URL: http://www.fsmitha.com/h2/ch09afgh.html
Submission: On September 11 via manual from US — Scanned from DE

Summary

This website contacted 8 IPs in 3 countries across 20 domains to perform 33 HTTP transactions. The main IP is 52.219.121.75, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.fsmitha.com.
This is the only time www.fsmitha.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
4 securepubads.g.doubleclick.net 1 redirects www.fsmitha.com
securepubads.g.doubleclick.net
3 s.adtelligent.com cdn.thisiswaldo.com
s.adtelligent.com
3 www.fsmitha.com www.fsmitha.com
2 www.google-analytics.com www.fsmitha.com
www.google-analytics.com
2 quantcast.mgr.consensu.org cdn.thisiswaldo.com
quantcast.mgr.consensu.org
1 thisiswaldo.com cdn.thisiswaldo.com
1 cdn.thisiswaldo.com www.fsmitha.com
0 test.quantcast.mgr.consensu.org Failed quantcast.mgr.consensu.org
0 edge.quantserve.com Failed quantcast.mgr.consensu.org
0 ssum-sec.casalemedia.com Failed s.adtelligent.com
0 secure-assets.rubiconproject.com Failed s.adtelligent.com
0 ads.pubmatic.com Failed s.adtelligent.com
0 ap.lijit.com Failed s.adtelligent.com
0 rtb.openx.net Failed s.adtelligent.com
0 sync.adtelligent.com Failed s.adtelligent.com
0 ib.adnxs.com Failed s.adtelligent.com
0 ad.360yield.com Failed s.adtelligent.com
0 rtb.gumgum.com Failed s.adtelligent.com
0 s.console.adtarget.com.tr Failed s.adtelligent.com
0 csync.loopme.me Failed s.adtelligent.com
0 ads.us.e-planning.net Failed s.adtelligent.com
0 ic.tynt.com Failed s.adtelligent.com
0 ipfind.co Failed cdn.thisiswaldo.com
33 23

This site contains no links.

Subject Issuer Validity Valid
quantcast.mgr.consensu.org
Amazon
2021-04-24 -
2022-05-23
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-08-23 -
2021-11-15
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-08-23 -
2021-11-15
3 months crt.sh
s.adtelligent.com
ZeroSSL ECC Domain Secure Site CA
2021-08-05 -
2021-11-03
3 months crt.sh
thisiswaldo.com
Go Daddy Secure Certificate Authority - G2
2020-09-22 -
2021-10-24
a year crt.sh

This page contains 11 frames:

Primary Page: http://www.fsmitha.com/h2/ch09afgh.html
Frame ID: F3A90A0A9B9A3EAF0EB0B859D6CD553F
Requests: 15 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=555831
Frame ID: 5EAFF4818F7509256DA6F331ADAF5006
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=563719
Frame ID: F671573EC50E815B1894B1F572D64D60
Requests: 7 HTTP requests in this frame

Frame: https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Frame ID: 0E7008F8C85D0FF78E811B984E03CC66
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=651796
Frame ID: E2F63042873492722E95FC2BACC27495
Requests: 3 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Frame ID: 261171D823432F60023225A8F07B7885
Requests: 1 HTTP requests in this frame

Frame: https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
Frame ID: B4174A898A4590858BBB6141A8EC7A20
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=609096
Frame ID: DA6AB0A0A805AB969877C866E143B6D0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D289657%26extuid%3D
Frame ID: 65D5879DED0367D96AA53955458DE98A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Frame ID: 08F6B604AF8A1C92AF0618F080C8F9E2
Requests: 1 HTTP requests in this frame

Frame: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184-d
Frame ID: 63FD0EDDF26444CDD8129D7961C1315E
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Afghanistan, to the 1930s

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org

Page Statistics

33
Requests

33 %
HTTPS

57 %
IPv6

20
Domains

23
Subdomains

8
IPs

3
Countries

312 kB
Transfer

947 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • http://securepubads.g.doubleclick.net/tag/js/gpt.js HTTP 301
  • https://securepubads.g.doubleclick.net/tag/js/gpt.js
Request Chain 6
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js

33 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ch09afgh.html
www.fsmitha.com/h2/
7 KB
7 KB
Document
General
Full URL
http://www.fsmitha.com/h2/ch09afgh.html
Protocol
HTTP/1.1
Server
52.219.121.75 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-us-west-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
5ae3e796ad5f9a068a52660ebe56cbceefd92414d052b44c8b48638f44b8cd52

Request headers

Host
www.fsmitha.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-amz-id-2
68/HvfBCJKNtO3pIqdl0lwKoPb+mDe4BVSsj4ys00k3l6NmZ7N9cYaaZPZRZE7IFpU+LB40PSAg=
x-amz-request-id
QNY9Q74PDAFC7PRF
Date
Sat, 11 Sep 2021 21:31:50 GMT
Last-Modified
Thu, 12 Dec 2019 01:14:48 GMT
ETag
"0c0cbb83c9dbbe2183eea8ddcbf57c30"
Content-Type
text/html
Server
AmazonS3
Content-Length
6680
styles7b.css
www.fsmitha.com/
4 KB
4 KB
Stylesheet
General
Full URL
http://www.fsmitha.com/styles7b.css
Requested by
Host: www.fsmitha.com
URL: http://www.fsmitha.com/h2/ch09afgh.html
Protocol
HTTP/1.1
Server
52.219.121.75 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-us-west-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
c453c975ac222e472706ea8d5d11ca1fe9aeb8577c62e6da508e70980367ba56

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fsmitha.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.fsmitha.com/h2/ch09afgh.html
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/h2/ch09afgh.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sat, 11 Sep 2021 21:31:50 GMT
Last-Modified
Thu, 12 Dec 2019 01:09:57 GMT
Server
AmazonS3
x-amz-request-id
QNYBBK9JD69XJRVT
ETag
"695b7a9dc7ce08ec6b218f1b0f46d8c0"
Content-Type
text/css
Content-Length
4082
x-amz-id-2
G3V2DrYEVg06Ubyp0AjB5ak/8CQdM0fsAEAfFYEmLU+y7hzSFTv+5Z1ECQRAA0Xy5CiUX/clWfM=
4458.js
cdn.thisiswaldo.com/static/js/
295 KB
88 KB
Script
General
Full URL
http://cdn.thisiswaldo.com/static/js/4458.js
Requested by
Host: www.fsmitha.com
URL: http://www.fsmitha.com/h2/ch09afgh.html
Protocol
HTTP/1.1
Server
2600:9000:2057:da00:f:458e:2a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
3ec9771aa6d2e3dfa78ae475c98b215c8420208e8578b8ae4b192c0fa19eb164
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sat, 11 Sep 2021 16:20:06 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
18708
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Thu, 19 Aug 2021 16:49:23 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"49ba3-5c9ec554652bf-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Via
1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA6-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
x_1TPKp0ZMjCQfDUvPr8PmzVSENNf4QNxGAHU9gsk43Bsa-7WookhA==
styles13.css
www.fsmitha.com/h2/
1023 B
1 KB
Stylesheet
General
Full URL
http://www.fsmitha.com/h2/styles13.css
Requested by
Host: www.fsmitha.com
URL: http://www.fsmitha.com/h2/ch09afgh.html
Protocol
HTTP/1.1
Server
52.219.121.75 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-us-west-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
ed1726f0b46499144b7cb3d567f85497f09f10bf1b0ad1a0db7d3a8aef67974a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fsmitha.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.fsmitha.com/h2/ch09afgh.html
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/h2/ch09afgh.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Sat, 11 Sep 2021 21:31:50 GMT
Last-Modified
Thu, 12 Dec 2019 01:21:16 GMT
Server
AmazonS3
x-amz-request-id
QNY3YQH87W284CVH
ETag
"46e051c5daa8182e376c4fd027e70614"
Content-Type
text/css
Content-Length
1023
x-amz-id-2
mSrkAq+PW5Zzb9oEeAX1UQ79CmF2vjkaQZZYBFRlgkqR2dvBgAW073pe1iwZ9eWkBSzIflj+sgs=
choice.js
quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/www.fsmitha.com/
3 KB
2 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/www.fsmitha.com/choice.js
Requested by
Host: cdn.thisiswaldo.com
URL: http://cdn.thisiswaldo.com/static/js/4458.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ac10056a4a1a75b63c756ce60f655405b40358050bc8d011f54ebbd6e5b738b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Sat, 11 Sep 2021 21:32:00 GMT
content-encoding
br
last-modified
Wed, 10 Feb 2021 19:53:28 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
W/"ef2ba55de66a0c79746dfb2a45e78833"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
via
1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-id
Bl6vDDMpzGLtOM5FHF54TKe04dPigbOxaOw5xxsv_oR-wFhAP2BUVw==
gpt.js
securepubads.g.doubleclick.net/tag/js/
Redirect Chain
  • http://securepubads.g.doubleclick.net/tag/js/gpt.js
  • https://securepubads.g.doubleclick.net/tag/js/gpt.js
71 KB
25 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.fsmitha.com
URL: http://www.fsmitha.com/h2/ch09afgh.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
sffe /
Resource Hash
2bb20b6f1fa70fd76060fede485c9e7e9a7fc76b26662d6294f42df8ebef6d15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 11 Sep 2021 21:31:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"984 / 731 of 1000 / last-modified: 1631311793"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25077
x-xss-protection
0
expires
Sat, 11 Sep 2021 21:31:59 GMT

Redirect headers

Date
Sat, 11 Sep 2021 21:21:32 GMT
X-Content-Type-Options
nosniff
Server
sffe
Age
627
Content-Type
text/html; charset=UTF-8
Location
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Cache-Control
public, max-age=1800
Content-Length
249
X-XSS-Protection
0
Expires
Sat, 11 Sep 2021 21:51:32 GMT
me
ipfind.co/
0
0

analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
48 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.fsmitha.com
URL: http://www.fsmitha.com/h2/ch09afgh.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2702
date
Sat, 11 Sep 2021 20:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Sat, 11 Sep 2021 22:46:57 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
sync.html
s.adtelligent.com/ Frame 5EAF
1 KB
844 B
Document
General
Full URL
https://s.adtelligent.com/sync.html?aid=555831
Requested by
Host: cdn.thisiswaldo.com
URL: http://cdn.thisiswaldo.com/static/js/4458.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
c986ffee22d6e83dc55c5bc2eab1e42d3d2548fca476971727f2bd6bb9e92720

Request headers

Host
s.adtelligent.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
http://www.fsmitha.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/

Response headers

Server
VertaMedia 1.0
Date
Sat, 11 Sep 2021 21:31:59 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
562
Access-Control-Allow-Origin
http://www.fsmitha.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
new-impression
thisiswaldo.com/
1 B
384 B
XHR
General
Full URL
https://thisiswaldo.com/new-impression
Requested by
Host: cdn.thisiswaldo.com
URL: http://cdn.thisiswaldo.com/static/js/4458.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.15.219.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-219-226.us-east-2.compute.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff

Request headers

Referer
http://www.fsmitha.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Sat, 11 Sep 2021 21:31:59 GMT
X-Content-Type-Options
nosniff, nosniff
Server
Apache/2.4.29 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
1
Expires
Sun, 19 Nov 1978 05:00:00 GMT
collect
www.google-analytics.com/j/
2 B
206 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=97441081&t=pageview&_s=1&dl=http%3A%2F%2Fwww.fsmitha.com%2Fh2%2Fch09afgh.html&ul=en-us&de=UTF-8&dt=Afghanistan%2C%20to%20the%201930s&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1111636592&gjid=2049372794&cid=1854784690.1631395920&tid=UA-47063811-12&_gid=2009911256.1631395920&_r=1&_slc=1&z=366785377
Requested by
Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.fsmitha.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 11 Sep 2021 21:31:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://www.fsmitha.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_2021090701.js
securepubads.g.doubleclick.net/gpt/
333 KB
117 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Requested by
Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
sffe /
Resource Hash
ac8d2f2be577b89fdbd26a497ece0c0bc127dd2ed5676119e0055b62e4daf48e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 11 Sep 2021 21:31:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 07 Sep 2021 08:38:19 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119497
x-xss-protection
0
expires
Sat, 11 Sep 2021 21:31:59 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
91 B
113 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.fsmitha.com
Requested by
Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
96d62eb89161ea8e72e7d0a9fe7a8cab8fd61fb5275cf8ea976278853d889f04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 11 Sep 2021 21:31:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
88
x-xss-protection
0
expires
Sat, 11 Sep 2021 21:31:59 GMT
sync.html
s.adtelligent.com/ Frame F671
3 KB
1 KB
Document
General
Full URL
https://s.adtelligent.com/sync.html?aid=563719
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=555831
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
40237b5357003230fdc8e324a8dcdca183ede1bb6e767c259898a2ba18373a4f

Request headers

Host
s.adtelligent.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://s.adtelligent.com/sync.html?aid=555831
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://s.adtelligent.com/sync.html?aid=555831

Response headers

Server
VertaMedia 1.0
Date
Sat, 11 Sep 2021 21:31:59 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
1085
Access-Control-Allow-Origin
https://s.adtelligent.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
d
ic.tynt.com/r/ Frame 0E70
0
0

sync.html
s.adtelligent.com/ Frame E2F6
2 KB
1 KB
Document
General
Full URL
https://s.adtelligent.com/sync.html?aid=651796
Requested by
Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=563719
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
f35d3e36115db3a2292fb57c06949f39b92f41ed34b32e618504a9bf192fd980

Request headers

Host
s.adtelligent.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://s.adtelligent.com/sync.html?aid=563719
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://s.adtelligent.com/sync.html?aid=563719

Response headers

Server
VertaMedia 1.0
Date
Sat, 11 Sep 2021 21:31:59 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
817
Access-Control-Allow-Origin
https://s.adtelligent.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
/
ads.us.e-planning.net/uspd/1/ Frame 2611
0
0

/
csync.loopme.me/ Frame B417
0
0

sync.html
s.console.adtarget.com.tr/ Frame DA6A
0
0

prbds2s
rtb.gumgum.com/usync/ Frame 65D5
0
0

server_match
ad.360yield.com/ Frame F671
0
0

getuid
ib.adnxs.com/ Frame F671
0
0

csync
sync.adtelligent.com/ Frame F671
0
0

prebid
rtb.openx.net/sync/ Frame F671
0
0

pixel
ap.lijit.com/ Frame F671
0
0

csync
sync.adtelligent.com/ Frame F671
0
0

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 08F6
0
0

multi-sync.html
secure-assets.rubiconproject.com/utils/xapi/ Frame 63FD
0
0

usermatchredir
ssum-sec.casalemedia.com/ Frame E2F6
0
0

csync
sync.adtelligent.com/ Frame E2F6
0
0

quant.js
edge.quantserve.com/
0
0

cmp2.js
quantcast.mgr.consensu.org/tcfv2/
179 KB
44 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.fsmitha.com
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/www.fsmitha.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7289837e876c7bbbf1afc71abc4c5383e7f56692abeaa0a72b82e4e721ceba26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.fsmitha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 11 Sep 2021 21:31:02 GMT
content-encoding
br
age
57
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Thu, 02 Sep 2021 17:09:42 GMT
server
AmazonS3
etag
W/"9deb1d626be8c031919272577f54eb7e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
DP2JhGpaQNnliTC4RE1aWq70Gartyf8EFnE-8LtvzZPPdOwIolEfpA==
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ipfind.co
URL
http://ipfind.co/me?auth=3757a9b9-5759-4813-bc1a-7fa0b8ba94c1
Domain
ic.tynt.com
URL
https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Domain
ads.us.e-planning.net
URL
https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Domain
csync.loopme.me
URL
https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
Domain
s.console.adtarget.com.tr
URL
https://s.console.adtarget.com.tr/sync.html?aid=609096
Domain
rtb.gumgum.com
URL
https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D289657%26extuid%3D
Domain
ad.360yield.com
URL
https://ad.360yield.com/server_match?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D289656%26extuid%3D%7BPUB_USER_ID%7D
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID
Domain
sync.adtelligent.com
URL
https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
Domain
rtb.openx.net
URL
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D
Domain
ap.lijit.com
URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID
Domain
sync.adtelligent.com
URL
https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D312412%26extuid%3D%7Buid%7D
Domain
ads.pubmatic.com
URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Domain
secure-assets.rubiconproject.com
URL
https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184-d
Domain
ssum-sec.casalemedia.com
URL
https://ssum-sec.casalemedia.com/usermatchredir?s=189529&cb=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D323546%26extuid%3D
Domain
sync.adtelligent.com
URL
https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D448614%26extuid%3D%7Buid%7D
Domain
edge.quantserve.com
URL
http://edge.quantserve.com/quant.js
Domain
test.quantcast.mgr.consensu.org
URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster function| adDomainCheck function| waldoIsInArray function| waldoInitScripts function| waldoSetTagsOnPage function| isElementInViewport function| isElementInViewport2 function| waldoInitScroll function| waldoSlotRenderEnded function| waldoInitGPT function| waldoInitGPTSingleSlot function| waldoAddSelectMediaCookie function| fetchHeaderBids function| waldoTriggerHB function| waldoAddCloseBtn function| waldoPassbackCheck function| waldoAdxClickFraud function| waldoAdxClickFraudRefresh function| waldoClickFraudNetworkWide function| waldoDelayAdClicks function| waldoInitTags function| hbRefreshBid function| waldoApplyBidGeoRestrictions function| hbRandomMinMaxRefreshMulti function| hbRandomMinMaxRefresh function| hbRandomMinMaxRefreshOnView function| getRandomNumber function| waldoGeoBidsCheck function| waldoGetUserData function| waldoLoadSlot function| waldoCreateCookie function| waldoReadCookie function| waldoEmailDetected function| waldoRecordImpression function| waldoAddCCPAWidget function| waldoSetPbjsUSPString number| refEn string| updateDate number| tagsInitDone object| gptAdSlots string| adDomain object| waldoBreakpoints number| domainValid number| PREBID_TIMEOUT number| interstitialDone object| waldoTimeOuts object| waldoAdRefreshes object| waldoAdXRefreshes object| allAdUnits object| blockAdsOn number| adTagsInitFlag number| siteId number| bidDivAvailable object| waldoTagsStatus object| googletag object| pbjs number| switchUserSync number| waldoImpressionDone string| blockedPageAds number| waldoGDPR object| waldoCountry object| waldoContinent object| waldoDataPointsDone number| closeBtnAdded object| unlimitedRefGeos object| waldoBlockRequestGeos object| waldoNoRefreshGeos object| waldoRefreshOnScollGeos object| waldoGPTSlots object| waldoTagsOnPage object| waldoSlotIds object| waldoDefinedSlots object| waldoAdUnitsAddedToPbjs object| waldoAdRefreshesOnView number| waldoCCPAWidgetAdded undefined| oriRenderAd undefined| waldoVideoSlot number| cmpVersion number| cmpFailureTimeout string| webInterstitialAdId object| waldoScrollSticky number| adTagsInitFinished number| adxOrderId number| enVariableHeightFix number| delayAdClicks number| allowAdClicks object| delayAdClickTimers number| delayAdClickSecs boolean| loadedOnAction boolean| loadOnAction boolean| waldoScrollRefreshEnabled boolean| waldoBlockRequests boolean| waldoNoRefresh number| waldoDisableGeoRestrictions object| countriesToExclude number| browserWidth object| adUnits object| passbackAdUnits undefined| affiliateBanners number| waldoCheckIndividualImps string| waldoOriPathName object| waldo function| __tcfapi function| __uspapi function| pbjsChunk object| _pbjsGlobals object| _clrm string| GoogleAnalyticsObject function| ga number| index object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| ggeac object| google_js_reporting_queue function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| google_reactive_ads_global_state object| _qevents object| regeneratorRuntime function| __tcfapiui

3 Cookies

Domain/Path Name / Value
.fsmitha.com/ Name: _ga
Value: GA1.2.1854784690.1631395920
.fsmitha.com/ Name: _gid
Value: GA1.2.2009911256.1631395920
.fsmitha.com/ Name: _gat
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ads.pubmatic.com
ads.us.e-planning.net
ap.lijit.com
cdn.thisiswaldo.com
csync.loopme.me
edge.quantserve.com
ib.adnxs.com
ic.tynt.com
ipfind.co
quantcast.mgr.consensu.org
rtb.gumgum.com
rtb.openx.net
s.adtelligent.com
s.console.adtarget.com.tr
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
sync.adtelligent.com
test.quantcast.mgr.consensu.org
thisiswaldo.com
www.fsmitha.com
www.google-analytics.com
ad.360yield.com
ads.pubmatic.com
ads.us.e-planning.net
ap.lijit.com
csync.loopme.me
edge.quantserve.com
ib.adnxs.com
ic.tynt.com
ipfind.co
rtb.gumgum.com
rtb.openx.net
s.console.adtarget.com.tr
secure-assets.rubiconproject.com
ssum-sec.casalemedia.com
sync.adtelligent.com
test.quantcast.mgr.consensu.org
142.250.184.194
2600:9000:2057:da00:f:458e:2a80:93a1
2600:9000:2156:6600:9:46dc:4700:93a1
2a00:1450:4001:811::200e
2a0c:5c81:5095:0:225:90ff:fefa:245d
52.15.219.226
52.219.121.75
2bb20b6f1fa70fd76060fede485c9e7e9a7fc76b26662d6294f42df8ebef6d15
3ec9771aa6d2e3dfa78ae475c98b215c8420208e8578b8ae4b192c0fa19eb164
40237b5357003230fdc8e324a8dcdca183ede1bb6e767c259898a2ba18373a4f
5ae3e796ad5f9a068a52660ebe56cbceefd92414d052b44c8b48638f44b8cd52
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7289837e876c7bbbf1afc71abc4c5383e7f56692abeaa0a72b82e4e721ceba26
7ac10056a4a1a75b63c756ce60f655405b40358050bc8d011f54ebbd6e5b738b
96d62eb89161ea8e72e7d0a9fe7a8cab8fd61fb5275cf8ea976278853d889f04
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
ac8d2f2be577b89fdbd26a497ece0c0bc127dd2ed5676119e0055b62e4daf48e
c453c975ac222e472706ea8d5d11ca1fe9aeb8577c62e6da508e70980367ba56
c986ffee22d6e83dc55c5bc2eab1e42d3d2548fca476971727f2bd6bb9e92720
ed1726f0b46499144b7cb3d567f85497f09f10bf1b0ad1a0db7d3a8aef67974a
f35d3e36115db3a2292fb57c06949f39b92f41ed34b32e618504a9bf192fd980
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62