sansec.io Open in urlscan Pro
2606:4700:3037::ac43:996e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Submission: On April 15 via manual (April 15th 2021, 8:00:15 am UTC) from NL

Summary HTTP 52 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 17 domains to perform 52 HTTP transactions. The main IP is 2606:4700:3037::ac43:996e, located in United States and belongs to CLOUDFLARENET, US. The main domain is sansec.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 5th 2020. Valid for: a year.

This is the only time sansec.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	2606:4700:303... 2606:4700:3037::ac43:996e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	143.204.90.31 143.204.90.31	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1 2	23.111.9.38 23.111.9.38	33438 (HIGHWINDS2) (HIGHWINDS2)
2	2606:4700::68... 2606:4700::6811:915b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	184.73.71.44 184.73.71.44	14618 (AMAZON-AES) (AMAZON-AES)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:710... 2a02:26f0:7100:493::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
2	13.225.87.77 13.225.87.77	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
52	19

19 2606:4700:3037::ac43:996e (United States)

ASN13335 (CLOUDFLARENET, US)

sansec.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 143.204.90.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-90-31.fra50.r.cloudfront.net

js.chargebee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.9.38 (United States) 1 redirects

ASN33438 (HIGHWINDS2, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:915b (United States)

ASN13335 (CLOUDFLARENET, US)

diffuser-cdn.app-us1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prism.app-us1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.73.71.44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-71-44.compute-1.amazonaws.com

trackcmp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:493::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.87.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-77.fra2.r.cloudfront.net

sansec.chargebeestatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	sansec.io sansec.io	452 KB
9	chargebee.com js.chargebee.com	152 KB
5	google.com www.google.com	17 KB
3	gstatic.com www.gstatic.com	285 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
2	chargebeestatic.com sansec.chargebeestatic.com	793 B
2	google-analytics.com www.google-analytics.com	19 KB
2	app-us1.com diffuser-cdn.app-us1.com prism.app-us1.com	6 KB
2	mouseflow.com 1 redirects cdn.mouseflow.com	56 KB
1	twitter.com analytics.twitter.com	652 B
1	t.co t.co	448 B
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	trackcmp.net trackcmp.net	271 B
1	google.de www.google.de	107 B
1	doubleclick.net stats.g.doubleclick.net	83 B
1	googletagmanager.com www.googletagmanager.com	33 KB
52	17

	Domain	Requested by
19	sansec.io	sansec.io diffuser-cdn.app-us1.com static.ads-twitter.com
9	js.chargebee.com	sansec.io js.chargebee.com
5	www.google.com	sansec.io js.chargebee.com www.gstatic.com www.google.com
3	www.gstatic.com	www.google.com
2	sansec.chargebeestatic.com	js.chargebee.com
2	px.ads.linkedin.com	1 redirects sansec.io
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdn.mouseflow.com	1 redirects sansec.io
1	analytics.twitter.com	static.ads-twitter.com
1	t.co	sansec.io
1	www.linkedin.com	1 redirects
1	snap.licdn.com	sansec.io
1	static.ads-twitter.com	sansec.io
1	trackcmp.net	diffuser-cdn.app-us1.com
1	www.google.de	sansec.io
1	stats.g.doubleclick.net	www.google-analytics.com
1	prism.app-us1.com	diffuser-cdn.app-us1.com
1	diffuser-cdn.app-us1.com	sansec.io
1	www.googletagmanager.com	sansec.io
52	19

This site contains links to these domains. Also see Links.

Domain
magento.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
js.chargebee.com Amazon	`2020-04-17` - `2021-05-17`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.mouseflow.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-12` - `2022-09-14`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-03-23` - `2021-06-15`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.trackcmp.net Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-30` - `2021-11-29`	a year	crt.sh
*.chargebeestatic.com Amazon	`2021-04-08` - `2022-05-07`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Frame ID: 51050CD3D6FCCBD3F5F09DAA4381EDF2
Requests: 45 HTTP requests in this frame

Frame: https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html
Frame ID: 4008E1651A9995E69D1C6DFAC960B1F8
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-&co=aHR0cHM6Ly9qcy5jaGFyZ2ViZWUuY29tOjQ0Mw..&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&size=invisible&cb=xm5vt5aycv7
Frame ID: BA76D826491DD9767942C789CC090B2A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /cdn\.mouseflow\.com/i

Page Statistics

52
Requests

100 %
HTTPS

63 %
IPv6

17
Domains

19
Subdomains

19
IPs

3
Countries

1026 kB
Transfer

2197 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://magento.com/blog/magento-news/secure-your-storefront-enhanced-magento-security-scan-tool
Title: Sansec partners with Adobe

Search URL Search Domain Scan URL

URL: https://twitter.com/sansecio

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sansec/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://cdn.mouseflow.com/projects/b8b33745-29ba-4a8d-8a21-4019ba29e934.js HTTP 301
https://cdn.mouseflow.com/projects/b8b33745-29ba-4a8d-8a21-4019ba29e934_eu.js

Request Chain 40

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3076097&time=1618473595743&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3076097%26time%3D1618473595743%26url%3Dhttps%253A%252F%252Fsansec.io%252Fresearch%252Fskimmer-dynamic-exfiltration-shopify-bigcommerce%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3076097&time=1618473595743&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce&liSync=true

52 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request skimmer-dynamic-exfiltration-shopify-bigcommerce Show response
sansec.io/research/ 17 KB
6 KB 135ms
99ms Document
text/html 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7977d65af9fa403e4026ab6691f25fcf0bbcca260ddcc0ac142d99f08d065a3

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: sansec.io
:scheme: https
:path: /research/skimmer-dynamic-exfiltration-shopify-bigcommerce
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-type: text/html
set-cookie: __cfduid=dd4a142d99fb390cfc33008dda468f7771618473579; expires=Sat, 15-May-21 07:59:39 GMT; path=/; domain=.sansec.io; HttpOnly; SameSite=Lax; Secure
last-modified: Fri, 09 Apr 2021 13:40:01 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
x-xss-protection: 1; mode=block
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
cf-cache-status: DYNAMIC
cf-request-id: 0976240ab900004a5c31161000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a1rx9BXwrDuNqsLF49gohKlmB1GziJ8GjFCE6c02bpHag3GyYFG4VxxKgZYsNQH5nv703kbDPYZrPDQqUoDUNotyhyQOhpTQI3qTUTN4r2JeNGGtzv0%3D"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6403a2bdfe9c4a5c-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 main.css
sansec.io/assets/css/ 170 KB
33 KB 17ms
17ms Stylesheet
text/css 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/css/main.css?610a852

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18bd49b636cb93f3a1fed655b51f845cac4750e4e3af34d72b219009a6a19791

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 496177
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240b2300004a5c28bde000000001
last-modified: Wed, 31 Mar 2021 13:28:19 GMT
server: cloudflare
etag: W/"606478f3-8f4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3T%2BpJSHjPVGffvSZF13%2F2Zt8n7RJBTLPo0ZLaxCfZFcJj2lrRCpOfrxSJq5ZG1nbw2%2FP8ueelL6rxs6cbBgfQbXdnMvk9svADrHqzGUQ6jI08W9KLEU%3D"}],"max_age":604800}
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
cf-ray: 6403a2be9fd04a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5c920740857e7a955659f84a82275e36.png
sansec.io/assets/posts/cache/ 111 KB
112 KB 66ms
65ms Image
image/png 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sansec.io/assets/posts/cache/5c920740857e7a955659f84a82275e36.png

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7edcc3f47240b8597821f6efa526c55d583d49f81bda2555fc8862a315947be5

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 113559
cf-request-id: 0976240b2400004a5c76804000000001
last-modified: Mon, 15 Mar 2021 14:45:30 GMT
server: cloudflare
etag: "604f730a-1bb97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YJ%2B7y2%2FamrxcALuQCw%2FKZBwREuLRBetMRdv1RGVJfoKO4L04itOZ%2BAlWXW9zIxl1Gj2z72YKM9a0qMoDqV3gkZBKbuLcT5s0EvMFnZuCFNAthIIT%2FCI%3D"}],"max_age":604800}
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2be9fd44a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 email-decode.min.js Show response
sansec.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 0976240b3700004a5c339f1000000001
last-modified: Tue, 06 Apr 2021 15:06:53 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"606c790d-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QzFOTlMvC6PrlSpX9FTqZVnEQaiVL2gEM%2FEVcr%2Bp2nEQpuW1Bp9yNKVMS%2FVDD%2Fdj4YxOCzaPSkiaRfhIUfDavEyNwtqXPHLYsFbDDNyP5kHo9C7TS9k%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6403a2beb8124a5c-FRA
expires: Sat, 17 Apr 2021 07:59:39 GMT

GET
H2 200 main.js Show response
sansec.io/assets/js/ 33 KB
10 KB 30ms
28ms Script
application/javascript 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/js/main.js?610a852

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e25e160b57d5361fbc6cd0167b94eb4f7219f6d1e4b55add90961bdc24cca317

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 496177
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240b4300004a5c8208d000000001
last-modified: Fri, 09 Apr 2021 10:23:36 GMT
server: cloudflare
etag: W/"60702b28-27cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eiNdV06V8mAtgq4h0ZuxUBxgQq1d%2FEIbipPndTunjTO0vPyQjkXYY4iTb%2F8jllJsCkU0AXuEz0dLqC5Qr2Tvc2lW5W7Xq6pNU8bx3AOaBkLdpmsXOAI%3D"}],"max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
cf-ray: 6403a2bed8364a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 chargebee.js Show response
js.chargebee.com/v2/ 147 KB
45 KB 1485ms
185ms Script
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/chargebee.js

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

711b69add265b2aa2c97a78c67e3cca8fd8ea14657ba6c6f4b3a58ad3e581950

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: NVoBCWUJxOF2m.uDtarsCOENDlYPb8aT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Apr 2021 10:06:59 GMT
server: AmazonS3
age: 212
etag: W/"b8a039c9eff691deb90076e33674b7d6"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:56:08 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 71GgAIk4xe7FrjyDpyjubQG71BlBq9zcTBJQPMWwezgMb6ErKviFHQ==

GET
H2 200 sticky.js Show response
sansec.io/assets/js/ 7 KB
2 KB 13ms
12ms Script
application/javascript 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/js/sticky.js?610a852

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

580868265f2dea6cefa223b99a6f623914fcab69bdc225db9d0b174663472a6d

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6385
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240b4300004a5c19b21000000001
last-modified: Fri, 09 Apr 2021 10:23:36 GMT
server: cloudflare
etag: W/"60702b28-889"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Pz2FXFHZr6sXxL6j2nRtQpPL5SQGWWMaRBMyPgyxDPr90hKwPEmzKir%2F5yW2UoNPEtCPQWtYhsO0d%2Fl1T8P0hPStGeHW%2FoSHy5CRGAqBMdoksLbmzlk%3D"}],"max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
cf-ray: 6403a2bed8384a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 newsletter.js Show response
sansec.io/assets/js/ 5 KB
2 KB 14ms
13ms Script
application/javascript 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/js/newsletter.js?610a852

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49cbb241a93b99bc973ecd438a9e854efcdcf35b9e4deee6ae08838923281872

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 496177
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240b4300004a5c5fbdf000000001
last-modified: Fri, 09 Apr 2021 10:23:36 GMT
server: cloudflare
etag: W/"60702b28-8a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yHLWne6HQJo5g5XGcPEqRY1SPeRPH%2BoCDNLoMMxuMsAZ5PxViGQslFY6r1n710fxX%2FK4ML5SRRGsRCfD9CcVhyA7sfDXguS1wMvGMewloSuZricfwNA%3D"}],"max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
cf-ray: 6403a2bed8394a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 83 KB
33 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W4VK6TQ

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

03f746e3a6a06eadf028bbcdc44dd55a4076010de5b6e6927c6bab728e6ac3da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33170
x-xss-protection: 0
last-modified: Thu, 15 Apr 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Apr 2021 07:59:39 GMT

GET
H2

200

b8b33745-29ba-4a8d-8a21-4019ba29e934_eu.js Show response
cdn.mouseflow.com/projects/
Redirect Chain

https://cdn.mouseflow.com/projects/b8b33745-29ba-4a8d-8a21-4019ba29e934.js
https://cdn.mouseflow.com/projects/b8b33745-29ba-4a8d-8a21-4019ba29e934_eu.js

168 KB
56 KB

463ms
463ms

Script
application/javascript

23.111.9.38
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mouseflow.com/projects/b8b33745-29ba-4a8d-8a21-4019ba29e934_eu.js
Requested by: Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.38 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 64d4add5c9a8cf5cfe2f46abb2dc1042a4c6ad74e147ba1c0445c794f491e4e4

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:43 GMT
content-encoding: gzip
last-modified: Tue, 23 Mar 2021 07:00:18 GMT
server: NetDNA-cache/2.2
etag: W/"9a66332fb21fd71:0"
x-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400

Redirect headers

location: https://cdn.mouseflow.com/projects/b8b33745-29ba-4a8d-8a21-4019ba29e934_eu.js
date: Thu, 15 Apr 2021 07:59:39 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
content-length: 178
content-type: text/html

GET
DATA 200
OK truncated
/ 251 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9ee7f58d1e1c68286e86cae5e9a779818504a2b5a2280913ddf57487367dc99

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb184b98ef46f9a0917d5b0832a2f71468679c8befc102807fc04591ef28e9f9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 visby-cf-extra-bold.woff2
sansec.io/assets/fonts/ 19 KB
20 KB 19ms
15ms Font
font/woff2 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/fonts/visby-cf-extra-bold.woff2

Requested by

Host: sansec.io
URL: https://sansec.io/assets/css/main.css?610a852

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c7ffbdfe3ead838c2c9570120bc7ca9c05ae9d525cef15bc61cf130f6fabd51

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Origin: https://sansec.io
Referer: https://sansec.io/assets/css/main.css?610a852
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6385
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19780
cf-request-id: 0976240b5100004a5c339f3000000001
last-modified: Thu, 11 Mar 2021 11:50:38 GMT
server: cloudflare
etag: "604a040e-4d44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=prYyQxMNA%2Fj2Ov7ujn%2BHY%2FAepehLauf3vFY6tuBSgmh1uM8DawlBJC%2BctTmRh15UlTPvCx3P8jhV1TgbjdsFJoZqKEOA5B1iCK3W3tJs2pi5bXSSEGw%3D"}],"max_age":604800}
content-type: font/woff2
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2bee8684a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 visby-cf-demi-bold.woff2
sansec.io/assets/fonts/ 19 KB
20 KB 16ms
13ms Font
font/woff2 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/fonts/visby-cf-demi-bold.woff2

Requested by

Host: sansec.io
URL: https://sansec.io/assets/css/main.css?610a852

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f79da08498e17778025277d002d90a8c6d5b527a1a86fafd73fc712be7ce9ce7

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Origin: https://sansec.io
Referer: https://sansec.io/assets/css/main.css?610a852
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1156
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19840
cf-request-id: 0976240b5200004a5c5184e000000001
last-modified: Thu, 11 Mar 2021 11:50:38 GMT
server: cloudflare
etag: "604a040e-4d80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yIW%2BH7FrCwmYT1yUw7kKP%2BAkQflgigKpZA9Q%2B0d0pD%2BBioGNVGiFHe%2BrYEGDL6%2FM%2BMZ6bWBQxQB3DS7ioAg7LPnPdW1NJFNL2cF1%2Be2GCcRszG2s5SY%3D"}],"max_age":604800}
content-type: font/woff2
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2bee86c4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 visby-cf-bold.woff2
sansec.io/assets/fonts/ 19 KB
20 KB 22ms
19ms Font
font/woff2 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/fonts/visby-cf-bold.woff2

Requested by

Host: sansec.io
URL: https://sansec.io/assets/css/main.css?610a852

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8261230c3d5031cf450b3bdf4c50af1ff5552bd14b0ba56c023254a62cb5872

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Origin: https://sansec.io
Referer: https://sansec.io/assets/css/main.css?610a852
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6385
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19816
cf-request-id: 0976240b5200004a5c538bf000000001
last-modified: Thu, 11 Mar 2021 11:50:38 GMT
server: cloudflare
etag: "604a040e-4d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yflOhTqW7QY%2FLVkR31nZsqF%2FFxZHaJ6ydwQTOvdoDEL%2BIjF2MnEnn7RZ78WBx2D47IDHiEwFEtrm%2BLLRKIih66AEiWq6BAoLB%2Fo3qMU%2FD95KFKsgD64%3D"}],"max_age":604800}
content-type: font/woff2
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2bee86e4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 roboto-regular.woff2
sansec.io/assets/fonts/ 15 KB
16 KB 15ms
14ms Font
font/woff2 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/fonts/roboto-regular.woff2

Requested by

Host: sansec.io
URL: https://sansec.io/assets/css/main.css?610a852

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Origin: https://sansec.io
Referer: https://sansec.io/assets/css/main.css?610a852
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6385
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15736
cf-request-id: 0976240b5300004a5c1a15f000000001
last-modified: Thu, 11 Mar 2021 11:50:38 GMT
server: cloudflare
etag: "604a040e-3d78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OIKHJ%2FvaG1BJ1a%2FqPyuMcAXIbHXwnPaA20bpxlZeRPY%2Fmg6tE3ZpT3lim%2Bv4yIiiw9P82jGvrIv94qtMbSS0BsuutHzgexj%2FT6kdcYCtRnoEn%2F6s1yM%3D"}],"max_age":604800}
content-type: font/woff2
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2bee8704a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 roboto-italic.woff2
sansec.io/assets/fonts/ 17 KB
17 KB 19ms
18ms Font
font/woff2 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/assets/fonts/roboto-italic.woff2

Requested by

Host: sansec.io
URL: https://sansec.io/assets/css/main.css?610a852

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

401e6c25801ba2d59795d05a6dd973f95566b41070d3939ba9307d65860ae50e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Origin: https://sansec.io
Referer: https://sansec.io/assets/css/main.css?610a852
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6385
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17324
cf-request-id: 0976240b5200004a5c612b0000000001
last-modified: Thu, 11 Mar 2021 11:50:38 GMT
server: cloudflare
etag: "604a040e-43ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kMvuRtQu5RQgs4p0dtpBVo2860h9%2FJ2F1pJaT%2FSPKEUI2k44Re%2F6ViNOQEh%2FYDff%2Fq9dyMlx3As4nnO2jCExdiUHjQHLGvLft5X72SoU1e81sd%2BiNg0%3D"}],"max_age":604800}
content-type: font/woff2
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2bee8734a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 204 csp-report.php
sansec.io/scripts/ 0
257 B 42ms
41ms Other
text/plain 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/scripts/csp-report.php

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kU6BLdFTdHlwh9HVnCOkjcpsmo2yADOl48jHd1GIrMit1dolMhivOX5cG49T3r0RHl0tFDbCVCf1Gxr6h7nfcXREtPGmnF0Jr2f2I9eDec53CXBRELY%3D"}],"max_age":604800}
x-xss-protection: 1; mode=block
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
cf-ray: 6403a2c10ce54a5c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240ca600004a5c48818000000001

GET
H2 200 diffuser.js Show response
diffuser-cdn.app-us1.com/diffuser/ 24 KB
6 KB 43ms
26ms Script
application/javascript 2606:4700::6811:915b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Requested by: Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:915b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07ef661be38be006eb690a15613c557d418b8780900ff490545bb2b75d23fcd7

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 159
x-cache: Hit from cloudfront
cf-request-id: 0976240cba00002c2aa002b000000001
last-modified: Mon, 22 Feb 2021 18:41:52 GMT
server: cloudflare
etag: W/"1e16152334c325a4abb81f1a8ee52e51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 955acc3fed5ff84789d05d4e8c15bf09.cloudfront.net (CloudFront)
cache-control: public, max-age=300
x-amz-cf-pop: VIE50-C2
cf-ray: 6403a2c12fcb2c2a-FRA
x-amz-cf-id: 76o7J1504XoseVgWYx4j_v-5gjqjpxqQJoGdvXnjV3ZlnvBB32mzVA==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 037fbdcacb9b81beee4b30af2e017373160bc86445e574adffb98a47f281fb11

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 903 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64e248821f2dab00162064b4b7b4a932d56fe0f6e1b5bf0680d96f0fb97a0650

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 832 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6bb2d30928397291c267a57605309d304d6333eb6963935db500e46be34761f5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 439 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a22b7d76a9f370f4fa5cde5f3023a63d68e75b5a14b76f6f348c19bfdc3cfac

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 59862bb9f4999f47b695d86c212879f5.png
sansec.io/assets/posts/cache/ 43 KB
43 KB 72ms
71ms Image
image/png 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sansec.io/assets/posts/cache/59862bb9f4999f47b695d86c212879f5.png

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fb02988debd6dd5879987f42d1cb312125f7b9be08833941ab2a68bc258fc98

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43681
cf-request-id: 0976240d0000004a5c7e8f0000000001
last-modified: Mon, 15 Mar 2021 14:45:30 GMT
server: cloudflare
etag: "604f730a-aaa1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f97E609jrSBO09PK9%2BVqMufS6V8O%2Fk7v0fB%2BqLAdft7dLScR4DlLvxVjCsBRBuv2%2FGp%2BjM8F0Nw0hAX%2Fox%2FlqsHzGrZmb6nmTj%2FUXyDybtABq2cY74o%3D"}],"max_age":604800}
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2c19e2a4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 f820e96d9f6704cc0d4fdd2f4e44a1ec.png
sansec.io/assets/posts/cache/ 28 KB
28 KB 56ms
56ms Image
image/png 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sansec.io/assets/posts/cache/f820e96d9f6704cc0d4fdd2f4e44a1ec.png

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0720066a1ecc220b98228b613fc68c39f30739ac45074581eb82bc5b50151af

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28378
cf-request-id: 0976240cfc00004a5c612d2000000001
last-modified: Mon, 15 Mar 2021 14:45:30 GMT
server: cloudflare
etag: "604f730a-6eda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OiVt6Jxu9bt9KivEYEjdDYzMYADlMB65xkgOwG4Wg5gwXAmyIv%2BFe4tLwkhr8BanhqXWp%2FWfgkFJ1yJ%2BEbqsF%2FP%2BVL4rnRDtKp3ffX%2BNCquCItDrLPY%3D"}],"max_age":604800}
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2c19e2d4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fff9558b2d12f7aa69e9448d63c1226c.png
sansec.io/assets/posts/cache/ 120 KB
121 KB 80ms
80ms Image
image/png 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sansec.io/assets/posts/cache/fff9558b2d12f7aa69e9448d63c1226c.png

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

707fa4c9b782ffbe3a1ef4361c4e7164d7b78c557e4796e0039332c6bf866fa4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 123189
cf-request-id: 0976240cfc00004a5c632b2000000001
last-modified: Mon, 15 Mar 2021 14:45:30 GMT
server: cloudflare
etag: "604f730a-1e135"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zGsZ9dwBf4MCGxFASa1hh80S2Uit%2BhV8PnfdgvuS4UlVsNudSmAnQHwq%2FXOcR3D%2FgdrPU1X7tpoE6EaWBvUjQ6kZhnq4WBcNWn%2BlAbKwAgbVmJIwiAM%3D"}],"max_age":604800}
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6403a2c19e2f4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W4VK6TQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 3985
date: Thu, 15 Apr 2021 06:53:14 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Thu, 15 Apr 2021 08:53:14 GMT

POST
H2 204 csp-report.php
sansec.io/scripts/ 0
252 B 37ms
36ms Other
text/plain 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/scripts/csp-report.php

Requested by

Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eGPiW3unPr0TdwSFfY1AQMzecvjU4yXHE33f5yiDlRcARUTBPIUGmjWctEtnnkDnZHSCDXn%2Fui6ma35vcw9YatiWBMV28NL1c85FkgrTvFBGieHBApY%3D"}],"max_age":604800}
x-xss-protection: 1; mode=block
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
cf-ray: 6403a2c1ae594a5c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240d0800004a5c612d3000000001

GET
H2 200 / Show response
prism.app-us1.com/ 248 B
394 B 180ms
178ms Script
application/javascript 2606:4700::6811:915b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prism.app-us1.com/?a=252938389&u=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce
Requested by: Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:915b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: 12a86df17bdf18f503f4fa822498f26708be7b2671f19f18ea084302b682db1b

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.2.34
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cache-control: no-cache, private
cf-ray: 6403a2c1a8e42c2a-FRA
cf-request-id: 0976240d0d00002c2a64296000000001

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
61 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=860899358&t=pageview&_s=1&dl=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce&ul=en-us&de=UTF-8&dt=Multi-platform%20skimmer%20hits%20Shopify%2C%20Bigcommerce%20and%20others%20%E2%80%93%20Sansec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=415355336&gjid=1092188373&cid=2143086073.1618473580&tid=UA-134290941-1&_gid=1135585073.1618473580&_r=1&gtm=2wg472W4VK6TQ&z=1979463254

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 07:59:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sansec.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
83 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-134290941-1&cid=2143086073.1618473580&jid=415355336&gjid=1092188373&_gid=1135585073.1618473580&_u=YEBAAEAAAAAAAC~&z=1938618964

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 15 Apr 2021 07:59:39 GMT
content-type: text/plain
access-control-allow-origin: https://sansec.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
111 B 18ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-134290941-1&cid=2143086073.1618473580&jid=415355336&_u=YEBAAEAAAAAAAC~&z=847419904

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 07:59:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 15ms
15ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-134290941-1&cid=2143086073.1618473580&jid=415355336&_u=YEBAAEAAAAAAAC~&z=847419904

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 07:59:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csp-report.php
sansec.io/scripts/ 0
263 B 38ms
37ms Other
text/plain 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/scripts/csp-report.php

Requested by

Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 15 Apr 2021 07:59:39 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2YyZLVxZuPPGULUQf9XPZTGBM%2FPNsydC%2BrtxVcpQQQaSUDerKUn1vGF6iY%2F9Yo6DLQJ%2F%2FlxPnYQ9LFuDxBWPs3syhQCKeX9GwVU7MQl8%2FP1BFUxjVGU%3D"}],"max_age":604800}
x-xss-protection: 1; mode=block
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
cf-ray: 6403a2c2c8a64a5c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0976240dbe00004a5c3badf000000001

GET
H2 200 t_prism_sitemessages.php Show response
trackcmp.net/ 0
271 B 1712ms
509ms Script
text/javascript 184.73.71.44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackcmp.net/t_prism_sitemessages.php?trackid=252938389&prismid=0a6612ef-9466-4cd6-8945-90d6abc62007&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce
Requested by: Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.73.71.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-71-44.compute-1.amazonaws.com
Software: Apache/2.4.46 (Amazon) / PHP/7.1.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:41 GMT
server: Apache/2.4.46 (Amazon)
x-powered-by: PHP/7.1.33
p3p: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
cache-control: no-cache, private
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
content-type: text/javascript;charset=UTF-8
content-length: 0

GET
H2 200 0-6848c2d5e25b5ff4726c.js Show response
js.chargebee.com/v2/ 55 KB
17 KB 785ms
785ms Script
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/0-6848c2d5e25b5ff4726c.js

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/chargebee.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

68880362d1f548529d11929167c92d3985b1f52acfcf5e91cfed2f7dc44eb655

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: MZkfoxdTDpOxsYQgqTRhXas2jdVRO5kq
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 30 Mar 2021 09:36:22 GMT
server: AmazonS3
age: 246
etag: W/"347edad57fde73b260604eece8687b0f"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:55:50 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: YB7VaAvxLr4mwUIqaVMPZL3oooq8irkYbk_i7s0ucsw3UrHXqVjMVg==

GET
H2 200 60-5f2887d7fb52a000edc3.js Show response
js.chargebee.com/v2/ 16 KB
5 KB 785ms
785ms Script
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/60-5f2887d7fb52a000edc3.js

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/chargebee.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fb4cd8d6c5b7c9e29f1619f563146dbdc5d8b640b36b6a281f813207443cd2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: KORvnCzf9VQ_LlhNK0FBbop1qCHgPZ85
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Apr 2021 10:06:58 GMT
server: AmazonS3
age: 272
etag: W/"717b6c04262a4d6a7b38aace13f121ee"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:55:24 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: MH28p3oS5zU6_u8dwwV9TU9XMlbx3Bfs5_oYEEbFgtD_OvUwrzemDg==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 1388ms
32ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:57 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 25710
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1618473597.044647,VS0,VE0
x-served-by: cache-hhn11548-HHN

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 23ms
7ms Script
application/x-javascript 2a02:26f0:7100:493::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:493::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 07:59:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=28709
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 animation.css
js.chargebee.com/v2/ 758 B
1 KB 4142ms
4142ms Stylesheet
text/css 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/animation.css

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/chargebee.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e3b7f54cf81a0ff1f16662abce7b1970ed6a8a8191da96cf05dcf6644d203df3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: p3aWFHkphl69lTtjI8PqV.of5oyhukOZ
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
last-modified: Tue, 30 Mar 2021 09:36:23 GMT
server: AmazonS3
age: 158
etag: "f8a79fc47c28375628855b4c78ff6f85"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:57:18 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 758
x-amz-cf-id: MEZBDLkj_7ZWg4UdQTZvSzE81-Zoc4ntFucu5rUtg_pLY_xp8QUUQw==

GET
DATA 200
OK truncated
/ 238 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c8967a91c80b862c37eb68c18f4bd3b5653a999014f94d6f71f0621e1b54f78

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3076097&time=1618473595743&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3076097%26time%3D1618473595743%26url%3Dhttps%253A%252F%252Fsansec.io%252Fresearch...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3076097&time=1618473595743&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce&liSync=true

0
57 B

120ms
119ms

Image
application/javascript

2620:119:50e4:101::6cae:b55
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3076097&time=1618473595743&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce&liSync=true
Requested by: Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e4:101::6cae:b55 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:56 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: mPyzJin5dRawfsBFwyoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: bFn7Hin5dRZwNGD9jysAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 0DEE6DF4BFF94D57ACDB2C6BD21379BB Ref B: FRAEDGE0816 Ref C: 2021-04-15T07:59:56Z
x-frame-options: sameorigin
date: Thu, 15 Apr 2021 07:59:55 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=31536000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3076097&time=1618473595743&url=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 2115ms
379ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o54o6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce

Requested by

Host: sansec.io
URL: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Thu, 15 Apr 2021 07:59:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 003ceb88268680e9f8f2aec5607206ae
x-transaction: 00435a09004f7c36
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 master-ce25081991fa6ca202f1c312abc42fab.html Show response
js.chargebee.com/v2/ Frame 4008 203 B
632 B 31ms
31ms Document
text/html 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/60-5f2887d7fb52a000edc3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

266f05e8884d45dfb8d7db0c65b391e9a7e94cdf2b72c6383856c61b0df64d33

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

:method: GET
:authority: js.chargebee.com
:scheme: https
:path: /v2/master-ce25081991fa6ca202f1c312abc42fab.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sansec.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sansec.io/

Response headers

content-type: text/html
content-length: 203
last-modified: Wed, 14 Apr 2021 10:06:59 GMT
x-amz-version-id: gZN2_vakeb5O0.Wf12p1xWm9A3L8iGAh
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=300; includeSubdomains; preload
date: Thu, 15 Apr 2021 07:56:20 GMT
cache-control: max-age=300,public
etag: "ee846ff52ee3fcad0c36b3604b8b7593"
x-cache: Hit from cloudfront
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: r7zqEiKd3jwoqP2xBqB6IL7IIEUjHFmKEuASQ-PV_UPep-n-btY-qg==
age: 220

GET
H2 200 master-51689335bde0583f75db.js Show response
js.chargebee.com/v2/ Frame 4008 196 KB
59 KB 450ms
450ms Script
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/master-51689335bde0583f75db.js

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

60f1d09915c99c804891bef9826b7d7d0496dd4be99e506cc59c2b74561cbe27

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hklZywKMj8LvleOEzFfT.naMPpsNZ4Al
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Apr 2021 10:06:59 GMT
server: AmazonS3
age: 226
etag: W/"b4e20966a60bd8d706e40fb2badb296a"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:56:14 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: qOPvYAifwAff0vt3rmCqQktyirvyBS7sw7BMzeLDJ0XBncwybiOeRg==

POST
H2 204 csp-report.php
sansec.io/scripts/ 0
872 B 43ms
43ms Other
text/plain 2606:4700:3037::ac43:996e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.io/scripts/csp-report.php

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:996e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 15 Apr 2021 08:00:01 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' sansec.activehosted.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php;
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=B3OtQNYMjL6el8tKZUNfyhYb8EcXACMSLK%2B90%2FfPAKm%2BWJG1wwbYsc0LYd0jIitkGI1LouGSdeOWFDpL3IT2JVnTU50a9eQ8yjRHWCpA%2F5DvT07CpMw%3D"}],"max_age":604800}
x-xss-protection: 1; mode=block
x-sansec-tlp-red: dHlwZSBkZWFsd2l0aGl0IGF0IGZyb250cGFnZQo=
cf-ray: 6403a34b8a834a5c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 097624633400004a5c8239a000000001

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
652 B 747ms
383ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o54o6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fsansec.io%2Fresearch%2Fskimmer-dynamic-exfiltration-shopify-bigcommerce

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sansec.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 08:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 120
pragma: no-cache
last-modified: Thu, 15 Apr 2021 08:00:02 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 35fbd26ea48a7939e85481501b666c97
x-transaction: 00fe41370026f6b1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 70-f5367804a03cea9db9aa.js Show response
js.chargebee.com/v2/ Frame 4008 3 KB
2 KB 785ms
785ms Script
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/70-f5367804a03cea9db9aa.js

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/master-51689335bde0583f75db.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

01059278f0da00037d240dfc1e4b2baec9892140f1a0e97c82e2aaf624d74234

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 7UA0luAA5tfJ._NbMk8CLWNc92TUtVCP
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Apr 2021 10:06:59 GMT
server: AmazonS3
age: 218
etag: W/"b85461b964022628952849eadc0e2ca5"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:56:24 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: DoY02Rc796ess4qlhh6opvWDmTlnSk0CYSpWSf7Mi8WEqO0Jmugteg==

GET
H2 200 80-7725a4190a26ba310504.js Show response
js.chargebee.com/v2/ Frame 4008 2 KB
1 KB 785ms
785ms Script
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/80-7725a4190a26ba310504.js

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/master-51689335bde0583f75db.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d0934734fb0377482eb63890004a5f53ec334ede869ec8b18541479de7024390

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: rXlbaDgJI4tuurX4Nx7FefZfruuknhbR
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Apr 2021 10:06:59 GMT
server: AmazonS3
age: 218
etag: W/"fc8d076901aaf0659681be3f60e278da"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:56:24 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: A-K61I8TWiKg6ef4h1RWDUY0RfqBXy1OYYRhQV_FwXR6geTqkmH1_A==

GET
H2 200 pi-worker-ce25081991fa6ca202f1c312abc42fab.js
js.chargebee.com/v2/ Frame 4008 59 KB
20 KB 973ms
973ms Other
application/x-javascript 143.204.90.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.chargebee.com/v2/pi-worker-ce25081991fa6ca202f1c312abc42fab.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.90.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-90-31.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c3128735ccce45b1b528e9e9cf0c4e3c858581526955b91e96a3fb3fd38af877

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains; preload

Request headers

Referer: https://js.chargebee.com/v2/master-ce25081991fa6ca202f1c312abc42fab.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: gr2xpUUTWx2qak7H2H.9sECbAcyv3WKY
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Apr 2021 10:06:58 GMT
server: AmazonS3
age: 164
etag: W/"c8255a01db89fa86fbc3a88807c95fde"
strict-transport-security: max-age=300; includeSubdomains; preload
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control: max-age=300,public
date: Thu, 15 Apr 2021 07:57:18 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: ycE6m1FBYYJL6Qf28soc2XyM_-77zo7_LLe_ISuPzYh_oErb4ZQ_vw==

OPTIONS
H2 202 retrieve_js_info
sansec.chargebeestatic.com/api/internal/1618473600/ Frame 0
0 1125ms
495ms Preflight 13.225.87.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.chargebeestatic.com/api/internal/1618473600/retrieve_js_info

Protocol

Server

13.225.87.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-77.fra2.r.cloudfront.net

Software

ChargeBee /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://js.chargebee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Thu, 15 Apr 2021 08:00:03 GMT
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 UTC
strict-transport-security: max-age=31536000; includeSubDomains; preload
pragma: no-cache
access-control-allow-origin: https://js.chargebee.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, cb-csrf-token, leap.api.version
access-control-allow-methods: GET, OPTIONS, POST
server: ChargeBee
x-cache: Miss from cloudfront
via: 1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: R_3AcrKHo_GgorHoTMff1igEF-9FxhTneZ3zNjmovcgJG97ZOxYyFg==

GET
H2 200 retrieve_js_info Show response
sansec.chargebeestatic.com/api/internal/1618473600/ Frame 4008 236 B
793 B 188ms
187ms XHR
application/json 13.225.87.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sansec.chargebeestatic.com/api/internal/1618473600/retrieve_js_info

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/master-51689335bde0583f75db.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-77.fra2.r.cloudfront.net

Software

ChargeBee /

Resource Hash

4d09b6eeef8e3243b89d6129413bed7e4d3d0f8d1c1b51979a6510faf5c11fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.chargebee.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 08:00:03 GMT
via: 1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront)
server: ChargeBee
x-amz-cf-pop: FRA2-C2
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-methods: GET, OPTIONS, POST
content-type: application/json;charset=utf-8
access-control-allow-origin: https://js.chargebee.com
cache-control: PUBLIC, max-age=3600
access-control-allow-credentials: true
x-cache: Miss from cloudfront
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, cb-csrf-token, leap.api.version
content-length: 236
x-amz-cf-id: 3rpYgUkhFTK2o05MswUNkC1nF_Qg4QVjgMzzjdy4XqfHLfd7KN1yeg==
expires: Thu, 15 Apr 2021 09:00:03 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 4008 884 B
683 B 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-

Requested by

Host: js.chargebee.com
URL: https://js.chargebee.com/v2/master-51689335bde0583f75db.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a03866c8f6328d23fa5d6bfb9ee3cf91ef0fa67caf381700eb93f7b636233e32

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://js.chargebee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 08:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Thu, 15 Apr 2021 08:00:04 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame 4008 334 KB
130 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

030235ab6fc1739381df015b815a93e2ed3921f09832954dbacde9991708e27a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://js.chargebee.com
Referer: https://js.chargebee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 21:02:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39480
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133125
x-xss-protection: 0
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Apr 2022 21:02:04 GMT

GET
H3-Q050 200 anchor Show response
www.google.com/recaptcha/api2/ Frame BA76 19 KB
10 KB 52ms
37ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-&co=aHR0cHM6Ly9qcy5jaGFyZ2ViZWUuY29tOjQ0Mw..&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&size=invisible&cb=xm5vt5aycv7

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

443f76a92097e50890199f5c3569afc4e6c24fbf95dad266cc43e5f9415c3122

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+/gJ/w9pra/ur+L1TEF0EA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-&co=aHR0cHM6Ly9qcy5jaGFyZ2ViZWUuY29tOjQ0Mw..&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&size=invisible&cb=xm5vt5aycv7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.chargebee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js.chargebee.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 15 Apr 2021 08:00:04 GMT
content-security-policy: script-src 'report-sample' 'nonce-+/gJ/w9pra/ur+L1TEF0EA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10182
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame BA76 50 KB
25 KB 37ms
22ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-&co=aHR0cHM6Ly9qcy5jaGFyZ2ViZWUuY29tOjQ0Mw..&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&size=invisible&cb=xm5vt5aycv7

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57bbc3327c673959cf5421bc0e40332d868768cfc303038d65802351e453ac34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 07:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
age: 1622
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25497
x-xss-protection: 0
expires: Fri, 15 Apr 2022 07:33:02 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame BA76 334 KB
130 KB 38ms
23ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

030235ab6fc1739381df015b815a93e2ed3921f09832954dbacde9991708e27a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 21:02:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39480
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133125
x-xss-protection: 0
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Apr 2022 21:02:04 GMT

GET
H3-Q050 200 nJgQBbi9e67luuPQsbYqHEmsm830gYut4k8gaNTq0Fg.js Show response
www.google.com/js/bg/ Frame BA76 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/nJgQBbi9e67luuPQsbYqHEmsm830gYut4k8gaNTq0Fg.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c981005b8bd7baee5bae3d0b1b62a1c49ac9bcdf4818bade24f2068d4ead058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-&co=aHR0cHM6Ly9qcy5jaGFyZ2ViZWUuY29tOjQ0Mw..&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&size=invisible&cb=xm5vt5aycv7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 21:48:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:00:00 GMT
server: sffe
age: 36710
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5740
x-xss-protection: 0
expires: Thu, 14 Apr 2022 21:48:14 GMT

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame BA76 102 B
239 B 60ms
59ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c7d4fc4eb08918e0900462776d50c210770c83c9305934f7f85caf9035338eb7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdxzNoUAAAAAC7rwigQ9hI75HZl9mXhumAUR-B-&co=aHR0cHM6Ly9qcy5jaGFyZ2ViZWUuY29tOjQ0Mw..&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&size=invisible&cb=xm5vt5aycv7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 08:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Thu, 15 Apr 2021 08:00:04 GMT

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
cdn.mouseflow.com
diffuser-cdn.app-us1.com
js.chargebee.com
prism.app-us1.com
px.ads.linkedin.com
sansec.chargebeestatic.com
sansec.io
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
trackcmp.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.244.42.195
104.244.42.197
13.225.87.77
143.204.90.31
184.73.71.44
199.232.136.157
23.111.9.38
2606:4700:3037::ac43:996e
2606:4700::6811:915b
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:801::2003
2a00:1450:4001:808::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a00:1450:400c:c04::9a
2a02:26f0:7100:493::25ea
01059278f0da00037d240dfc1e4b2baec9892140f1a0e97c82e2aaf624d74234
030235ab6fc1739381df015b815a93e2ed3921f09832954dbacde9991708e27a
037fbdcacb9b81beee4b30af2e017373160bc86445e574adffb98a47f281fb11
03f746e3a6a06eadf028bbcdc44dd55a4076010de5b6e6927c6bab728e6ac3da
07ef661be38be006eb690a15613c557d418b8780900ff490545bb2b75d23fcd7
12a86df17bdf18f503f4fa822498f26708be7b2671f19f18ea084302b682db1b
18bd49b636cb93f3a1fed655b51f845cac4750e4e3af34d72b219009a6a19791
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
266f05e8884d45dfb8d7db0c65b391e9a7e94cdf2b72c6383856c61b0df64d33
401e6c25801ba2d59795d05a6dd973f95566b41070d3939ba9307d65860ae50e
443f76a92097e50890199f5c3569afc4e6c24fbf95dad266cc43e5f9415c3122
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
49cbb241a93b99bc973ecd438a9e854efcdcf35b9e4deee6ae08838923281872
4c8967a91c80b862c37eb68c18f4bd3b5653a999014f94d6f71f0621e1b54f78
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4d09b6eeef8e3243b89d6129413bed7e4d3d0f8d1c1b51979a6510faf5c11fbb
57bbc3327c673959cf5421bc0e40332d868768cfc303038d65802351e453ac34
580868265f2dea6cefa223b99a6f623914fcab69bdc225db9d0b174663472a6d
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
60f1d09915c99c804891bef9826b7d7d0496dd4be99e506cc59c2b74561cbe27
64d4add5c9a8cf5cfe2f46abb2dc1042a4c6ad74e147ba1c0445c794f491e4e4
64e248821f2dab00162064b4b7b4a932d56fe0f6e1b5bf0680d96f0fb97a0650
68880362d1f548529d11929167c92d3985b1f52acfcf5e91cfed2f7dc44eb655
6bb2d30928397291c267a57605309d304d6333eb6963935db500e46be34761f5
6fb02988debd6dd5879987f42d1cb312125f7b9be08833941ab2a68bc258fc98
707fa4c9b782ffbe3a1ef4361c4e7164d7b78c557e4796e0039332c6bf866fa4
711b69add265b2aa2c97a78c67e3cca8fd8ea14657ba6c6f4b3a58ad3e581950
7edcc3f47240b8597821f6efa526c55d583d49f81bda2555fc8862a315947be5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c7ffbdfe3ead838c2c9570120bc7ca9c05ae9d525cef15bc61cf130f6fabd51
9a22b7d76a9f370f4fa5cde5f3023a63d68e75b5a14b76f6f348c19bfdc3cfac
9c981005b8bd7baee5bae3d0b1b62a1c49ac9bcdf4818bade24f2068d4ead058
a03866c8f6328d23fa5d6bfb9ee3cf91ef0fa67caf381700eb93f7b636233e32
a0720066a1ecc220b98228b613fc68c39f30739ac45074581eb82bc5b50151af
a7977d65af9fa403e4026ab6691f25fcf0bbcca260ddcc0ac142d99f08d065a3
a8261230c3d5031cf450b3bdf4c50af1ff5552bd14b0ba56c023254a62cb5872
a9ee7f58d1e1c68286e86cae5e9a779818504a2b5a2280913ddf57487367dc99
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
c3128735ccce45b1b528e9e9cf0c4e3c858581526955b91e96a3fb3fd38af877
c7d4fc4eb08918e0900462776d50c210770c83c9305934f7f85caf9035338eb7
cb184b98ef46f9a0917d5b0832a2f71468679c8befc102807fc04591ef28e9f9
d0934734fb0377482eb63890004a5f53ec334ede869ec8b18541479de7024390
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e25e160b57d5361fbc6cd0167b94eb4f7219f6d1e4b55add90961bdc24cca317
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b7f54cf81a0ff1f16662abce7b1970ed6a8a8191da96cf05dcf6644d203df3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f79da08498e17778025277d002d90a8c6d5b527a1a86fafd73fc712be7ce9ce7
fb4cd8d6c5b7c9e29f1619f563146dbdc5d8b640b36b6a281f813207443cd2b0

sansec.io Open in urlscan Pro 2606:4700:3037::ac43:996e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

63 %IPv6

17 Domains

19 Subdomains

19 IPs

3 Countries

1026 kBTransfer

2197 kBSize

0 Cookies

3 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sansec.io Open in urlscan Pro
2606:4700:3037::ac43:996e Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

63 %
IPv6

17
Domains

19
Subdomains

19
IPs

3
Countries

1026 kB
Transfer

2197 kB
Size

0
Cookies

52 HTTP transactions
7 data transactions