154 66.102.1.154	15169 (GOOGLE) (GOOGLE)
5 10	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	142.250.184.228 142.250.184.228	15169 (GOOGLE) (GOOGLE)
5	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	157.240.20.35 157.240.20.35	32934 (FACEBOOK) (FACEBOOK)
72	18

1 104.21.7.106 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www1.dramacool.vc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.2.240 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dramacool.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 141.8.192.151 (Russian Federation) 2 redirects

ASN35278 (SPRINTHOST, RU)
PTR: vilir.from.sh

f0587765.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 192.229.221.165 (United States)

ASN15133 (EDGECAST, US)

reg.usps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN33438 (HIGHWINDS2, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 184.30.24.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-193.deploy.static.akamaitechnologies.com

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.19 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.232 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.29.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-90.fra56.r.cloudfront.net

dap.digitalgov.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.109.87.90 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-87-90.deploy.static.akamaitechnologies.com

resources.digital-cloud-gov.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.102.1.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.244.42.133 (United States) 5 redirects

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-frt3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	usps.com reg.usps.com	125 KB
10	t.co 5 redirects t.co	4 KB
6	google-analytics.com www.google-analytics.com	41 KB
5	twitter.com analytics.twitter.com	2 KB
4	medallia.com resources.digital-cloud-gov.medallia.com resources-dcgov.medallia.com Failed	133 KB
4	googletagmanager.com 1 redirects www.googletagmanager.com	220 KB
3	pinterest.com ct.pinterest.com	1 KB
3	pinimg.com s.pinimg.com	37 KB
3	xsph.ru 2 redirects f0587765.xsph.ru	129 KB
2	facebook.com www.facebook.com	404 B
2	reddit.com alb.reddit.com	197 B
2	facebook.net connect.facebook.net	170 KB
2	dramacool.bid 2 redirects dramacool.bid	1 KB
1	google.com www.google.com	522 B
1	doubleclick.net stats.g.doubleclick.net	461 B
1	digitalgov.gov dap.digitalgov.gov	19 KB
1	ads-twitter.com static.ads-twitter.com	6 KB
1	cloudflare.com cdnjs.cloudflare.com	4 KB
1	jquery.com code.jquery.com	30 KB
1	dramacool.vc 1 redirects www1.dramacool.vc	590 B
72	20

	Domain	Requested by
23	reg.usps.com	f0587765.xsph.ru reg.usps.com
10	t.co	5 redirects f0587765.xsph.ru
6	www.google-analytics.com	f0587765.xsph.ru www.googletagmanager.com
5	analytics.twitter.com	static.ads-twitter.com
4	resources.digital-cloud-gov.medallia.com	f0587765.xsph.ru www.googletagmanager.com
4	www.googletagmanager.com	1 redirects f0587765.xsph.ru
3	ct.pinterest.com	f0587765.xsph.ru
3	s.pinimg.com	f0587765.xsph.ru s.pinimg.com
3	f0587765.xsph.ru	2 redirects
2	www.facebook.com	f0587765.xsph.ru
2	alb.reddit.com	f0587765.xsph.ru
2	connect.facebook.net	f0587765.xsph.ru connect.facebook.net
2	dramacool.bid	2 redirects
1	www.google.com	f0587765.xsph.ru
1	stats.g.doubleclick.net	f0587765.xsph.ru
1	dap.digitalgov.gov	f0587765.xsph.ru
1	static.ads-twitter.com	f0587765.xsph.ru
1	cdnjs.cloudflare.com	f0587765.xsph.ru
1	code.jquery.com	f0587765.xsph.ru
1	www1.dramacool.vc	1 redirects
0	resources-dcgov.medallia.com Failed	f0587765.xsph.ru
72	21

This site contains links to these domains. Also see Links.

Domain
www.usps.com
reg.usps.com
faq.usps.com
about.usps.com
gateway.usps.com
postalinspectors.uspis.gov
www.uspsoig.gov
pe.usps.com
www.postalmuseum.si.edu
www.facebook.com
twitter.com
pinterest.com
www.youtube.com

Subject Issuer	Validity	Valid
*.usps.com DigiCert SHA2 Secure Server CA	`2020-05-14` - `2022-05-16`	2 years	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-22` - `2021-10-20`	3 months	crt.sh
dap.digitalgov.gov Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.digital-cloud-gov.medallia.com DigiCert SHA2 Secure Server CA	`2021-04-19` - `2022-04-27`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-05` - `2022-04-02`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://f0587765.xsph.ru/redelivery/auth/pay
Frame ID: 367E800E91894B15AAC4EEE12B754080
Requests: 72 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

USPS.com® - USPS Tracking®

Page URL History Show full URLs

https://www1.dramacool.vc/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth HTTP 301
http://dramacool.bid/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth HTTP 301
https://dramacool.bid/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth HTTP 302
http://f0587765.xsph.ru/redelivery/auth HTTP 301
http://f0587765.xsph.ru/redelivery/auth/ HTTP 302
http://f0587765.xsph.ru/redelivery/auth/pay Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

72
Requests

88 %
HTTPS

0 %
IPv6

20
Domains

21
Subdomains

18
IPs

4
Countries

918 kB
Transfer

3121 kB
Size

15
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usps.com/

Search URL Search Domain Scan URL

URL: https://reg.usps.com/entreg/assets/html/informed-delivery.html
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://reg.usps.com/entreg/RegistrationPortalAction_input
Title: ContinueCreate Account

Search URL Search Domain Scan URL

URL: https://www.usps.com/help/contact-us.htm
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.usps.com/globals/site-index.htm
Title: Site Index

Search URL Search Domain Scan URL

URL: http://faq.usps.com/
Title: FAQs

Search URL Search Domain Scan URL

URL: http://about.usps.com/
Title: About USPS Home

Search URL Search Domain Scan URL

URL: http://about.usps.com/news/welcome.htm
Title: Newsroom

Search URL Search Domain Scan URL

URL: http://about.usps.com/news/service-alerts/welcome.htm
Title: USPS Service Updates

Search URL Search Domain Scan URL

URL: http://about.usps.com/forms-publications/welcome.htm
Title: Forms & Publications

Search URL Search Domain Scan URL

URL: https://www.usps.com/gov-services/gov-services.htm
Title: Government Services

Search URL Search Domain Scan URL

URL: http://about.usps.com/careers/welcome.htm
Title: Careers

Search URL Search Domain Scan URL

URL: https://gateway.usps.com/
Title: Business Customer Gateway

Search URL Search Domain Scan URL

URL: https://postalinspectors.uspis.gov/
Title: Postal Inspectors

Search URL Search Domain Scan URL

URL: http://www.uspsoig.gov/
Title: Inspector General

Search URL Search Domain Scan URL

URL: http://pe.usps.com/
Title: Postal Explorer

Search URL Search Domain Scan URL

URL: http://www.postalmuseum.si.edu/
Title: National Postal Museum

Search URL Search Domain Scan URL

URL: https://www.usps.com/webtools/welcome.htm
Title: Resources for Developers

Search URL Search Domain Scan URL

URL: http://about.usps.com/who-we-are/privacy-policy/privacy-policy-highlights.htm
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://about.usps.com/termsofuse.htm
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://about.usps.com/who-we-are/foia/welcome.htm
Title: FOIA

Search URL Search Domain Scan URL

URL: http://about.usps.com/who-we-are/no-fear-act/welcome.htm
Title: No FEAR Act EEO Data

Search URL Search Domain Scan URL

URL: http://www.facebook.com/usps

Search URL Search Domain Scan URL

URL: http://twitter.com/usps

Search URL Search Domain Scan URL

URL: http://pinterest.com/uspsstamps/

Search URL Search Domain Scan URL

URL: http://www.youtube.com/usps

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www1.dramacool.vc/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth HTTP 301
http://dramacool.bid/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth HTTP 301
https://dramacool.bid/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth HTTP 302
http://f0587765.xsph.ru/redelivery/auth HTTP 301
http://f0587765.xsph.ru/redelivery/auth/ HTTP 302
http://f0587765.xsph.ru/redelivery/auth/pay Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 25

http://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H HTTP 302
https://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H

Request Chain 38

http://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js HTTP 302
https://resources-dcgov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

Request Chain 54

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eaac6ecf-1880-43aa-b7c4-6e330ecb8997&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay HTTP 301
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eaac6ecf-1880-43aa-b7c4-6e330ecb8997&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Request Chain 55

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=571c11b1-e1dd-400d-86ab-839013ccc0c8&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay HTTP 301
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=571c11b1-e1dd-400d-86ab-839013ccc0c8&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Request Chain 56

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b47de63-e9d0-4c16-8ec9-ea935d59436a&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay HTTP 301
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b47de63-e9d0-4c16-8ec9-ea935d59436a&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Request Chain 57

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=803b847a-c594-49c6-8ee6-630a07022c44&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay HTTP 301
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=803b847a-c594-49c6-8ee6-630a07022c44&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Request Chain 58

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ebec0633-dcec-4be3-ab94-bcc904c37cb4&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay HTTP 301
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ebec0633-dcec-4be3-ab94-bcc904c37cb4&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Request Chain 69

http://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js HTTP 307
https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

72 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request pay Show response
f0587765.xsph.ru/redelivery/auth/
Redirect Chain

https://www1.dramacool.vc/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth
http://dramacool.bid/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth
https://dramacool.bid/scripts/goto.php?url=http://f0587765.xsph.ru/redelivery/auth
http://f0587765.xsph.ru/redelivery/auth
http://f0587765.xsph.ru/redelivery/auth/
http://f0587765.xsph.ru/redelivery/auth/pay

296 KB
129 KB

123ms
122ms

Document
text/html

141.8.192.151
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL

http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

HTTP/1.1

Server

141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU),

Reverse DNS

vilir.from.sh

Software

openresty /

Resource Hash

80f8814d8eb8a670159661a75bc67dcc5183c381ec3d05f0ed3d8afa0bd3ca33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: f0587765.xsph.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: openresty
Date: Tue, 12 Oct 2021 12:09:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip

Redirect headers

Server: openresty
Date: Tue, 12 Oct 2021 12:09:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: pay
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H2 200 usps-fonts.css
reg.usps.com/entreg/assets/css/globals/ 3 KB
950 B 252ms
108ms Stylesheet
text/css 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/css/globals/usps-fonts.css

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7FC7) /

Resource Hash

105e974d53f06bd2dab2baaa2e8da20812ec7d132fd0e86bb27e16b8238cf457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:18 GMT
server: ECAcc (dcb/7FC7)
age: 64864
x-frame-options: SAMEORIGIN, DENY
etag: "cc7-5cb073500ae80+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 870

GET
H2 200 bootstrap.min.css
reg.usps.com/entreg/assets/css/vendor/bootstrap/3.5.5/ 120 KB
20 KB 247ms
104ms Stylesheet
text/css 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7FE5) /

Resource Hash

f4bbc1d72d017bef7a1d71c52e952861b92178cc2dd5378592eb875dfdae9b66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:18 GMT
server: ECAcc (dcb/7FE5)
age: 51782
x-frame-options: SAMEORIGIN, DENY
etag: "1de72-5cb073500ae80+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 20163

GET
H2 200 bootstrap-sticky-footer.css
reg.usps.com/entreg/assets/css/vendor/bootstrap/3.5.5/ 137 B
224 B 246ms
103ms Stylesheet
text/css 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7EDB) /

Resource Hash

bb0e5cffa99e8c888c9acd59e3f6e929ff885f7e255b1af639f5d49dc61e2b32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:20 GMT
server: ECAcc (dcb/7EDB)
age: 75890
x-frame-options: SAMEORIGIN, DENY
etag: "89-5cb07351f3300+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 122

GET
H2 200 theme.css
reg.usps.com/entreg/assets/css/vendor/bootstrap/3.5.5/ 41 KB
9 KB 246ms
103ms Stylesheet
text/css 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/css/vendor/bootstrap/3.5.5/theme.css

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7EE9) /

Resource Hash

4281af5a60949bd04fea6c91a9cbeaf8c67326d2186d5b8d7e5b6746b09fd26d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:22 GMT
server: ECAcc (dcb/7EE9)
age: 51782
x-frame-options: SAMEORIGIN, DENY
etag: "a312-5cb07353db780+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 8965

GET
H2 200 tinyscrollbar.css
reg.usps.com/entreg/assets/css/vendor/tinyscrollbar/ 8 KB
1 KB 241ms
98ms Stylesheet
text/css 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/css/vendor/tinyscrollbar/tinyscrollbar.css

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7350) /

Resource Hash

754f5495d3b6657844c947e0f3c72efed974d32d7370060583ccdaecd80ce856

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7350)
age: 69671
x-frame-options: SAMEORIGIN, DENY
etag: "1ec7-5cb07355c3c00+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 934

GET
H2 200 des_brd_2color_logo_34x50.png
reg.usps.com/entreg/assets/images/ 1 KB
2 KB 244ms
102ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/des_brd_2color_logo_34x50.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/735B) /

Resource Hash

5ffcf42b2df079d5018a41a9ab77bba083a5ba68b0bb973e0054cb6cc16802e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/735B)
age: 33431
etag: "5c4-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 1476

GET
H2 200 des_brd_2color_logo_260x59.png
reg.usps.com/entreg/assets/images/ 9 KB
9 KB 105ms
102ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/des_brd_2color_logo_260x59.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7FE3) /

Resource Hash

dd58c5e5e7042748207f49ef8ac8d2247bc14ab632d0bb8f98ac6e6cdb2bca95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7FE3)
age: 33429
etag: "244d-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 9293

GET
H2 200 rmin-step-1.png
reg.usps.com/entreg/assets/images/ 506 B
581 B 102ms
100ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/rmin-step-1.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7EC4) /

Resource Hash

b3a08dd44a05750d27893ce5557ad47333e42d9be692e494675ea8a6b4a41ec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7EC4)
age: 20191
etag: "1fa-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 506

GET
H2 200 info.png
reg.usps.com/entreg/assets/images/icons/ 633 B
707 B 104ms
102ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/icons/info.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F94) /

Resource Hash

03ca1e2ab37fb3830730e8732c052d69d07d48d5e91f90222584dc85935e612c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7F94)
age: 33435
etag: "279-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 633

GET
H2 200 success-icon.png
reg.usps.com/entreg/assets/images/icons/ 810 B
883 B 110ms
108ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/icons/success-icon.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7379) /

Resource Hash

f9ca3b5aa9e7732b65432f646e07ff0a34841b512d850b040b9fda86f55b35a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7379)
age: 33427
etag: "32a-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 810

GET
H2 200 sorry-icon.png
reg.usps.com/entreg/assets/images/icons/ 826 B
886 B 113ms
112ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/icons/sorry-icon.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7FE9) /

Resource Hash

c21e587f451bafb53b32a72423f894ac1d3c3c9d63f71fc47fe0f190ead12e94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7FE9)
age: 33427
etag: "33a-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 826

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 28ms
8ms Script
application/javascript 69.16.175.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
last-modified: Sat, 20 Jan 2018 17:26:44 GMT
server: nginx
etag: W/"5a637bd4-1538f"
vary: Accept-Encoding
x-hw: 1634040598.dop223.fr8.t,1634040598.cds203.fr8.hn,1634040598.cds002.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 jquery.mask.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/ 8 KB
4 KB 36ms
20ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.min.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 120650
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3038
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-1ff9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NIvcn14b46OHtEE2x30FKH4C6n4OVwdf9D%2BWu6oY3Ok0Bc0vnOtz4J3cWWvTb0M5GqCQcTXWjzYpjtxS8KSCpnTJTjokvqnxlHLHlE5DXYBetY5wChQ3169juDf3QwajAX9oaD6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 69d038eb5fbf2bd2-FRA
expires: Sun, 02 Oct 2022 12:09:58 GMT

GET
H2 200 rmin-step-2.png
reg.usps.com/entreg/assets/images/ 511 B
584 B 115ms
114ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/rmin-step-2.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/734F) /

Resource Hash

e133a609bc86705290d8fc11540fa20a0b45157b409ff6b5c30904668fb4b638

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/734F)
age: 33427
etag: "1ff-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 511

GET
H2 200 logo-mini-sb.png
reg.usps.com/entreg/assets/images/ 23 KB
23 KB 109ms
108ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/logo-mini-sb.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/733E) /

Resource Hash

585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/733E)
age: 33437
etag: "5c49-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 23625

GET
H2 200 facebook54x53.png
reg.usps.com/entreg/assets/images/footer/ 3 KB
3 KB 117ms
115ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/footer/facebook54x53.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/737D) /

Resource Hash

748622d4d088b843e200776ce65e48c3e7e4b3a7c0fc959c691d99def179205e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/737D)
age: 33440
etag: "b31-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 2865

GET
H2 200 twitter54x53.png
reg.usps.com/entreg/assets/images/footer/ 3 KB
3 KB 111ms
109ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/footer/twitter54x53.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7ED4) /

Resource Hash

67a4999a59962445831760592fbdc95e023c6c0884cec51fa7bc7cd22c6e0a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7ED4)
age: 33431
etag: "bae-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 2990

GET
H2 200 pinterest54x53.png
reg.usps.com/entreg/assets/images/footer/ 5 KB
5 KB 107ms
105ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/footer/pinterest54x53.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F62) /

Resource Hash

59f5e4d40c77bc5155713bc956ddb8f4c14e3438d906a920f977073a071fb228

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7F62)
age: 33429
etag: "1580-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 5504

GET
H2 200 youtube54x53.png
reg.usps.com/entreg/assets/images/footer/ 3 KB
3 KB 109ms
107ms Image
image/png 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reg.usps.com/entreg/assets/images/footer/youtube54x53.png

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7ECC) /

Resource Hash

bcafef03600ff7498457c30861f61146e46c7320c085bc27d540c1e2357bc3dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:24 GMT
server: ECAcc (dcb/7ECC)
age: 33431
etag: "cf8-5cb07355c3c00"
x-frame-options: SAMEORIGIN, DENY
x-cache: HIT
content-type: image/png
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
accept-ranges: bytes
content-length: 3320

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

49 KB
19 KB

49ms
13ms

Script
text/javascript

142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Sep 2021 21:34:48 GMT
server: Golfe2
age: 532
date: Tue, 12 Oct 2021 12:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19887
expires: Tue, 12 Oct 2021 14:01:06 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET
H2 200 main.89cd5bf4.js Show response
s.pinimg.com/ct/lib/ 49 KB
17 KB 423ms
403ms Script
application/javascript 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: eb0b072c78ba88e87b07c39c22f9bef724ea89f29f2a195ec4ab33b3bc75797d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "6deee3ea7ecc4a5d9687c1bd57018c16"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
x-fallback: 29bfe64c-104.126.36.215
accept-ranges: bytes
content-length: 17418
access-control-expose-headers: X-CDN

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
833 B 130ms
111ms Script
application/javascript 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1bd4245e90be5fdb85b55be8d976ef43dd849a650d927aa8e57d0995703593f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "24aad983602411080a3eb3958de67f02"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
x-fallback: 29bfe657-104.126.36.215
accept-ranges: bytes
content-length: 584
access-control-expose-headers: X-CDN

GET
H/1.1 200
OK uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 13ms
6ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://static.ads-twitter.com/uwt.js
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: HTTP/1.1
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 12:09:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Sep 2021 23:58:10 GMT
Etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
Vary: Accept-Encoding,Host
x-tw-cdn: FT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-geo-cc_and_ra: DE-NW
Cache-Control: no-cache
X-Cache: HIT, HIT
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 5410
X-Served-By: cache-iad-kcgs7200126-IAD, cache-hhn11559-HHN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 23ms
6ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25967
x-xss-protection: 0
pragma: public
x-fb-debug: tZLkprLSc8PVaVs6otV5/+LpA9d1eF/Z1CTyESKvJYQ3G6jzx50TxtjV8F0PgFhhrEvH4ar/FjlCt4SIYchrcQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 12 Oct 2021 12:09:58 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 45ms
7ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Sep 2021 21:34:48 GMT
server: Golfe2
age: 532
date: Tue, 12 Oct 2021 12:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19887
expires: Tue, 12 Oct 2021 14:01:06 GMT

GET
H2

200

gtm.js Show response
www.googletagmanager.com/
Redirect Chain

http://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H
https://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H

507 KB
106 KB

33ms
31ms

Script
application/javascript

142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b72707f3ed55574cf0942a873f4813e99196f8c9e823470f4fdbaf263b558425

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108305
x-xss-protection: 0
expires: Tue, 12 Oct 2021 12:09:58 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H
Date: Tue, 12 Oct 2021 12:09:58 GMT
Cross-Origin-Resource-Policy: cross-origin
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
Content-Type: text/html; charset=UTF-8

GET
H2 404 uwt.js
reg.usps.com//static.ads-twitter.com/ 0
0 232ms
230ms Script
text/html 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://reg.usps.com//static.ads-twitter.com/uwt.js
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.221.165 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
2 KB 50ms
13ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 11:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 635
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 12 Oct 2021 12:59:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 238 KB
54 KB 53ms
22ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K2FRZL4&l=dataLayer

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

310070012148fa5a7b86e155d5863d8e836ce2eaba39ce6ea406e05825cca245

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55063
x-xss-protection: 0
expires: Tue, 12 Oct 2021 12:09:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 161 KB
60 KB 43ms
15ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3NXP3C8S9V&l=dataLayer&cx=c

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b77ab778dc1acdbe99f1c2e2a84d068718ae130025c9efed4c8752d635aeddad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61018
x-xss-protection: 0
expires: Tue, 12 Oct 2021 12:09:58 GMT

GET
H2 404 gtm.js
reg.usps.com//www.googletagmanager.com/ 0
0 235ms
234ms Script
text/html 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://reg.usps.com//www.googletagmanager.com/gtm.js?id=GTM-MVCC8H
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.221.165 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 jquery-3.4.1.min.js Show response
reg.usps.com/entreg/assets/js/vendor/ 86 KB
30 KB 106ms
103ms Script
application/x-javascript 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/js/vendor/jquery-3.4.1.min.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F29) /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:14 GMT
server: ECAcc (dcb/7F29)
age: 33443
x-frame-options: SAMEORIGIN, DENY
etag: "15851-5cb0734c3a580+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 30719

GET
H2 200 bootstrap.min.js Show response
reg.usps.com/entreg/assets/js/vendor/bootstrap/3.3.5/ 36 KB
10 KB 116ms
113ms Script
application/x-javascript 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/js/vendor/bootstrap/3.3.5/bootstrap.min.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F88) /

Resource Hash

b74f3607fed740eb63f0e6a651c4830b1ce196abdcd8b1f65e2cf94a79439fff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:12 GMT
server: ECAcc (dcb/7F88)
age: 33443
x-frame-options: SAMEORIGIN, DENY
etag: "90bf-5cb0734a52100+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 9821

GET
H2 200 jquery.tinyscrollbar.min.js Show response
reg.usps.com/entreg/assets/js/vendor/tinyscrollbar/ 4 KB
2 KB 99ms
96ms Script
application/x-javascript 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/js/vendor/tinyscrollbar/jquery.tinyscrollbar.min.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7FE9) /

Resource Hash

67525bfe189d055b034036552634ee4b6f5d08f7c25b94aaddbe4e2d9f3776bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:14 GMT
server: ECAcc (dcb/7FE9)
age: 33422
x-frame-options: SAMEORIGIN, DENY
etag: "fd1-5cb0734c3a580+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 1518

GET
H2 200 ie10-viewport-bug-workaround.js Show response
reg.usps.com/entreg/assets/js/vendor/bootstrap/3.3.5/ 459 B
428 B 111ms
108ms Script
application/x-javascript 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://reg.usps.com/entreg/assets/js/vendor/bootstrap/3.3.5/ie10-viewport-bug-workaround.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7ECC) /

Resource Hash

238b4df98a2c023801e777788f40350c1f4ad6599af5eac43d09eff720c79c48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 18:18:16 GMT
server: ECAcc (dcb/7ECC)
age: 33443
x-frame-options: SAMEORIGIN, DENY
etag: "1cb-5cb0734e22a00+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
x-ruleset-version: 2.4
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 340

GET
H2 200 Universal-Federated-Analytics-Min.js Show response
dap.digitalgov.gov/ 18 KB
19 KB 47ms
7ms Script
application/javascript 13.32.29.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=USPS
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-90.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 456e60679a0853b3c885219ac1b8ffa4becb397615e2af7c5b3d8051241f569f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: I0hR6H.cnrZ_sfVWlm0ZTBkdCjg4s9Sc
via: 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
etag: "9e1b714f83b726462a83db0033bac6db"
age: 49317
x-amz-server-side-encryption: AES256
x-edge-origin-shield-skipped: 0
x-amz-replication-status: COMPLETED
x-cache: Hit from cloudfront
content-length: 18764
last-modified: Tue, 14 May 2019 19:41:29 GMT
server: AmazonS3
date: Mon, 11 Oct 2021 22:28:02 GMT
content-type: application/javascript
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-amz-cf-id: RpRRmcIerCGh5-a8FgTLnmWOPjaWeIUwd_fKC5INzdmNfNhCxs_6Jw==

GET
H2 200 embed.js Show response
resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/ 2 KB
993 B 37ms
7ms Script
application/javascript 104.109.87.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/embed.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.87.90 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-87-90.deploy.static.akamaitechnologies.com

Software

Resource Hash

b4d848e473cbae5dcc84a5512f7ab265861b09b890ceb70c28c1cdadc7e1aa54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload;
content-encoding: gzip
last-modified: Wed Aug 04 2021 21:11:22 GMT+0000 (Coordinated Universal Time)
etag: "c41215160623fa45819a5334399b9d81"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
date: Tue, 12 Oct 2021 12:09:58 GMT
accept-ranges: bytes
content-length: 672
expires: Tue, 12 Oct 2021 12:09:58 GMT

GET
H2 200 generic1628111481361.js Show response
resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/ 324 KB
66 KB 38ms
9ms Script
application/javascript 104.109.87.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.87.90 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-87-90.deploy.static.akamaitechnologies.com

Software

Resource Hash

e729ea4c02fd5715ab278665602680ac4cdb09ac02d3a9cef9149b86c865b1f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload;
content-encoding: gzip
last-modified: Wed Aug 04 2021 21:11:22 GMT+0000 (Coordinated Universal Time)
etag: "48228f48000a299224197ad5c6cc8173"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: private, max-age=1328420
date: Tue, 12 Oct 2021 12:09:58 GMT
accept-ranges: bytes
content-length: 66817

GET

generic1628111481361.js
resources-dcgov.medallia.com/wdcgov/2/onsite/
Redirect Chain

http://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js
https://resources-dcgov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

0
0

GET d5af76d8-a90b-4527-b3a3-182207cc3250.woff
reg.usps.com/entreg/assets/fonts/usps/ 0
0

GET 4a9c62ab-b359-4081-8383-a0d1cdebd111.woff
reg.usps.com/entreg/assets/fonts/usps/ 0
0

GET 5b4a262e-3342-44e2-8ad7-719998a68134.woff
reg.usps.com/entreg/assets/fonts/usps/ 0
0

GET
H2 200 snoo.gif
alb.reddit.com/ 42 B
125 B 116ms
99ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/snoo.gif?q=CAAHAAABAAoACQAAAA8sjYvfAA==&s=758ZB25Erv8S36eTAg3XLKvz7xb4K5BBW3pi8UyQQy8=&ts=1634040598673
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 15ms
13ms XHR
text/plain 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j94&aip=1&a=1948835965&t=pageview&_s=1&dl=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&dp=%2Fredelivery%2Fauth%2Fpay&ul=en-us&de=UTF-8&dt=USPS.com%C2%AE%20-%20USPS%20Tracking%C2%AE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAQABAAAAAC~&jid=1945307888&gjid=1881788399&cid=994099757.1634040599&tid=UA-33523145-1&_gid=1906227416.1634040599&_r=1&cd1=USPS&cd2=USPS%20-%20f0587765.xsph.ru&cd3=20181010%20v4.1%20-%20Universal%20Analytics&cd4=unspecified%3Af0587765.xsph.ru&cd5=unspecified%3Af0587765.xsph.ru&cd6=https%3A%2F%2Fdap.digitalgov.gov%2FUniversal-Federated-Analytics-Min.js&cd7=http%3A&z=575993700

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://f0587765.xsph.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://f0587765.xsph.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.30b4c3f2.js Show response
s.pinimg.com/ct/lib/ 54 KB
19 KB 113ms
111ms Script
application/javascript 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.30b4c3f2.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5d1fb4408d347e7a05bb2af2eb9d0441fa4c25c8aa48281f9b7037f7e356b4a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "ada80a35a89edb0ab09f92e1a70d178d"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
x-fallback: 29bfea5b-104.126.36.215
accept-ranges: bytes
content-length: 18906
access-control-expose-headers: X-CDN

GET
H2 200 533374513433337 Show response
connect.facebook.net/signals/config/ 490 KB
144 KB 8ms
7ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/533374513433337?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

72b415042eb981821d60cfbf99cd5ba6e1f2a2ba4bb4f7d3098704b51c5ec557

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 146815
x-xss-protection: 0
pragma: public
x-fb-debug: KsP12GU++m6zUYYAr1+Ho+eyqyP7YXiV2hbwSj8Nv+Bdcm40HYxGzrv/8YM0iXu4CegujCTX6Yyi6BL1Reu2GQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 12 Oct 2021 12:09:58 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-3NXP3C8S9V&gtm=2oeab0&_p=1948835965&sr=1600x1200&ul=en-us&cid=994099757.1634040599&_s=1&dl=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&dt=USPS.com%C2%AE%20-%20USPS%20Tracking%C2%AE&sid=1634040598&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.virtual_site_name=No%20Virtual%20Site%20Name%20Found&ep.query_string=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3NXP3C8S9V&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://f0587765.xsph.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 12:09:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://f0587765.xsph.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
461 B 43ms
14ms XHR
text/plain 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j94&tid=UA-80133954-3&cid=994099757.1634040599&jid=1258842830&gjid=57425372&_gid=1906227416.1634040599&_u=aHHAiUABBAAAAG~&z=930606078

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://f0587765.xsph.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Oct 2021 12:09:58 GMT
content-type: text/plain
access-control-allow-origin: http://f0587765.xsph.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/ 2 KB
993 B 8ms
8ms Script
application/javascript 104.109.87.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/embed.js

Requested by

Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtm.js?id=GTM-MVCC8H

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.87.90 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-87-90.deploy.static.akamaitechnologies.com

Software

Resource Hash

b4d848e473cbae5dcc84a5512f7ab265861b09b890ceb70c28c1cdadc7e1aa54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload;
content-encoding: gzip
last-modified: Wed Aug 04 2021 21:11:22 GMT+0000 (Coordinated Universal Time)
etag: "c41215160623fa45819a5334399b9d81"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
date: Tue, 12 Oct 2021 12:09:58 GMT
accept-ranges: bytes
content-length: 672
expires: Tue, 12 Oct 2021 12:09:58 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j94&a=1948835965&t=pageview&_s=1&dl=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&ul=en-us&de=UTF-8&dt=USPS.com%C2%AE%20-%20USPS%20Tracking%C2%AE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHHAiUABBAAAAC~&jid=1258842830&gjid=57425372&cid=994099757.1634040599&tid=UA-80133954-3&_gid=1906227416.1634040599&cd1=&cd2=&cd3=No%20Sub%20Site%20Found&cd4=No%20Virtual%20Site%20Name%20Found&cd5=GTM-MVCC8H%20%7C%20613&cd6=2021-10-12T12%3A09%3A58.779%2B00%3A00&cd7=false&gtm=2wgab0MVCC8H&cg1=No%20Virtual%20Site%20Name%20Found&cd8=1634040598782.txleyau&cd9=Desktop&cd10=desktop%20page%20-%20is%20not%20responsive&cd14=Form%20-%20No%20Form%20Target%20Category&cd21=&cd22=0&cd30=cookie%20not%20set&cd113=Payment%20Method&cd114=no%20data-gtm-section&cd115=no%20data-gtm-subsection&cd16=994099757.1634040599&z=400265492

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 09:41:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 8888
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 snoo.gif
alb.reddit.com/ 42 B
72 B 96ms
96ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/snoo.gif?q=CAAHAAABAAoACQAAAA8sjYvfAA==&s=758ZB25Erv8S36eTAg3XLKvz7xb4K5BBW3pi8UyQQy8=&ts=1634040598803
Requested by: Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf
reg.usps.com/entreg/assets/fonts/usps/ 0
0

GET 4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf
reg.usps.com/entreg/assets/fonts/usps/ 0
0

GET 1d238354-d156-4dde-89ea-4770ef04b9f9.ttf
reg.usps.com/entreg/assets/fonts/usps/ 0
0

GET
H2

200

adsct
t.co/i/
Redirect Chain

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eaa...
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ea...

43 B
118 B

134ms
120ms

Image
image/gif

104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eaac6ecf-1880-43aa-b7c4-6e330ecb8997&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:59 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d6e931e625125b40905258f308ebd43b9efab56a481b7b6e868fcedaa92f702b
x-transaction: a0da840d9bb24511
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

location: https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eaac6ecf-1880-43aa-b7c4-6e330ecb8997&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay
date: Tue, 12 Oct 2021 12:09:58 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 6dba03140c3b073d4a2bc752d9ed1ea18ed064e28445240f7bea50ae8522a4a0
content-length: 0

GET
H2

200

adsct
t.co/i/
Redirect Chain

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=571...
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=57...

43 B
119 B

130ms
115ms

Image
image/gif

104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=571c11b1-e1dd-400d-86ab-839013ccc0c8&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:59 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d6e931e625125b40905258f308ebd43b9efab56a481b7b6e868fcedaa92f702b
x-transaction: 4499d9e952a3a8a0
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

location: https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=571c11b1-e1dd-400d-86ab-839013ccc0c8&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay
date: Tue, 12 Oct 2021 12:09:58 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 7730de81b58d4dcb3b446b947819d77e80bfa9a5fa33889aefa5dafac51af733
content-length: 0

GET
H2

200

adsct
t.co/i/
Redirect Chain

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b4...
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b...

43 B
118 B

136ms
122ms

Image
image/gif

104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b47de63-e9d0-4c16-8ec9-ea935d59436a&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:59 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d6e931e625125b40905258f308ebd43b9efab56a481b7b6e868fcedaa92f702b
x-transaction: 779412a83753d267
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

location: https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b47de63-e9d0-4c16-8ec9-ea935d59436a&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay
date: Tue, 12 Oct 2021 12:09:58 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 15a17bb75b036cc027644ce37747b4a196924f27b41268f270df4e9da14f8797
content-length: 0

GET
H2

200

adsct
t.co/i/
Redirect Chain

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=803...
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=80...

43 B
118 B

133ms
118ms

Image
image/gif

104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=803b847a-c594-49c6-8ee6-630a07022c44&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:59 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d6e931e625125b40905258f308ebd43b9efab56a481b7b6e868fcedaa92f702b
x-transaction: f44a9d439278474d
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

location: https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=803b847a-c594-49c6-8ee6-630a07022c44&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay
date: Tue, 12 Oct 2021 12:09:58 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: fb51c395b8a27a83c39c653fff15a04b3200b3dafe22f6615d80a059b5af49d0
content-length: 0

GET
H2

200

adsct
t.co/i/
Redirect Chain

http://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ebe...
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eb...

43 B
455 B

129ms
115ms

Image
image/gif

104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ebec0633-dcec-4be3-ab94-bcc904c37cb4&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:59 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d6e931e625125b40905258f308ebd43b9efab56a481b7b6e868fcedaa92f702b
x-transaction: e704cbb457286d97
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

location: https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ebec0633-dcec-4be3-ab94-bcc904c37cb4&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay
date: Tue, 12 Oct 2021 12:09:58 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 444336109ce8a4e6b95e18755d78ad930d13e6081109fb654cb42865172b7e20
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 54ms
32ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j94&tid=UA-80133954-3&cid=994099757.1634040599&jid=1258842830&_u=aHHAiUABBAAAAG~&z=1049880341

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 12:09:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
233 B 132ms
117ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=eaac6ecf-1880-43aa-b7c4-6e330ecb8997&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: http://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e376d2fb4c72bf237da9cdd5187f63311ce558229dfc137d00efb6bbc25766e8
x-transaction: dcc1037d85b2cf6c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
233 B 131ms
115ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=571c11b1-e1dd-400d-86ab-839013ccc0c8&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: http://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e376d2fb4c72bf237da9cdd5187f63311ce558229dfc137d00efb6bbc25766e8
x-transaction: 14f43cfef4b5d7ea
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
234 B 129ms
114ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8b47de63-e9d0-4c16-8ec9-ea935d59436a&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: http://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e376d2fb4c72bf237da9cdd5187f63311ce558229dfc137d00efb6bbc25766e8
x-transaction: d5fe29646cd5e958
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
659 B 127ms
112ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=803b847a-c594-49c6-8ee6-630a07022c44&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: http://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e376d2fb4c72bf237da9cdd5187f63311ce558229dfc137d00efb6bbc25766e8
x-transaction: 59a7eb4b81f2197a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
233 B 120ms
119ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nugcr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ebec0633-dcec-4be3-ab94-bcc904c37cb4&tw_document_href=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: http://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 12 Oct 2021 12:09:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e376d2fb4c72bf237da9cdd5187f63311ce558229dfc137d00efb6bbc25766e8
x-transaction: 4aff3c73a98b6ad2
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 509 B
849 B 44ms
35ms XHR
application/json 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2621041933204&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1634040598886

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-193.deploy.static.akamaitechnologies.com

Software

Resource Hash

94a6a99d600edbc95500272a562e59272de08e27958237353c78b97cb3823b95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn: akamai
akamai-grn: 0.d7247e68.1634040598.29bfec95
x-envoy-upstream-service-time: 5
x-pinterest-rid: 9225690321451134
pin-unauth: dWlkPU56WmpObUZsWW1ZdFpqTmtaUzAwTnpFMUxUaGhOVGd0Tm1VM1pUZ3lNR1JtWkRCag
access-control-allow-origin: http://f0587765.xsph.ru
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: application/json; charset=utf-8
pragma: no-cache
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
content-length: 367
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
334 B 42ms
42ms Image
image/gif 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2621041933204&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&event=init&ad=%7B%22loc%22%3A%22http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2230b4c3f2%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1634040598888

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-193.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 12:09:58 GMT
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.d7247e68.1634040598.29bfecc1
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
content-length: 35
x-pinterest-rid: 8800303273205405
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
313 B 21ms
6ms Image
image/gif 157.240.20.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=533374513433337&ev=PageView&dl=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&rl=&if=false&ts=1634040598929&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.1.1634040598927.734825515&it=1634040598693&coo=false&exp=p0&rqm=GET

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-frt3.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:09:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 12 Oct 2021 12:09:58 GMT

POST
H2 204 / Show response
ct.pinterest.com/md/ 0
274 B 54ms
36ms XHR
text/plain 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/md/

Requested by

Host: f0587765.xsph.ru
URL: http://f0587765.xsph.ru/redelivery/auth/pay

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-193.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: http://f0587765.xsph.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 12:09:59 GMT
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.d7247e68.1634040599.29bfedf0
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1620071756161161
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

generic1628111481361.js Show response
resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/
Redirect Chain

http://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js
https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

324 KB
66 KB

10ms
9ms

Script
application/javascript

104.109.87.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.87.90 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-87-90.deploy.static.akamaitechnologies.com

Software

Resource Hash

e729ea4c02fd5715ab278665602680ac4cdb09ac02d3a9cef9149b86c865b1f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload;
content-encoding: gzip
last-modified: Wed Aug 04 2021 21:11:22 GMT+0000 (Coordinated Universal Time)
etag: "48228f48000a299224197ad5c6cc8173"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: private, max-age=1328419
date: Tue, 12 Oct 2021 12:09:59 GMT
accept-ranges: bytes
content-length: 66817

Redirect headers

Location: https://resources.digital-cloud-gov.medallia.com/wdcgov/2/onsite/generic1628111481361.js
Non-Authoritative-Reason: HSTS

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 15ms
6ms Image
image/gif 157.240.20.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=533374513433337&ev=Microdata&dl=http%3A%2F%2Ff0587765.xsph.ru%2Fredelivery%2Fauth%2Fpay&rl=&if=false&ts=1634040600432&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22USPS.com%C2%AE%20-%20USPS%20Tracking%C2%AE%22%2C%22meta%3Adescription%22%3A%22Create%20a%20USPS.com(registered%20trademark%20symbol)%20account%20to%20print%20shipping%20labels%2C%20request%20a%20Carrier%20Pickup%2C%20buy%20stamps%2C%20shop%2C%20plus%20much%20more.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&fbp=fb.1.1634040598927.734825515&it=1634040598693&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.20.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-frt3.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://f0587765.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 12:10:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Tue, 12 Oct 2021 12:10:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: resources-dcgov.medallia.com
URL: https://resources-dcgov.medallia.com/wdcgov/2/onsite/generic1628111481361.js

Domain: reg.usps.com
URL: https://reg.usps.com/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff

Domain: reg.usps.com
URL: https://reg.usps.com/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff

Domain: reg.usps.com
URL: https://reg.usps.com/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff

Domain: reg.usps.com
URL: https://reg.usps.com/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf

Domain: reg.usps.com
URL: https://reg.usps.com/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf

Domain: reg.usps.com
URL: https://reg.usps.com/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USPS (Transportation)

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.f0587765.xsph.ru/	1970-01-20 15:25:12	Name: _ga Value: GA1.3.994099757.1634040599
.f0587765.xsph.ru/	1970-01-19 21:55:26	Name: _gid Value: GA1.3.1906227416.1634040599
.f0587765.xsph.ru/	1970-01-19 21:54:00	Name: _gat_GSA_ENOR0 Value: 1
f0587765.xsph.ru/	1970-01-20 06:39:36	Name: mdLogger Value: false
.xsph.ru/	1970-01-20 00:03:36	Name: _gcl_au Value: 1.1.167725608.1634040599
.xsph.ru/	1970-01-19 22:37:12	Name: _ga Value: GA1.2.994099757.1634040599
.xsph.ru/	1970-01-19 21:55:26	Name: _gid Value: GA1.2.1906227416.1634040599
.xsph.ru/	1970-01-19 21:54:00	Name: _dc_gtm_UA-80133954-3 Value: 1
.xsph.ru/	1970-01-20 00:03:36	Name: _fbp Value: fb.1.1634040598927.734825515
.f0587765.xsph.ru/	1970-01-20 06:39:36	Name: _pin_unauth Value: dWlkPU56WmpObUZsWW1ZdFpqTmtaUzAwTnpFMUxUaGhOVGd0Tm1VM1pUZ3lNR1JtWkRCag
.twitter.com/	1970-01-20 15:25:12	Name: personalization_id Value: "v1_D4fDQEQwQ9kf/WfYGAvOKw=="
.xsph.ru/	1970-01-20 15:25:12	Name: _ga_3NXP3C8S9V Value: GS1.1.1634040598.1.0.1634040599.0
f0587765.xsph.ru/	1970-01-20 06:39:36	Name: kampyleUserSession Value: 1634040599169
f0587765.xsph.ru/	1970-01-20 06:39:36	Name: kampyleUserSessionsCount Value: 2
f0587765.xsph.ru/	1970-01-20 06:39:36	Name: kampyleSessionPageCounter Value: 1

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://reg.usps.com//static.ads-twitter.com/uwt.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reg.usps.com//www.googletagmanager.com/gtm.js?id=GTM-MVCC8H Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: http://f0587765.xsph.ru/redelivery/auth/pay Message: Access to font at 'https://reg.usps.com/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff' from origin 'http://f0587765.xsph.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reg.usps.com/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://f0587765.xsph.ru/redelivery/auth/pay Message: Access to font at 'https://reg.usps.com/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff' from origin 'http://f0587765.xsph.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reg.usps.com/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://f0587765.xsph.ru/redelivery/auth/pay Message: Access to font at 'https://reg.usps.com/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff' from origin 'http://f0587765.xsph.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reg.usps.com/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://resources-dcgov.medallia.com/wdcgov/2/onsite/generic1628111481361.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: http://f0587765.xsph.ru/redelivery/auth/pay Message: Access to font at 'https://reg.usps.com/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf' from origin 'http://f0587765.xsph.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reg.usps.com/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://f0587765.xsph.ru/redelivery/auth/pay Message: Access to font at 'https://reg.usps.com/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf' from origin 'http://f0587765.xsph.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reg.usps.com/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://f0587765.xsph.ru/redelivery/auth/pay Message: Access to font at 'https://reg.usps.com/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf' from origin 'http://f0587765.xsph.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reg.usps.com/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analytics.twitter.com
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
ct.pinterest.com
dap.digitalgov.gov
dramacool.bid
f0587765.xsph.ru
reg.usps.com
resources-dcgov.medallia.com
resources.digital-cloud-gov.medallia.com
s.pinimg.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www1.dramacool.vc
reg.usps.com
resources-dcgov.medallia.com
104.109.87.90
104.16.18.94
104.21.7.106
104.244.42.133
104.244.42.67
104.26.2.240
13.32.29.90
141.8.192.151
142.250.184.228
142.250.184.232
142.250.186.46
151.101.193.140
157.240.20.19
157.240.20.35
184.30.24.193
192.229.221.165
199.232.136.157
66.102.1.154
69.16.175.10
03ca1e2ab37fb3830730e8732c052d69d07d48d5e91f90222584dc85935e612c
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
105e974d53f06bd2dab2baaa2e8da20812ec7d132fd0e86bb27e16b8238cf457
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1bd4245e90be5fdb85b55be8d976ef43dd849a650d927aa8e57d0995703593f3
238b4df98a2c023801e777788f40350c1f4ad6599af5eac43d09eff720c79c48
2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47
310070012148fa5a7b86e155d5863d8e836ce2eaba39ce6ea406e05825cca245
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
4281af5a60949bd04fea6c91a9cbeaf8c67326d2186d5b8d7e5b6746b09fd26d
456e60679a0853b3c885219ac1b8ffa4becb397615e2af7c5b3d8051241f569f
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf
59f5e4d40c77bc5155713bc956ddb8f4c14e3438d906a920f977073a071fb228
5d1fb4408d347e7a05bb2af2eb9d0441fa4c25c8aa48281f9b7037f7e356b4a8
5ffcf42b2df079d5018a41a9ab77bba083a5ba68b0bb973e0054cb6cc16802e0
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
67525bfe189d055b034036552634ee4b6f5d08f7c25b94aaddbe4e2d9f3776bb
67a4999a59962445831760592fbdc95e023c6c0884cec51fa7bc7cd22c6e0a8a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
72b415042eb981821d60cfbf99cd5ba6e1f2a2ba4bb4f7d3098704b51c5ec557
748622d4d088b843e200776ce65e48c3e7e4b3a7c0fc959c691d99def179205e
754f5495d3b6657844c947e0f3c72efed974d32d7370060583ccdaecd80ce856
80f8814d8eb8a670159661a75bc67dcc5183c381ec3d05f0ed3d8afa0bd3ca33
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
94a6a99d600edbc95500272a562e59272de08e27958237353c78b97cb3823b95
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b3a08dd44a05750d27893ce5557ad47333e42d9be692e494675ea8a6b4a41ec5
b4d848e473cbae5dcc84a5512f7ab265861b09b890ceb70c28c1cdadc7e1aa54
b72707f3ed55574cf0942a873f4813e99196f8c9e823470f4fdbaf263b558425
b74f3607fed740eb63f0e6a651c4830b1ce196abdcd8b1f65e2cf94a79439fff
b77ab778dc1acdbe99f1c2e2a84d068718ae130025c9efed4c8752d635aeddad
bb0e5cffa99e8c888c9acd59e3f6e929ff885f7e255b1af639f5d49dc61e2b32
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
bcafef03600ff7498457c30861f61146e46c7320c085bc27d540c1e2357bc3dc
c21e587f451bafb53b32a72423f894ac1d3c3c9d63f71fc47fe0f190ead12e94
dd58c5e5e7042748207f49ef8ac8d2247bc14ab632d0bb8f98ac6e6cdb2bca95
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e133a609bc86705290d8fc11540fa20a0b45157b409ff6b5c30904668fb4b638
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e729ea4c02fd5715ab278665602680ac4cdb09ac02d3a9cef9149b86c865b1f5
eb0b072c78ba88e87b07c39c22f9bef724ea89f29f2a195ec4ab33b3bc75797d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4bbc1d72d017bef7a1d71c52e952861b92178cc2dd5378592eb875dfdae9b66
f9ca3b5aa9e7732b65432f646e07ff0a34841b512d850b040b9fda86f55b35a0
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

f0587765.xsph.ru Open in urlscan Pro 141.8.192.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

72 Requests

88 %HTTPS

0 %IPv6

20 Domains

21 Subdomains

18 IPs

4 Countries

918 kBTransfer

3121 kBSize

15 Cookies

26 Outgoing links

Page URL History

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

f0587765.xsph.ru Open in urlscan Pro
141.8.192.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

88 %
HTTPS

0 %
IPv6

20
Domains

21
Subdomains

18
IPs

4
Countries

918 kB
Transfer

3121 kB
Size

15
Cookies

72 HTTP transactions
0 data transactions