forensics.barracudanetworks.com Open in urlscan Pro
54.239.192.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfi...
Effective URL:
https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfi...
Submission Tags: falconsandbox
Submission: On July 01 via api (July 1st 2021, 7:16:37 pm UTC) from US

Summary HTTP 48 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 27 IPs in 5 countries across 23 domains to perform 48 HTTP transactions. The main IP is 54.239.192.109, located in United States and belongs to AMAZON-02, US. The main domain is forensics.barracudanetworks.com.
TLS certificate: Issued by Amazon on January 6th 2021. Valid for: a year.

This is the only time forensics.barracudanetworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	54.239.192.109 54.239.192.109	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
3 4	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:b... 2600:1901:0:bc29::	15169 (GOOGLE) (GOOGLE)
1	151.101.65.195 151.101.65.195	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.113.27 151.101.113.27	54113 (FASTLY) (FASTLY)
3	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1 6	2a02:26f0:6c0... 2a02:26f0:6c00::210:baab	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9 12	3.248.28.111 3.248.28.111	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 2	35.156.250.242 35.156.250.242	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	3.124.165.65 3.124.165.65	16509 (AMAZON-02) (AMAZON-02)
1 2	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	130.211.34.183 130.211.34.183	15169 (GOOGLE) (GOOGLE)
1 2	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	199.127.207.188 199.127.207.188	26120 (RHYTHMONE) (RHYTHMONE)
48	27

12 54.239.192.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-239-192-109.waw50.r.cloudfront.net

forensics.barracudanetworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.162 (Mountain View, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:bc29:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

cdn.mxpnl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.195 (United States)

ASN54113 (FASTLY, US)

sdk.noticeable.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.27 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.242.20 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:6c00::210:baab (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 3.248.28.111 (Dublin, Ireland) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.250.242 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-250-242.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.165.65 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-165-65.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.89 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.34.183 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 183.34.211.130.bc.googleusercontent.com

api-js.mixpanel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

6496512.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.127.207.188 (United States)

ASN26120 (RHYTHMONE, US)

rs.gwallet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	adroll.com 9 redirects s.adroll.com d.adroll.com	28 KB
12	barracudanetworks.com forensics.barracudanetworks.com	5 MB
6	doubleclick.net 4 redirects stats.g.doubleclick.net cm.g.doubleclick.net 6496512.fls.doubleclick.net	2 KB
3	facebook.com www.facebook.com	323 B
3	nr-data.net bam.nr-data.net	621 B
2	openx.net 1 redirects us-u.openx.net	479 B
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	872 B
2	3lift.com 1 redirects eb2.3lift.com	738 B
2	facebook.net connect.facebook.net	98 KB
2	google.com www.google.com adservice.google.com	369 B
2	google-analytics.com www.google-analytics.com	19 KB
1	gwallet.com rs.gwallet.com	385 B
1	mixpanel.com api-js.mixpanel.com	357 B
1	yahoo.com ads.yahoo.com	442 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	google.de www.google.de	107 B
1	newrelic.com js-agent.newrelic.com	12 KB
1	gstatic.com fonts.gstatic.com	23 KB
1	noticeable.io sdk.noticeable.io	40 KB
1	mxpnl.com cdn.mxpnl.com	25 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	googleapis.com fonts.googleapis.com	708 B
48	23

	Domain	Requested by
12	forensics.barracudanetworks.com	forensics.barracudanetworks.com
11	d.adroll.com	8 redirects
6	s.adroll.com	1 redirects forensics.barracudanetworks.com s.adroll.com d.adroll.com
3	www.facebook.com
3	cm.g.doubleclick.net	3 redirects
3	bam.nr-data.net	js-agent.newrelic.com forensics.barracudanetworks.com
2	6496512.fls.doubleclick.net	1 redirects
2	us-u.openx.net	1 redirects
2	ib.adnxs.com	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	connect.facebook.net	d.adroll.com connect.facebook.net
2	www.google-analytics.com	forensics.barracudanetworks.com
1	rs.gwallet.com	6496512.fls.doubleclick.net
1	adservice.google.com	6496512.fls.doubleclick.net
1	api-js.mixpanel.com	forensics.barracudanetworks.com
1	ads.yahoo.com
1	d.adroll.mgr.consensu.org	1 redirects
1	www.google.de
1	www.google.com
1	stats.g.doubleclick.net	forensics.barracudanetworks.com
1	js-agent.newrelic.com	forensics.barracudanetworks.com
1	fonts.gstatic.com	fonts.googleapis.com
1	sdk.noticeable.io	forensics.barracudanetworks.com
1	cdn.mxpnl.com	forensics.barracudanetworks.com
1	www.googleadservices.com	forensics.barracudanetworks.com
1	fonts.googleapis.com	forensics.barracudanetworks.com
48	27

This site contains links to these domains. Also see Links.

Domain
www.barracuda.com

Subject Issuer	Validity	Valid
*.forensics.barracudanetworks.com Amazon	`2021-01-06` - `2022-02-03`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.mxpnl.com RapidSSL RSA CA 2018	`2019-07-29` - `2021-07-28`	2 years	crt.sh
coverme.lat GTS CA 1D4	`2021-06-02` - `2021-08-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.newrelic.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-05` - `2022-06-06`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
adroll.com R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-06-16` - `2021-07-28`	a month	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.mixpanel.com GeoTrust RSA CA 2018	`2020-04-20` - `2022-04-21`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.gwallet.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-26` - `2021-07-17`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
Frame ID: 0E8B58C2923FE86CCB325F37AA97DA57
Requests: 46 HTTP requests in this frame

Frame: https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272
Frame ID: 457A19631A6975F59B12FF444AD7F91D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

48
Requests

100 %
HTTPS

50 %
IPv6

23
Domains

27
Subdomains

27
IPs

5
Countries

5452 kB
Transfer

23467 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.barracuda.com/support/security
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://s.adroll.com/j/exp/T6GUPQIK5REDFO6FQ66AFC/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 22

https://d.adroll.mgr.consensu.org/consent/iabcheck/T6GUPQIK5REDFO6FQ66AFC?_s=2092507a10f5838b31f5ac59159fde2f&_b=2 HTTP 302
https://d.adroll.com/consent/check/T6GUPQIK5REDFO6FQ66AFC/?_s=2092507a10f5838b31f5ac59159fde2f&_b=2

Request Chain 24

https://d.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&pv=12856915204.970875&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/67KGJPTPU5CEJF7HLAFHW3.js

Request Chain 27

https://d.adroll.com/cm/g/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=0wK68fjwVdY0EvsumUfKHQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=0wK68fjwVdY0EvsumUfKHQ&google_tc= HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 28

https://d.adroll.com/cm/aol,index,l,outbrain,pubmatic,n,taboola,triplelift,r/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 29

https://d.adroll.com/cm/r/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 30

https://d.adroll.com/cm/b/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ

Request Chain 31

https://d.adroll.com/cm/x/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ

Request Chain 32

https://d.adroll.com/cm/o/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=d302baf1f8f055d63412fb2e9947ca1d HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d302baf1f8f055d63412fb2e9947ca1d

Request Chain 33

https://d.adroll.com/cm/g/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&advertisable=T6GUPQIK5REDFO6FQ66AFC&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=0wK68fjwVdY0EvsumUfKHQ HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 42

https://6496512.fls.doubleclick.net/activityi;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272 HTTP 302
https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272

48 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
forensics.barracudanetworks.com/r/ 30 KB
11 KB 694ms
617ms Document
text/html 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

6a3486ea9669f5ca3381866aebd20cbd5c6c430b0dfdf6aa48dc90bac7a5369e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: forensics.barracudanetworks.com
:scheme: https
:path: /r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
vary: Accept-Encoding
date: Thu, 01 Jul 2021 19:16:08 GMT
x-frame-options: SAMEORIGIN
x-download-options: noopen
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
set-cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; path=/; samesite=none; secure XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; path=/; samesite=none; secure CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; path=/; expires=Mon, 26 Jul 2021 15:47:32 GMT; secure CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; path=/; expires=Mon, 26 Jul 2021 15:47:32 GMT; secure koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; path=/; expires=Thu, 08 Jul 2021 19:16:08 GMT; domain=.barracudanetworks.com; samesite=none; secure; httponly koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk; path=/; expires=Thu, 08 Jul 2021 19:16:08 GMT; domain=.barracudanetworks.com; samesite=none; secure; httponly
etag: W/"7891-Dg6rJDeSVGKHAOND3PYU1FKVYlM"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: BaBEYIFFWh9ATQiT9QvsomxW15_MOO0_9fMkLsWPIlrK7JwErNicRA==

GET
H2 200 css
fonts.googleapis.com/ 3 KB
708 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono|Lato&display=swap

Requested by

Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5032aa3b2136946cd7ecadd82df289ced923f78499b980046558938c757421b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 19:16:09 GMT
server: ESF
date: Thu, 01 Jul 2021 19:16:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 19:16:09 GMT

GET
H2 200 vendor-7e5b0a913cd434325692.css
forensics.barracudanetworks.com/static/ 21 KB
5 KB 27ms
26ms Stylesheet
text/css 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/vendor-7e5b0a913cd434325692.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

58ac27a0bd7622d7b188c3b3c8ec7e64bb833185d2c7d5815bc34c58d954b340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/vendor-7e5b0a913cd434325692.css
pragma: no-cache
cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 11:00:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1239314
x-cache: Hit from cloudfront
content-length: 4600
last-modified: Thu, 17 Jun 2021 09:51:09 GMT
x-frame-options: SAMEORIGIN
etag: W/"11f8-17a1961aac8"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: irU83AJ32bvfRWbR0WKHk1-W-b3iqgainnUbhgFbfEaJqueBMSpQpA==

GET
H2 200 fir-e09ec6c120c4120b86db.css
forensics.barracudanetworks.com/static/ 23 KB
6 KB 27ms
26ms Stylesheet
text/css 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/fir-e09ec6c120c4120b86db.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

c077086365adb98725d4d41af73f98191755254030cf0ca6b9be8ae4422686ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/fir-e09ec6c120c4120b86db.css
pragma: no-cache
cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 12:11:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1753488
x-cache: Hit from cloudfront
content-length: 5389
last-modified: Thu, 20 May 2021 14:26:26 GMT
x-frame-options: SAMEORIGIN
etag: W/"150d-1798a2ba250"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: X4FzPmvCYaL03UukxfphbZItWJxz129ieXRQQ6J3Wkpczt8rjgsG4A==

GET
H2 200 barracuda-teeth-7b5b034dd3e050885d454324c73ffbe2.png
forensics.barracudanetworks.com/static/ 3 KB
3 KB 103ms
102ms Image
image/png 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forensics.barracudanetworks.com/static/barracuda-teeth-7b5b034dd3e050885d454324c73ffbe2.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

2bf5accc71b9ab97a812bd9bf34483945254afabb9ea04427c8e432de5b26c2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/barracuda-teeth-7b5b034dd3e050885d454324c73ffbe2.png
pragma: no-cache
cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 07:01:56 GMT
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Thu, 20 May 2021 14:26:26 GMT
age: 2549653
etag: W/"aa2-1798a2ba250"
x-download-options: noopen
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: WAW50-C1
content-length: 2722
x-amz-cf-id: 8QsZyAsfc4V1npA6w5Fw1eYs9Pd69RyA9i1XDYIF_64NFhfeEx1eCw==

GET
H2 200 manifest-ce083d58f47edd127e23.js Show response
forensics.barracudanetworks.com/static/ 806 B
1 KB 26ms
26ms Script
application/javascript 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/manifest-ce083d58f47edd127e23.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

85531c36e82dae479860e689c0050db2c5027996d7aaf25530b6d11bd599b5ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/manifest-ce083d58f47edd127e23.js
pragma: no-cache
cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 12:11:21 GMT
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Thu, 20 May 2021 14:26:26 GMT
age: 1753488
etag: W/"326-1798a2ba250"
x-download-options: noopen
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: WAW50-C1
content-length: 806
x-amz-cf-id: gwjRDqwbKwKVzt8ezJlQlj1dAHrYjzHVuFqp7hYJI9PnmPiuRopUXA==

GET
H2 200 vendor-7e5b0a913cd434325692.js Show response
forensics.barracudanetworks.com/static/ 20 MB
4 MB 27ms
27ms Script
application/javascript 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/vendor-7e5b0a913cd434325692.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

cc94bf3a5ed9a316be3514e3d58674538b4604f99fe4e313bb0ace045324483e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/vendor-7e5b0a913cd434325692.js
pragma: no-cache
cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 11:00:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1239314
x-cache: Hit from cloudfront
content-length: 4662242
last-modified: Thu, 17 Jun 2021 09:51:09 GMT
x-frame-options: SAMEORIGIN
etag: W/"4723e2-17a1961aac8"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: qsxENNG9om-Zr-Nd-WmZT-VroPkQ2QfasJC1xR7IKyIQfqdMxeP5Tw==

GET
H2 200 fir-e09ec6c120c4120b86db.js Show response
forensics.barracudanetworks.com/static/ 2 MB
396 KB 103ms
101ms Script
application/javascript 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/fir-e09ec6c120c4120b86db.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

da9b3d6ac9b2c4740858241298efd2584796260589801557b2ce3d4fe3aa7be3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/fir-e09ec6c120c4120b86db.js
pragma: no-cache
cookie: XSRF-TOKEN=EAuFSsy7-ZN2lX5hoPH6Y8qMvRVfNV358fPI; XSRF-TOKEN.sig=YK9fkbRGabYf-zmC_aXfbaOWAUM; CLIENT_ID=29c17514-b003-4b9d-a35c-1a5411f7a483; CLIENT_ID.sig=WvNmGBbBspVEuDrr8uU4t36YqIw; koa.cuda.sid=oA49WCOgZTURaIX--gD0RWxxXa-D_ywd; koa.cuda.sid.sig=YtUu81zLGCZnyul-TpYE2d0S3Bk
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 08:02:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2286838
x-cache: Hit from cloudfront
content-length: 404349
last-modified: Thu, 20 May 2021 14:26:26 GMT
x-frame-options: SAMEORIGIN
etag: W/"62b7d-1798a2ba250"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: hnb8NkBsyiNl18Jk81V7QBjOcl9PSZBesIqlcgEdcggxJUlTOIjLBQ==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 43ms
18ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14011
x-xss-protection: 0
server: cafe
etag: 1690124483490796579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 19:16:09 GMT

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn.mxpnl.com/libs/ 75 KB
25 KB 23ms
6ms Script
text/javascript 2600:1901:0:bc29::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by: Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:bc29:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 07bf87548212f24057ba352fed5ec567dab724b44a7fc88ddc393cbc7706d033

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:13:40 GMT
content-encoding: gzip
age: 149
x-guploader-uploadid: ADPycduby0Hfp55MpKX7NixkSDumjbvvh6iMAR7NQK84CczOm6yXlF6Cjm5O2SYlQm3moBpbutvZ7X-xjN0OvKZlnyqHR2dMPA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 25572
last-modified: Thu, 28 Jan 2021 18:21:54 GMT
server: UploadServer
etag: "765779983eed1c9fc2821b4507eea08b"
vary: Accept-Encoding
x-goog-hash: crc32c=kP//+g==, md5=dld5mD7tHJ/CghtFB+6giw==
x-goog-generation: 1611858114590219
access-control-allow-origin: *
cache-control: public,max-age=600
x-goog-stored-content-length: 25572
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 01 Jul 2021 19:23:40 GMT

GET
H2 200 l.js Show response
sdk.noticeable.io/ 188 KB
40 KB 32ms
7ms Script
text/javascript 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.noticeable.io/l.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

47c519883fcd928c8a83891cab10b0758e9efde431c5cf366fa098ff5c55994a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Wed, 30 Jun 2021 12:59:09 GMT
x-timer: S1625166969.242695,VS0,VE0
etag: "a40a4e5f01e64e34daafd8c6839562198b1191ff29207386504781baa9bdf8d8-br"
x-served-by: cache-hhn4023-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
date: Thu, 01 Jul 2021 19:16:09 GMT
accept-ranges: bytes
content-length: 40992
x-cache-hits: 2

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 23 KB
23 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono|Lato&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://forensics.barracudanetworks.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 06:21:47 GMT
x-content-type-options: nosniff
age: 132862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 06:21:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 5647
date: Thu, 01 Jul 2021 17:42:02 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Thu, 01 Jul 2021 19:42:02 GMT

GET
H2 204 user Show response
forensics.barracudanetworks.com/auth/ 0
289 B 350ms
349ms XHR
text/plain 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/auth/user

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /auth/user
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: WAW50-C1
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000
x-amz-cf-id: acV7l7o4jXxvxMZpLXEe0znCPcmpC8dEZCT3iK72i2KC3tGf7x4IrQ==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 12ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=110296093&t=pageview&_s=1&dl=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D&ul=en-us&de=UTF-8&dt=Forensics%20%26%20Incident%20Response&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=119761582&gjid=1838326743&cid=1388247145.1625166970&tid=UA-377962-1&_gid=1519220627.1625166970&_r=1&_slc=1&z=1676858005

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forensics.barracudanetworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa-1044.min.js Show response
js-agent.newrelic.com/ 30 KB
12 KB 8ms
7ms Script
application/javascript 151.101.113.27
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1044.min.js
Requested by: Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.27 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fa0b93dcc79d1ef847f9bc6650fed0dae8fd91d138ad82b39e534e39391e004

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: "ecc4d675754da137f5dacbc99541e133"
x-amz-request-id: Y4P9Q3QK025WA45Q
x-cache: HIT
content-length: 11929
x-amz-id-2: GehcZvBKLBFTmfM17vdgwBljz8zE4UofYN55C1+CEkzyCiAxbajhjDm2mV6CfFl8Vfar1mYEyK0=
x-served-by: cache-hhn4076-HHN
last-modified: Wed, 28 Feb 2018 23:35:17 GMT
server: AmazonS3
x-timer: S1625166970.210729,VS0,VE0
date: Thu, 01 Jul 2021 19:16:10 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 74

GET
H/1.1 200
OK 43396c0e54 Show response
bam.nr-data.net/1/ 57 B
275 B 103ms
103ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/43396c0e54?a=20004106&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=1746&ref=https://forensics.barracudanetworks.com/r/&be=736&fe=1733&dc=1424&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1625166968474,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:22,%22c%22:22,%22s%22:28,%22ce%22:77,%22rq%22:77,%22rp%22:694,%22rpe%22:695,%22dl%22:698,%22di%22:1424,%22ds%22:1424,%22de%22:1425,%22dc%22:1733,%22l%22:1733,%22le%22:1733%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-spa-1044.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
99 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-377962-1&cid=1388247145.1625166970&jid=119761582&gjid=1838326743&_gid=1519220627.1625166970&_u=IEBAAEAAAAAAAC~&z=1633109271

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 01 Jul 2021 19:16:10 GMT
content-type: text/plain
access-control-allow-origin: https://forensics.barracudanetworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-377962-1&cid=1388247145.1625166970&jid=119761582&_u=IEBAAEAAAAAAAC~&z=1794591180

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 30ms
29ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-377962-1&cid=1388247145.1625166970&jid=119761582&_u=IEBAAEAAAAAAAC~&z=1794591180

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 43 KB
14 KB 20ms
6ms Script
text/javascript 2a02:26f0:6c00::210:baab
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f1bf333796f692318dd70e062d1efe63338e020114d1ee5847055bc82f501f44

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: pAM0.euFDysO58MEarE8oeehvhlA2XbA
Content-Encoding: gzip
ETag: "a392494e5ef76458b487317c249101f0"
x-amz-request-id: GFC88ABM5Z2RT2ET
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 13710
x-amz-id-2: TvEDMOabTBEBYHsC2LGUou2fSYFopQgXagfBlQIxp26nFbNnpsvtb6qfxVs2dCSiiuSGXrgu3fw=
Last-Modified: Wed, 23 Jun 2021 15:49:39 GMT
Server: AmazonS3
Date: Thu, 01 Jul 2021 19:16:10 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/T6GUPQIK5REDFO6FQ66AFC/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

6ms
5ms

Script
application/javascript

2a02:26f0:6c00::210:baab
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: E6Gl9B7gPbHVX38jHWUJV0Im5cXEZg8.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 6J6WV6RWN730WHRP
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 5fY3mOf86PHfXzznpqyZ93VnsPjHl6TGgYcWIYb8oAwsAUfC3CR9Q6oHbvANb3at/wFXTkgrlzE=
Last-Modified: Thu, 20 May 2021 19:48:38 GMT
Server: AmazonS3
Date: Thu, 01 Jul 2021 19:16:10 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 01 Jul 2021 19:16:10 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/ 0
773 B 19ms
9ms Script
text/javascript 2a02:26f0:6c00::210:baab
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 7g9AkGZi4HJEs6FncaQ3rFYfhWPyRk9k
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: C58K8JVHM5CR0SEH
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: EdeaMS6bQD6xNRsOoNpFb0jSTPbJEhqP8cULRuAKeRuvvWt8CoCiMDVD/bLLSN493ZVstDkUXiQ=
Last-Modified: Thu, 01 Jul 2021 11:01:13 GMT
Server: AmazonS3
Date: Thu, 01 Jul 2021 19:16:10 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/T6GUPQIK5REDFO6FQ66AFC/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/T6GUPQIK5REDFO6FQ66AFC?_s=2092507a10f5838b31f5ac59159fde2f&_b=2
https://d.adroll.com/consent/check/T6GUPQIK5REDFO6FQ66AFC/?_s=2092507a10f5838b31f5ac59159fde2f&_b=2

395 B
863 B

32ms
31ms

Script
application/javascript

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/T6GUPQIK5REDFO6FQ66AFC/?_s=2092507a10f5838b31f5ac59159fde2f&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 8e38a944c622506a8d39a23f027b96d00716e7bc7bfdfaa687200d6d46d18b8f

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-type: application/javascript
content-length: 395
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://d.adroll.com/consent/check/T6GUPQIK5REDFO6FQ66AFC/?_s=2092507a10f5838b31f5ac59159fde2f&_b=2
date: Thu, 01 Jul 2021 19:16:10 GMT
server: nginx/1.20.0
content-length: 105

POST
H/1.1 200
OK 43396c0e54 Show response
bam.nr-data.net/resources/1/ 0
148 B 103ms
103ms XHR
text/plain 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/resources/1/43396c0e54?a=20004106&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=1853&ref=https://forensics.barracudanetworks.com/r/&st=1625166968474
Requested by: Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://forensics.barracudanetworks.com
Access-Control-Allow-Credentials: true
Content-Length: 0

GET
H/1.1

200
OK

67KGJPTPU5CEJF7HLAFHW3.js Show response
s.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/
Redirect Chain

https://d.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3...
https://s.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/67KGJPTPU5CEJF7HLAFHW3.js

5 KB
3 KB

18ms
18ms

Script
text/javascript

2a02:26f0:6c00::210:baab
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/67KGJPTPU5CEJF7HLAFHW3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e91c9c4b4ae84963dbc280d466bf26bcc6ba23481ef460345bd04c4001a8f66

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Mc7qPAE5J7I1fh4bpTvCaLu5qRqCRUjd
Content-Encoding: gzip
ETag: "2b7dbb484711fd8749f7c20f91f8e111"
x-amz-request-id: W5K2QB953WT3FZJS
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1833
x-amz-id-2: vSMLIETrschZbckaGY8OxLqSuBas2meJ5r0+sP1YBDa97f2ryHSfIrY3WQ/op9w5C9UPV8C0pQ4=
Last-Modified: Thu, 01 Apr 2021 03:02:51 GMT
Server: AmazonS3
Date: Thu, 01 Jul 2021 19:16:10 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.20.0
x-rule: *
date: Thu, 01 Jul 2021 19:16:10 GMT
x-segment-eid: 67KGJPTPU5CEJF7HLAFHW3
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG/67KGJPTPU5CEJF7HLAFHW3.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: EVDJK3NJVNGOVI5VCRVBAG
x-segment-name: *
x-advertisable-eid: T6GUPQIK5REDFO6FQ66AFC
content-length: 0
x-conversion-currency

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 95 KB
24 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: d.adroll.com
URL: https://d.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&pv=12856915204.970875&cookie=&adroll_s_ref=&keyw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

31a54a93488f9711927aeb875ff1dd63a8c41359847f10f9cea7488dc65179b7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24675
x-xss-protection: 0
pragma: public
x-fb-debug: D7SjaH6RJrnqGhCsmbpgOKrPU1xPk9tHUd7fACAJ2mNACiVHVil0mJJRVgV7P1PVIbU8h01zu5ZVI6jI6972iQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 01 Jul 2021 19:16:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 11 KB
3 KB 7ms
7ms Script
text/javascript 2a02:26f0:6c00::210:baab
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/T6GUPQIK5REDFO6FQ66AFC/EVDJK3NJVNGOVI5VCRVBAG?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&xid_ch=f&pv=12856915204.970875&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: wIB3Ru.nkSItDsfRkH0CR0epWUwptmqX
Content-Encoding: gzip
ETag: "5c44da3d0ddeac28ae4c1facdfbfa217"
x-amz-request-id: 83RH4RJ7P0J4MBZV
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2719
x-amz-id-2: YbVbHgKQMLipS9WcyNWVSysm0MkJZ19rmPenqbnv4GML3xtGrf2lMjRt3nHYh8nff2STRbZsjf8=
Last-Modified: Thu, 01 Jul 2021 18:05:16 GMT
Server: AmazonS3
Date: Thu, 01 Jul 2021 19:16:10 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=0wK68fjwVdY0EvsumUfKHQ
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=0wK68fjwVdY0EvsumUfKHQ&google_tc=
https://d.adroll.com/cm/g/in

42 B
536 B

50ms
50ms

Image
image/gif

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/aol,index,l,outbrain,pubmatic,n,taboola,triplelift,r/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2...
https://eb2.3lift.com/xuid?mid=4714&xuid=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

21ms
14ms

Image
image/gif

35.156.250.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.250.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-250-242.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
442 B

23ms
7ms

Image
text/plain

2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 165
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha...
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ

43 B
344 B

20ms
14ms

Image
image/gif

3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-165-65.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ
date: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha...
https://ib.adnxs.com/setuid?entity=172&code=ZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ

43 B
1 KB

113ms
110ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Jul 2021 19:16:10 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 11f106e8-fb93-4de6-b0dc-678dd0bb61e7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 01 Jul 2021 19:16:10 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b32a8cb6-ec23-4652-b760-bfdc22c61a60
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDMwMmJhZjFmOGYwNTVkNjM0MTJmYjJlOTk0N2NhMWQ
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=d302baf1f8f055d63412fb2e9947ca1d
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d302baf1f8f055d63412fb2e9947ca1d

43 B
180 B

22ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d302baf1f8f055d63412fb2e9947ca1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.210.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
via: 1.1 google
server: OXGW/16.210.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d302baf1f8f055d63412fb2e9947ca1d
date: Thu, 01 Jul 2021 19:16:10 GMT
via: 1.1 google
server: OXGW/16.210.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413&arrfrr=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=0wK68fjwVdY0EvsumUfKHQ
https://d.adroll.com/cm/g/in

42 B
536 B

51ms
50ms

Image
image/gif

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 1770934679791682 Show response
connect.facebook.net/signals/config/ 260 KB
74 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1770934679791682?v=2.9.42&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1334120521a49265aed51b98479f660d9fa9b57d750f6937e261c5954562fee3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 75633
x-xss-protection: 0
pragma: public
x-fb-debug: wiU9GJ5qXqvF5AIQQ5XtpNUrHjKx+v4Tv6iiPGQ0z+kcrsl5a2LTIhCylKUdGwxaYPxPQ/co0kUieeImNI/25A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 01 Jul 2021 19:16:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1770934679791682&ev=PageView&dl=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dha9e6062%252Ccf4f8d8%252Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%2540gu.gonzaga.edu&rl=&if=false&ts=1625166970531&cd[segment_eid]=2CRCSIBBINE2BI4FT33HVW%2C67KGJPTPU5CEJF7HLAFHW3&sw=1600&sh=1200&v=2.9.42&r=stable&ec=0&o=29&fbp=fb.1.1625166970530.1936155649&it=1625166970492&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 01 Jul 2021 19:16:10 GMT

GET
H2 200 logo-fir-d331fa11ede00225c56662a24494be75.svg Show response
forensics.barracudanetworks.com/static/ 23 KB
6 KB 40ms
39ms XHR
image/svg+xml 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/logo-fir-d331fa11ede00225c56662a24494be75.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

0fdde643e04ed9dda3bb7d2874b400266873c444a2299aff273d14c04bf24046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.1388247145.1625166970; _gid=GA1.2.1519220627.1625166970; _gat=1; __adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413; __ar_v4=%7CT6GUPQIK5REDFO6FQ66AFC%3A20210631%3A1%7CEVDJK3NJVNGOVI5VCRVBAG%3A20210631%3A1%7C67KGJPTPU5CEJF7HLAFHW3%3A20210631%3A1; _fbp=fb.1.1625166970530.1936155649
:path: /static/logo-fir-d331fa11ede00225c56662a24494be75.svg
pragma: no-cache
x-client-version: f8bc89f0e752f43f71834062cf8cf93d94dbdcda-7462
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062,cf4f8d8,cf4f8fb&p1=ha9e6062,cf4f8d8,cf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://forensics.barracudanetworks.com/r/?id=ha9e6062,cf4f8d8,cf4f8fb&p1=ha9e6062,cf4f8d8,cf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
X-Client-Version: f8bc89f0e752f43f71834062cf8cf93d94dbdcda-7462
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 06:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130584
x-cache: Hit from cloudfront
vary: Accept-Encoding
last-modified: Fri, 18 Jun 2021 17:15:43 GMT
x-frame-options: SAMEORIGIN
etag: W/"5b54-17a201f0a18"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: image/svg+xml
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: QG5GZI8R8cUHps_8DHBfd7thKv1QcXrKrFvuEXe66wckwdtOPhnH4g==

GET
H2 200 header_forensics-7c0ea9e56724f5e0fb13fa00d1001119.jpg
forensics.barracudanetworks.com/static/ 150 KB
150 KB 29ms
29ms Image
image/jpeg 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forensics.barracudanetworks.com/static/header_forensics-7c0ea9e56724f5e0fb13fa00d1001119.jpg

Requested by

Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/static/vendor-7e5b0a913cd434325692.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

77a99918e6ea500249bc179e71ea8577cc5d3b44dfbbcd8540f20b440e5f8d2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /static/header_forensics-7c0ea9e56724f5e0fb13fa00d1001119.jpg
pragma: no-cache
cookie: _ga=GA1.2.1388247145.1625166970; _gid=GA1.2.1519220627.1625166970; _gat=1; __adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413; __ar_v4=%7CT6GUPQIK5REDFO6FQ66AFC%3A20210631%3A1%7CEVDJK3NJVNGOVI5VCRVBAG%3A20210631%3A1%7C67KGJPTPU5CEJF7HLAFHW3%3A20210631%3A1; _fbp=fb.1.1625166970530.1936155649
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/static/vendor-7e5b0a913cd434325692.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://forensics.barracudanetworks.com/static/vendor-7e5b0a913cd434325692.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 06:59:46 GMT
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Fri, 18 Jun 2021 17:15:43 GMT
age: 130584
etag: W/"25643-17a201f0a18"
x-download-options: noopen
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: WAW50-C1
content-length: 153155
x-amz-cf-id: P_HBfQqTiRRx_bxqUX6XP56FgMAmuFWHFyrYXeSaq1NYr1giVoSeZQ==

GET
DATA 200
OK truncated
/ 43 KB
43 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Request headers

Origin: https://forensics.barracudanetworks.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/octet-stream

POST
H2 200 / Show response
api-js.mixpanel.com/track/ 1 B
357 B 53ms
36ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1625166970653

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Thu, 01 Jul 2021 19:16:10 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://forensics.barracudanetworks.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 19
alt-svc: clear
content-length: 1

GET
H2 200 logo_barracuda_primary_reversed-3e946cce99c63b983a7a2a08bc6ff32f.svg Show response
forensics.barracudanetworks.com/static/ 7 KB
3 KB 42ms
42ms XHR
image/svg+xml 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/logo_barracuda_primary_reversed-3e946cce99c63b983a7a2a08bc6ff32f.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

d5dceb988688592f0261c4d7b7e6d4622988e55b098c61852adc2cb2a56c7420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.1388247145.1625166970; _gid=GA1.2.1519220627.1625166970; _gat=1; __adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413; __ar_v4=%7CT6GUPQIK5REDFO6FQ66AFC%3A20210631%3A1%7CEVDJK3NJVNGOVI5VCRVBAG%3A20210631%3A1%7C67KGJPTPU5CEJF7HLAFHW3%3A20210631%3A1; _fbp=fb.1.1625166970530.1936155649; mp_1320f2411f85edb0c4282e94ff8abaf8_mixpanel=%7B%22distinct_id%22%3A%20%2217a637ff9a620d-02a6442a764e14-5771e33-1d4c00-17a637ff9a78d3%22%2C%22%24device_id%22%3A%20%2217a637ff9a620d-02a6442a764e14-5771e33-1d4c00-17a637ff9a78d3%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:path: /static/logo_barracuda_primary_reversed-3e946cce99c63b983a7a2a08bc6ff32f.svg
pragma: no-cache
x-client-version: f8bc89f0e752f43f71834062cf8cf93d94dbdcda-7462
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/signup
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://forensics.barracudanetworks.com/signup
X-Client-Version: f8bc89f0e752f43f71834062cf8cf93d94dbdcda-7462
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 06:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130584
x-cache: Hit from cloudfront
vary: Accept-Encoding
last-modified: Fri, 18 Jun 2021 17:15:43 GMT
x-frame-options: SAMEORIGIN
etag: W/"1c13-17a201f0a18"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: image/svg+xml
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: 628gaI1Xi9vBM0jFctS42FNKvw27iSukVMICN__5kLHdpgqHzIgHpQ==

GET
H2 200 element_secondary_fir_for-dark-backgrounds-5ac4e12e8431e24f75df06e1760badfe.svg Show response
forensics.barracudanetworks.com/static/ 21 KB
6 KB 40ms
39ms XHR
image/svg+xml 54.239.192.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://forensics.barracudanetworks.com/static/element_secondary_fir_for-dark-backgrounds-5ac4e12e8431e24f75df06e1760badfe.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.192.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-192-109.waw50.r.cloudfront.net

Software

Resource Hash

f18b6621fa60b7b8b18e12b62ca41557ea64258c13b49662a0a57ccc1ce28d6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.1388247145.1625166970; _gid=GA1.2.1519220627.1625166970; _gat=1; __adroll_fpc=a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413; __ar_v4=%7CT6GUPQIK5REDFO6FQ66AFC%3A20210631%3A1%7CEVDJK3NJVNGOVI5VCRVBAG%3A20210631%3A1%7C67KGJPTPU5CEJF7HLAFHW3%3A20210631%3A1; _fbp=fb.1.1625166970530.1936155649; mp_1320f2411f85edb0c4282e94ff8abaf8_mixpanel=%7B%22distinct_id%22%3A%20%2217a637ff9a620d-02a6442a764e14-5771e33-1d4c00-17a637ff9a78d3%22%2C%22%24device_id%22%3A%20%2217a637ff9a620d-02a6442a764e14-5771e33-1d4c00-17a637ff9a78d3%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:path: /static/element_secondary_fir_for-dark-backgrounds-5ac4e12e8431e24f75df06e1760badfe.svg
pragma: no-cache
x-client-version: f8bc89f0e752f43f71834062cf8cf93d94dbdcda-7462
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: forensics.barracudanetworks.com
referer: https://forensics.barracudanetworks.com/signup
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://forensics.barracudanetworks.com/signup
X-Client-Version: f8bc89f0e752f43f71834062cf8cf93d94dbdcda-7462
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 06:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130584
x-cache: Hit from cloudfront
vary: Accept-Encoding
last-modified: Fri, 18 Jun 2021 17:15:43 GMT
x-frame-options: SAMEORIGIN
etag: W/"53d5-17a201f0a18"
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: image/svg+xml
via: 1.1 50f21cb925e6471490e080147e252d7d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: WAW50-C1
x-amz-cf-id: Cy-7wA5EhV-3mvr2TwxsQFJvanFS63qjomnBHPpKq65yJEOc5WblVQ==

GET
H3-29

200

activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272 Show response
6496512.fls.doubleclick.net/ Frame 457A
Redirect Chain

https://6496512.fls.doubleclick.net/activityi;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?
https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?

738 B
537 B

44ms
30ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?

Requested by

Host:
URL: webpack-internal:///./node_modules/jquery/dist/jquery.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef138bcb90586c21a7215c0eec9eb022273a03db39269a401458e6ada93e6b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6496512.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forensics.barracudanetworks.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Jul 2021 19:16:10 GMT
expires: Thu, 01 Jul 2021 19:16:10 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 512
x-xss-protection: 0
set-cookie: IDE=AHWqTUm8MkGdTEiCdTeUpd35WW8oLDylEP1UtFWYqW6TJwZO8iOCq_QP0UkxRXALJ6Q; expires=Tue, 26-Jul-2022 19:16:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Jul 2021 19:16:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 10ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1770934679791682&ev=PageView&dl=https%3A%2F%2Fforensics.barracudanetworks.com%2Fr%2F%3Fid%3Dha9e6062%2Ccf4f8d8%2Ccf4f8fb%26p1%3Dha9e6062%2Ccf4f8d8%2Ccf4f8fb%26p1%3Dleesfoundation.org%252Fconfig%252FTfEvUNE%253Fe%253D%23%252Fweberj%40gu.gonzaga.edu&rl=&if=false&ts=1625166970589&sw=1600&sh=1200&v=2.9.42&r=stable&ec=1&o=29&fbp=fb.1.1625166970530.1936155649&it=1625166970492&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Thu, 01 Jul 2021 19:16:10 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 9ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1770934679791682&ev=PageView&dl=https%3A%2F%2Fforensics.barracudanetworks.com%2Fsignup&rl=&if=false&ts=1625166970634&sw=1600&sh=1200&v=2.9.42&r=stable&ec=2&o=29&fbp=fb.1.1625166970530.1936155649&it=1625166970492&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:16:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Thu, 01 Jul 2021 19:16:10 GMT

GET
H2 200 dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272
adservice.google.com/ddm/fls/z/ Frame 457A 42 B
262 B 50ms
49ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272

Requested by

Host: 6496512.fls.doubleclick.net
URL: https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6496512.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 19:16:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK x42642r18819296
rs.gwallet.com/r1/pixel/ Frame 457A 43 B
385 B 431ms
105ms Image
image/gif 199.127.207.188
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rs.gwallet.com/r1/pixel/x42642r18819296
Requested by: Host: 6496512.fls.doubleclick.net
URL: https://6496512.fls.doubleclick.net/activityi;dc_pre=CJaA9d_KwvECFf0QBgAdCdcPrw;src=6496512;type=ukbat0;cat=decte0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8731492307183.272?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.127.207.188 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://6496512.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Jul 2021 19:16:11 GMT
Server: nginx/1.10.3
Vary: Origin
P3p: CP="PSAo PSDo OUR BUS DSP NON COR"
Access-Control-Allow-Origin: *
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
useSecure: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43

POST
H/1.1 200
OK 43396c0e54 Show response
bam.nr-data.net/events/1/ 24 B
198 B 104ms
104ms XHR
image/gif 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/43396c0e54?a=20004106&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=2292&ref=https://forensics.barracudanetworks.com/r/
Requested by: Host: forensics.barracudanetworks.com
URL: https://forensics.barracudanetworks.com/r/?id=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=ha9e6062%2Ccf4f8d8%2Ccf4f8fb&p1=leesfoundation.org%2Fconfig%2FTfEvUNE%3Fe%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://forensics.barracudanetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://forensics.barracudanetworks.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 04:47:42	Name: IDE Value: AHWqTUm8MkGdTEiCdTeUpd35WW8oLDylEP1UtFWYqW6TJwZO8iOCq_QP0UkxRXALJ6Q
.barracudanetworks.com/	1970-01-19 21:35:42	Name: _fbp Value: fb.1.1625166970530.1936155649
.barracudanetworks.com/	1970-01-19 19:27:33	Name: _gid Value: GA1.2.1519220627.1625166970
.barracudanetworks.com/	1970-01-19 19:26:07	Name: _gat Value: 1
.forensics.barracudanetworks.com/	1970-01-20 04:11:42	Name: __ar_v4 Value: %7CT6GUPQIK5REDFO6FQ66AFC%3A20210631%3A1%7CEVDJK3NJVNGOVI5VCRVBAG%3A20210631%3A1%7C67KGJPTPU5CEJF7HLAFHW3%3A20210631%3A1
.forensics.barracudanetworks.com/	1970-01-20 04:12:04	Name: __adroll_fpc Value: a5e7ef8a69052027a6584b0e01aa1bc4-1625166970413
.barracudanetworks.com/	1970-01-20 04:11:42	Name: mp_1320f2411f85edb0c4282e94ff8abaf8_mixpanel Value: %7B%22distinct_id%22%3A%20%2217a637ff9a620d-02a6442a764e14-5771e33-1d4c00-17a637ff9a78d3%22%2C%22%24device_id%22%3A%20%2217a637ff9a620d-02a6442a764e14-5771e33-1d4c00-17a637ff9a78d3%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
.barracudanetworks.com/	1970-01-20 12:57:18	Name: _ga Value: GA1.2.1388247145.1625166970

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: webpack-internal:///./node_modules/angular/angular.js(Line 14110) Message: TypeError: Cannot read property 'getItem' of null at LocalStorageService.getItem (webpack-internal:///./src/client/apps/components/lib/local-storage.service.js:18:39) at LocalStorageService.removeItem (webpack-internal:///./src/client/apps/components/lib/local-storage.service.js:22:22) at eval (webpack-internal:///./src/client/apps/components/config/routing/state-change.config.js:35:27) at Scope.$broadcast (webpack-internal:///./node_modules/angular/angular.js:18239:28) at eval (webpack-internal:///./node_modules/angular-ui-router/release/angular-ui-router.js:3427:22) at processQueue (webpack-internal:///./node_modules/angular/angular.js:16606:28) at eval (webpack-internal:///./node_modules/angular/angular.js:16622:27) at Scope.$eval (webpack-internal:///./node_modules/angular/angular.js:17913:28) at Scope.$digest (webpack-internal:///./node_modules/angular/angular.js:17727:31) at Scope.$apply (webpack-internal:///./node_modules/angular/angular.js:18021:24) undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6496512.fls.doubleclick.net
ads.yahoo.com
adservice.google.com
api-js.mixpanel.com
bam.nr-data.net
cdn.mxpnl.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
forensics.barracudanetworks.com
ib.adnxs.com
js-agent.newrelic.com
rs.gwallet.com
s.adroll.com
sdk.noticeable.io
stats.g.doubleclick.net
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
x.bidswitch.net
130.211.34.183
142.250.185.70
151.101.113.27
151.101.65.195
162.247.242.20
185.33.221.89
199.127.207.188
216.58.212.162
2600:1901:0:bc29::
2a00:1288:80:800::7000
2a00:1450:4001:802::200a
2a00:1450:4001:809::2002
2a00:1450:4001:809::2004
2a00:1450:4001:80f::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c08::9a
2a02:26f0:6c00::210:baab
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.124.165.65
3.248.28.111
34.98.64.218
35.156.250.242
54.239.192.109
07bf87548212f24057ba352fed5ec567dab724b44a7fc88ddc393cbc7706d033
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0fdde643e04ed9dda3bb7d2874b400266873c444a2299aff273d14c04bf24046
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1334120521a49265aed51b98479f660d9fa9b57d750f6937e261c5954562fee3
2bf5accc71b9ab97a812bd9bf34483945254afabb9ea04427c8e432de5b26c2f
31a54a93488f9711927aeb875ff1dd63a8c41359847f10f9cea7488dc65179b7
47c519883fcd928c8a83891cab10b0758e9efde431c5cf366fa098ff5c55994a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e91c9c4b4ae84963dbc280d466bf26bcc6ba23481ef460345bd04c4001a8f66
5032aa3b2136946cd7ecadd82df289ced923f78499b980046558938c757421b2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58ac27a0bd7622d7b188c3b3c8ec7e64bb833185d2c7d5815bc34c58d954b340
6a3486ea9669f5ca3381866aebd20cbd5c6c430b0dfdf6aa48dc90bac7a5369e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fa0b93dcc79d1ef847f9bc6650fed0dae8fd91d138ad82b39e534e39391e004
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
77a99918e6ea500249bc179e71ea8577cc5d3b44dfbbcd8540f20b440e5f8d2c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85531c36e82dae479860e689c0050db2c5027996d7aaf25530b6d11bd599b5ff
8e38a944c622506a8d39a23f027b96d00716e7bc7bfdfaa687200d6d46d18b8f
92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c077086365adb98725d4d41af73f98191755254030cf0ca6b9be8ae4422686ad
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
cc94bf3a5ed9a316be3514e3d58674538b4604f99fe4e313bb0ace045324483e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d5dceb988688592f0261c4d7b7e6d4622988e55b098c61852adc2cb2a56c7420
da9b3d6ac9b2c4740858241298efd2584796260589801557b2ce3d4fe3aa7be3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef138bcb90586c21a7215c0eec9eb022273a03db39269a401458e6ada93e6b11
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f18b6621fa60b7b8b18e12b62ca41557ea64258c13b49662a0a57ccc1ce28d6c
f1bf333796f692318dd70e062d1efe63338e020114d1ee5847055bc82f501f44
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

forensics.barracudanetworks.com Open in urlscan Pro 54.239.192.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

48 Requests

100 %HTTPS

50 %IPv6

23 Domains

27 Subdomains

27 IPs

5 Countries

5452 kBTransfer

23467 kBSize

8 Cookies

1 Outgoing links

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

forensics.barracudanetworks.com Open in urlscan Pro
54.239.192.109 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

100 %
HTTPS

50 %
IPv6

23
Domains

27
Subdomains

27
IPs

5
Countries

5452 kB
Transfer

23467 kB
Size

8
Cookies

48 HTTP transactions
1 data transactions