gdhfinag45.com Open in urlscan Pro
104.21.80.140 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gdhfinag45.com/AOL/
Submission: On February 07 via api (February 7th 2023, 7:21:52 am UTC) from JP — Scanned from JP

Summary HTTP 39 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 16 IPs in 7 countries across 13 domains to perform 39 HTTP transactions. The main IP is 104.21.80.140, located in and belongs to CLOUDFLARENET, US. The main domain is gdhfinag45.com.
TLS certificate: Issued by GTS CA 1P5 on January 26th 2023. Valid for: 3 months.

This is the only time gdhfinag45.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AOL (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	104.21.80.140 104.21.80.140	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4004:824::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3034::6815:508c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2406:2000:a4:... 2406:2000:a4:9fe::1	10230 (YAHOO-SG ...) (YAHOO-SG internet content provider)
10	119.161.5.251 119.161.5.251	10230 (YAHOO-SG ...) (YAHOO-SG internet content provider)
3	13.250.192.86 13.250.192.86	16509 (AMAZON-02) (AMAZON-02)
2	52.74.162.2 52.74.162.2	16509 (AMAZON-02) (AMAZON-02)
1	52.77.166.200 52.77.166.200	16509 (AMAZON-02) (AMAZON-02)
4 5	142.250.196.130 142.250.196.130	15169 (GOOGLE) (GOOGLE)
5 8	18.178.22.21 18.178.22.21	16509 (AMAZON-02) (AMAZON-02)
4	2406:da18:929... 2406:da18:929:5a01:fe74:64e1:db18:2b0	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 3	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
3 3	103.231.99.242 103.231.99.242	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	103.231.99.80 103.231.99.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	103.231.99.81 103.231.99.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	103.43.90.114 103.43.90.114	29990 (ASN-APPNEX) (ASN-APPNEX)
3 4	52.223.2.229 52.223.2.229	16509 (AMAZON-02) (AMAZON-02)
1 1	2406:2600:4::1b 2406:2600:4::1b	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.74.16 182.161.74.16	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1 2	142.251.42.198 142.251.42.198	15169 (GOOGLE) (GOOGLE)
39	16

3 104.21.80.140 (None, )

ASN13335 (CLOUDFLARENET, US)

gdhfinag45.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:824::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3034::6815:508c (United States)

ASN13335 (CLOUDFLARENET, US)

gdhfinag45.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:2000:a4:9fe::1 (Taiwan)

ASN10230 (YAHOO-SG internet content provider, SG)

fc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 119.161.5.251 (Korea, Republic Of)

ASN10230 (YAHOO-SG internet content provider, SG)
PTR: e1-rr.ycpi.jpa.yahoo.com

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.js7k.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.250.192.86 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-250-192-86.ap-southeast-1.compute.amazonaws.com

oao-js-tag.onemobile.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ap-southeast-1-web-oao.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.74.162.2 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com

service.idsync.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.77.166.200 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-77-166-200.ap-southeast-1.compute.amazonaws.com

onevideosync.uplynk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.196.130 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: nrt12s36-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.178.22.21 (Tokyo, Japan) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-178-22-21.ap-northeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2406:da18:929:5a01:fe74:64e1:db18:2b0 (Singapore)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.40.198 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.231.99.242 (Japan) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.231.99.80 (Japan) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.231.99.81 (Japan) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.43.90.114 (Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 602.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.2.229 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ade9ecc7904667038.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:2600:4::1b (Japan) 1 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

ssp-sync.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.74.16 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.42.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: nrt12s47-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	yahoo.com 5 redirects fc.yahoo.com — Cisco Umbrella Rank: 1507 oao-js-tag.onemobile.yahoo.com — Cisco Umbrella Rank: 8575 ap-southeast-1-web-oao.ssp.yahoo.com — Cisco Umbrella Rank: 48749 service.idsync.analytics.yahoo.com — Cisco Umbrella Rank: 893 ups.analytics.yahoo.com — Cisco Umbrella Rank: 274 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 414	15 KB
9	yimg.com s.yimg.com — Cisco Umbrella Rank: 471	532 KB
9	gdhfinag45.com gdhfinag45.com	96 KB
7	doubleclick.net 5 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 211 ad.doubleclick.net — Cisco Umbrella Rank: 184	3 KB
5	pubmatic.com 5 redirects image8.pubmatic.com — Cisco Umbrella Rank: 635 image2.pubmatic.com — Cisco Umbrella Rank: 872 image4.pubmatic.com — Cisco Umbrella Rank: 941	2 KB
4	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 329	2 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	3 KB
3	adsrvr.org 3 redirects match.adsrvr.org — Cisco Umbrella Rank: 304	1 KB
2	criteo.com 1 redirects ssp-sync.criteo.com — Cisco Umbrella Rank: 949 dis.criteo.com — Cisco Umbrella Rank: 696	744 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 241	609 B
1	uplynk.com onevideosync.uplynk.com — Cisco Umbrella Rank: 2799	195 B
1	js7k.com cdn.js7k.com — Cisco Umbrella Rank: 862	16 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	932 B
39	13

	Domain	Requested by
9	s.yimg.com	fc.yahoo.com s.yimg.com oao-js-tag.onemobile.yahoo.com
9	gdhfinag45.com	gdhfinag45.com
8	ups.analytics.yahoo.com	5 redirects s.yimg.com
5	cm.g.doubleclick.net	4 redirects s.yimg.com
4	eb2.3lift.com	3 redirects s.yimg.com
4	pr-bh.ybp.yahoo.com	s.yimg.com
3	ib.adnxs.com	2 redirects s.yimg.com
3	image8.pubmatic.com	3 redirects
3	match.adsrvr.org	3 redirects
2	ad.doubleclick.net	1 redirects s.yimg.com
2	service.idsync.analytics.yahoo.com	s.yimg.com oao-js-tag.onemobile.yahoo.com
2	ap-southeast-1-web-oao.ssp.yahoo.com	s.yimg.com oao-js-tag.onemobile.yahoo.com
1	dis.criteo.com	s.yimg.com
1	ssp-sync.criteo.com	1 redirects
1	image4.pubmatic.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	c.bing.com	1 redirects
1	onevideosync.uplynk.com	s.yimg.com
1	cdn.js7k.com	s.yimg.com
1	oao-js-tag.onemobile.yahoo.com	s.yimg.com
1	fc.yahoo.com	gdhfinag45.com
1	fonts.googleapis.com	gdhfinag45.com
39	22

This site contains links to these domains. Also see Links.

Domain
www.aol.com
login.aol.com
policies.oath.com

Subject Issuer	Validity	Valid
*.gdhfinag45.com GTS CA 1P5	`2023-01-26` - `2023-04-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.pubgw.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-01-19` - `2023-03-08`	2 months	crt.sh
*.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-01-19` - `2023-03-08`	2 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-12-27` - `2023-06-21`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-09-27` - `2023-03-22`	6 months	crt.sh
onevideosync.uplynk.com DigiCert SHA2 High Assurance Server CA	`2022-12-07` - `2023-03-08`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://gdhfinag45.com/AOL/
Frame ID: 8D79234CB422E1E2E1FD86EB331B2705
Requests: 13 HTTP requests in this frame

Frame: https://gdhfinag45.com/AOL/AOL_files/r-csc.html
Frame ID: 69362D31DBE07CBD8104FF797B08AF8B
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/4-10-1/html/r-csc.html
Frame ID: AEF1CBA0160B43F01E73780ACA14A137
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Frame ID: A160EAF77880797611927CBE222C967C
Requests: 20 HTTP requests in this frame

Frame: https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=yonly
Frame ID: 0ADFD0ABC4386B8447019A4E9DA25359
Requests: 2 HTTP requests in this frame

Frame: https://s.yimg.com/cv/apiv2/default/Houseads/202201/html/960_DCM-DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_AOL_detect2_platform___Malwarebytes_aonly.html
Frame ID: B544E94B55A2694CAB883BE4BE42F570
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AOL - login

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

72 %
HTTPS

29 %
IPv6

13
Domains

22
Subdomains

16
IPs

7
Countries

662 kB
Transfer

1084 kB
Size

19
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.aol.com/

Search URL Search Domain Scan URL

URL: https://login.aol.com/forgot
Title: Trouble signing in?

Search URL Search Domain Scan URL

URL: https://policies.oath.com/us/en/oath/terms/otos/index.html
Title: Terms

Search URL Search Domain Scan URL

URL: https://policies.oath.com/us/en/oath/privacy/index.html
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1STUNFUHM5RTJ1R1pMcjFyVWJQd2M2SkhQY0JRM3NsN35B&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1STUNFUHM5RTJ1R1pMcjFyVWJQd2M2SkhQY0JRM3NsN35B&gdpr=0&gdpr_consent=&google_tc=

Request Chain 25

https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true HTTP 302
https://pr-bh.ybp.yahoo.com/sync/adtech/y-K1U4HENE2uIOqLB9uQTiDXqO_LDuotY-~A

Request Chain 26

https://c.bing.com/c.gif?Red3=OATHMS_pd HTTP 302
https://pr-bh.ybp.yahoo.com/sync/msn/21C3E8211E9F6F9F1664FA901F566EBB

Request Chain 27

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aoladtech&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&_origin=0&gdpr=0&gdpr_consent=

Request Chain 28

https://image8.pubmatic.com/AdServer/ImgSync?p=156078&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D156078%26xid%3Dy-V.Qp.M5E2uVmH58KaIZQmXn6v46QpXk-~A%26gdpr%3d0%26gdpr_consent%3d%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fups.analytics.yahoo.com%252Fups%252F58292%252Fsync%253F_origin%253D0%2526gdpr%253D0%2526gdpr_consent%253D%2526uid%253D%2523PMUID%2526redir2%253Dtrue HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156078&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D156078%26xid%3Dy-V.Qp.M5E2uVmH58KaIZQmXn6v46QpXk-~A%26gdpr%3d0%26gdpr_consent%3d%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fups.analytics.yahoo.com%252Fups%252F58292%252Fsync%253F_origin%253D0%2526gdpr%253D0%2526gdpr_consent%253D%2526uid%253D%2523PMUID%2526redir2%253Dtrue&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEFFOUVDRjMtQjY3RS00RjA1LUIyMjItQUQ2RjEwQkQxOUEy&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-V.Qp.M5E2uVmH58KaIZQmXn6v46QpXk-~A&gdpr=0&gdpr_consent=&pmc=1&pr=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58292%2Fsync%3F_origin%3D0%26gdpr%3D0%26gdpr_consent%3D%26uid%3D4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2%26redir2%3Dtrue HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=0&gdpr=0&gdpr_consent=&uid=4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&redir2=true HTTP 302
https://pr-bh.ybp.yahoo.com/sync/pubmatic/4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&gdpr=0

Request Chain 29

https://ups.analytics.yahoo.com/ups/58230/sync?_origin=0&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=verizonmedia&uid=y-vaG9DHJE2uEVCqQ8qGz3U0PIL6Y0yw--~A&gdpr=0

Request Chain 30

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRWxWX1Z0RTJ1R0RiSTBiTzdHaFlreUpWbVRxTXA4b35B&gdpr=0&gdpr_consent=&_origin=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRWxWX1Z0RTJ1R0RiSTBiTzdHaFlreUpWbVRxTXA4b35B&gdpr=0&gdpr_consent=&_origin=0&google_tc= HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=false&gdpr=0&gdpr_consent=&_origin=0

Request Chain 31

https://eb2.3lift.com/getuid?&gdpr=0&cmp_cs=&redir=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58382%2Fsync%3F_origin%3D0%26ums2%3D0%26redir%3Dtrue%26uid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58382%2Fsync%3F_origin%3D0%26ums2%3D0%26redir%3Dtrue%26uid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://ups.analytics.yahoo.com/ups/58382/sync?_origin=0&ums2=0&redir=true&uid=4632081351056534461228&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/sync?px=1&gdpr=0&axid=y-b.H8G.pE2uL0qVmANzgdP7sW92mTU0Ou~A&ums2=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 33

https://ib.adnxs.com/getuid?https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55936%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26redir2%3Dtrue HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fups.analytics.yahoo.com%252Fups%252F55936%252Fsync%253Fuid%253D%2524UID%2526_origin%253D0%2526redir2%253Dtrue HTTP 302
https://ups.analytics.yahoo.com/ups/55936/sync?uid=7768182250994049699&_origin=0&redir2=true HTTP 302
https://pr-bh.ybp.yahoo.com/sync/msft/csrc/3/7768182250994049699

Request Chain 34

https://ssp-sync.criteo.com/user-sync/redirect?profile=73&gdprapplies=0&gdpr= HTTP 302
https://dis.criteo.com/dis/usersync.aspx?r=12&p=73&dis=0&url=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fredirect%3fprofile%3d73%26gdprapplies%3d0%26gdpr%3d%26uid%3d%40%40CRITEO_USERID%40%40%26dised%3dtrue&gdpr=&gdpr_consent=

Request Chain 38

https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.325653870;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.325653870;dc_pre=CJrTwYLwgv0CFQpXDwIdWWEOXQ;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

39 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
gdhfinag45.com/AOL/ 160 KB
45 KB 1242ms
675ms Document
text/html 104.21.80.140
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.80.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27b1e8e1c0a403966ac733d1f3ffa53121df5b54051ec6286debd75b468dce93

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 795a5ed82d862635-NRT
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 07 Feb 2023 07:21:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=34Qq7bxLDX62vlDPHnUgxAg14m9SfP74bk9i1lC%2FRDvs6AJUP3QBfTbHIKtJPDqfItCZYrs%2FY%2BmTEEoIFOQeut1zhh%2Bokkmy3oHLL3RTFcGk0Z5gx2MRJJw9ijonvsfsYA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 2 KB
932 B 93ms
50ms Stylesheet
text/css 2404:6800:4004:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:824::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Feb 2023 07:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 06:06:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Feb 2023 07:21:45 GMT

GET
H2 200 jquery-1.12.3.min.js Show response
gdhfinag45.com/AOL/ 95 KB
34 KB 503ms
502ms Script
application/javascript 104.21.80.140
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/jquery-1.12.3.min.js
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.80.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:46 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 20 Jan 2017 09:33:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ByoRYTZEBFaRHoMbycWhK29ALN3bbdepG3TguV9gEVrhNJjx%2BlTAmnpR5lDKIu%2FrwaOiaenBLHuWu1A5eiDpmO8qFW3z8u%2Bc0MLPPNjY86BVWS8Cdrmsbf4BFMOc%2BAxZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 795a5edc69902635-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 404 multi_step_form.js
gdhfinag45.com/AOL/ 0
0 466ms
466ms Script
text/html 104.21.80.140
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/multi_step_form.js
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.80.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:46 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWdRomtbQ0PzqSFUjjPv0JeC891Tvbvnf5EPuHJHV%2FqeJsM0wLUwGbCpgRIYdo9GwOJ4xawefkTceAGSMns5w7E%2FJHxIFQGyGn4K9%2BTAVQfQ9WssKV9U2jmLdGzAJ7tnzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 795a5edc69912635-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 boot.js
gdhfinag45.com/AOL/AOL_files/ 0
0 492ms
492ms Script
text/html 2606:4700:3034::6815:508c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/AOL_files/boot.js
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:508c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:46 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOaHDcsStTSOtaCDtXBdLyi57VMqBTQkV4O4ZJpV0tcSw2kBco%2F3wU%2FxxF3%2B1W9RUlyqUwvgkZtHU5L55OxY%2BNBw00W%2FbpoT%2Bne4IxQfnW4dJrxHNTkDmDYJ%2BAQtHfasO9x6hH8J%2F03mYLtjjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 795a5ee0fed31ee2-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 g-r-min.js
gdhfinag45.com/AOL/AOL_files/ 0
0 489ms
489ms Script
text/html 2606:4700:3034::6815:508c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/AOL_files/g-r-min.js
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:508c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:46 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtyshBFU5dl9SNc1fr5cbmhb9Ady3wJ6NmDbMtiRpb0IYXB62NkgVtnCFxtenh6R8KTt8ID%2BSVENT2mN4g4GH3xvQesVAV2gl1LOY4ShRrLDIY2owPlA63oVUX0aSsdXYrQgU%2FbHQ57bjJjddw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 795a5ee0fed41ee2-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 aol-logo-black-v.0.0.2.png
gdhfinag45.com/AOL/AOL_files/ 16 KB
16 KB 676ms
675ms Image
image/png 2606:4700:3034::6815:508c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gdhfinag45.com/AOL/AOL_files/aol-logo-black-v.0.0.2.png
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:508c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:47 GMT
cf-cache-status: MISS
last-modified: Wed, 04 Sep 2019 12:56:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOWLfQYfW1OnGLj1R%2FEsSLzmhudM75g%2FPrWBVG%2BlqmXWhSk%2FqPzwZ8Z5DcShC%2FgYG9ls44PcXeqCQOGMc%2FkrfVsdYg04pkZUv0Xao0YvO6DvFgQ8omY9CwAhLbJlNBZjGe2IWNIjGuL%2BrUq9qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 795a5ee3e84b1ee2-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16340

GET
H3 404 rapid-3.53.3.js
gdhfinag45.com/AOL/AOL_files/ 0
0 422ms
422ms Script
text/html 2606:4700:3034::6815:508c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/AOL_files/rapid-3.53.3.js
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:508c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:47 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KpPwojHzddOen253TU%2FFzjsswxuM8IPX83nchnPhZRuwI7KAA0%2BQNXnNplhshbZ61SbcG1sJ%2BS9K2qjVLYPVwZdMphP48Y2WG36h9PDP%2BD36EZ3NmlTq62IR4TpQA7KhUDZg%2Bv6p%2F7LglTR8Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 795a5ee3d8461ee2-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 client.php
gdhfinag45.com/AOL/AOL_files/ 0
0 438ms
438ms Script
text/html 2606:4700:3034::6815:508c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/AOL_files/client.php
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:508c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/AOL/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=55XICWQv8CbSpDOoSdFIK3v7E8CXb49Ks4uLGzyGcPhV4RWzTtWhgUkxVs%2FeGpXtdjvavEIwcheFkEnvypmQwtjHrbQ7v0oz1IhE0rO%2B45MtZAvaBeAlhhIttGoGXWnuujfG2dEc4jw3%2Bv5znA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 795a5ee3e84a1ee2-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 650 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a540d6790659adf104de6f73b3be7526e1729da358976fa63f366e2ca01c58d

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 404 r-csc.html Show response
gdhfinag45.com/AOL/AOL_files/ Frame 6936 315 B
659 B 275ms
274ms Document
text/html 2606:4700:3034::6815:508c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gdhfinag45.com/AOL/AOL_files/r-csc.html
Requested by: Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:508c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: https://gdhfinag45.com/AOL/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 795a5ee6a9a21ee2-NRT
content-encoding: br
content-type: text/html; charset=iso-8859-1
date: Tue, 07 Feb 2023 07:21:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LS5t8LScHZkQ2wxECKU%2FBmoKX4RLW%2BeGquJhWUbGce5bHvBizxIRkSVJu3p%2BdOI24yjYShhm0foJCDN1tA1%2F0cSwOVHmSAvkPaH0h9VRIpryj9wrh1dVPrRvMNp%2BG6ebFVkpzeMd1yHOA8cMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 12 KB
6 KB 809ms
266ms Script
text/javascript 2406:2000:a4:9fe::1
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200033&ref=https%3A%2F%2Flogin.aol.com%2F

Requested by

Host: gdhfinag45.com
URL: https://gdhfinag45.com/AOL/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2406:2000:a4:9fe::1 , Taiwan, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

Software

ATS /

Resource Hash

97ac5f03a0c9f1c1b702c3374e9d6dc94c9727524ef92bc89b3110e6f12b53e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
age: 1
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
content-length: 6071
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2 200 boot.js Show response
s.yimg.com/rq/darla/ 7 KB
4 KB 372ms
5ms Script
application/javascript 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/boot.js

Requested by

Host: fc.yahoo.com
URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200033&ref=https%3A%2F%2Flogin.aol.com%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

4530d183f6b42ae95bc7b2dafab9f38d1901b5c0e7f58253e35ec8e4215bacea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 03:32:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
x-amz-request-id: Z4S6ZDENV7AZGMVJ
age: 13785
x-amz-server-side-encryption: AES256
x-amz-id-2: oMh99oaKDGYmkdR0SRuIAyteafpSx/zZ1hUti3QnahHSi5iV4tOUn7E7u2Uq+ysxBQJmC/jNCSk=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Aug 2022 00:26:45 GMT
server: ATS
etag: "93d8df54e24138f615918242db0c49a3-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes

GET
H2 200 g-r-min.js Show response
s.yimg.com/rq/darla/4-10-1/js/ 204 KB
86 KB 3ms
3ms Script
application/javascript 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/boot.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

8c6a14a96e308f070f495f999af4e39027527d649157fe1a3ffc116870e14697

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://gdhfinag45.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 12:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
x-amz-request-id: FKJ3FX8RW26DQRVR
age: 412553
x-amz-server-side-encryption: AES256
content-length: 88197
x-amz-id-2: lfzzSY99zV4QpOWwv9aronG/Qmkh+C8ggs1EqU3gFQbZRoRe/RkT/fe+GMp0un5esuO3OGTmMd8=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Aug 2022 00:26:48 GMT
server: ATS
etag: "f6757e8569fef5f162212b684d6483ea-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=31536000
accept-ranges: bytes

GET
H2 200 r-csc.html Show response
s.yimg.com/rq/darla/4-10-1/html/ Frame AEF1 2 KB
1 KB 4ms
4ms Document
text/html 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-10-1/html/r-csc.html

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

3f1fdef4f502d2db072df997a1b83e977c3e257521551a9e4de98b1c28fa8a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gdhfinag45.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
age: 58058
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 1160
content-type: text/html; charset=utf-8
date: Mon, 06 Feb 2023 15:14:11 GMT
etag: "1ff9b6e511ccd76562520a75bae161d2-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
last-modified: Wed, 10 Aug 2022 00:26:46 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=15552000
vary: Origin, Accept-Encoding
x-amz-id-2: 72e2ARvjjS3CfrvBd9Vu3cImDPDJnXZJAHiqREHF/OsJYhJ8SCCokdXmPDBVfANO6WjBWvyxIL4=
x-amz-request-id: TGQ97SZQYR3P7DBC
x-amz-server-side-encryption: AES256
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 r-sf.html Show response
s.yimg.com/rq/darla/4-10-1/html/ Frame A160 2 KB
952 B 5ms
4ms Document
text/html 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

856189d481ed2d854451c028fac29309629eed3301211fe4fe582058f13a3f92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gdhfinag45.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
age: 85885
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 753
content-type: text/html; charset=utf-8
date: Mon, 06 Feb 2023 07:30:24 GMT
etag: "630dfb686b2205755bab511d73ed42dd-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
last-modified: Wed, 10 Aug 2022 00:26:46 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=15552000
vary: Origin, Accept-Encoding
x-amz-id-2: pRp6YQdXIKXUtU/KfF8FVWXGhc97sCiTsSWYFexv0ynWokhjKscnYEqIGvkRhFIArcCisjOcbyQ=
x-amz-request-id: 3MA77P8BBWAGYG3X
x-amz-server-side-encryption: AES256
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 sfext-min.js Show response
s.yimg.com/rq/darla/4-10-1/js/ Frame A160 63 KB
27 KB 4ms
4ms Script
application/javascript 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-10-1/js/sfext-min.js

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

eb2783e0f4ae428363f7e36fc4ecb4057dbae329d858efee6775ba60f254a81d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 05:22:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
x-amz-request-id: R4AFJ7020S9Z3B39
age: 1130363
x-amz-server-side-encryption: AES256
x-amz-id-2: vwVKXFKJeq8BXNBCxuZCs2eVLXGLEzhcUyfMsZOuxwKHO6mmkPXwK+7G6Is3pQemmr0VXF1XsAo=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Aug 2022 00:26:49 GMT
server: ATS
etag: "a84b48cbebd5379f03b1e428526ec262-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=31536000
accept-ranges: bytes

GET
H2 200 adServe.do Show response
oao-js-tag.onemobile.yahoo.com/admax/ Frame A160 3 KB
2 KB 355ms
104ms Script
application/x-javascript 13.250.192.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://oao-js-tag.onemobile.yahoo.com/admax/adServe.do?ypubblob=_RSHASH_|_PVID_|794200033|RICH|_ADTIME_&brxdSectionId=&req(url)=https://login.aol.com/&pos=y963897761_marketing_house&secure=1&wd=1440&ht=1024&brxdPublisherId=20459933223&brxdSiteId=4465551&csrtype=5&of=js
Requested by: Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/sfext-min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.250.192.86 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-250-192-86.ap-southeast-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: b7847225f1cdfa154d115c9d786385e351673bb992a93821eb21a453352ecbe8

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:48 GMT
content-encoding: gzip
server: ATS/9.1.10.25
age: 0
vary: Accept-Encoding, User-Agent
content-type: application/x-javascript;charset=utf-8
cache-control: no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
content-length: 1424
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adEvent.do
ap-southeast-1-web-oao.ssp.yahoo.com/admax/ Frame A160 43 B
316 B 279ms
100ms Image
image/gif 13.250.192.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap-southeast-1-web-oao.ssp.yahoo.com/admax/adEvent.do?tidi=770939311&dcn=8a9690b201747491434f92b994ff0035&posi=1463393&grp=%3F%3F%3F&nl=1675754508056&rts=1675754508026&pix=1&et=1&a=1D4QEDEwLjLWqCjYgLyCjQNPMjAwMQAAAAAALkdW-0&m=aXAtMTAtMjItMTM5LTYx&b=MTMxMjM7VVMgLSBIb3VzZS9QU0EgQmFja3VwOz8_Pzs7OztkMDBkZGM5MjA0OGE0YzllYWYwZDUwYjI0MTBhM2RmOTsyOTQ2Mjc4ODsxNjc1NzUxNDQ5OzswOzswOztwYXNzYmFjay0xMTM2MTs7MTsxOw..&xdi=Pz8_fEdvb2dsZXxOVCAxMC4wfDE3fERlc2t0b3A.&xoi=MHxKUE4.&hb=true&type=5&af=7&dety=5
Requested by: Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/sfext-min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.250.192.86 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-250-192-86.ap-southeast-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:48 GMT
last-modified: Mon, 06 Feb 2023 19:54:12 GMT
server: ATS/9.1.10.25
accept-ranges: bytes
age: 0
content-length: 43
content-type: image/gif

GET
H2 200 pixels Show response
service.idsync.analytics.yahoo.com/sp/v0/ Frame A160 19 B
78 B 783ms
481ms Script
application/javascript 52.74.162.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://service.idsync.analytics.yahoo.com/sp/v0/pixels?referrer=&limit=12&us_privacy=null&js=1&_origin=1&gdpr=0&euconsent=

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/sfext-min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.74.162.2 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
server: ATS/9.1.10.25
age: 1
content-type: application/javascript

GET
H2 200 talon-1.0.40.js Show response
cdn.js7k.com/ix/ Frame A160 69 KB
16 KB 290ms
3ms Script
application/javascript 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/ix/talon-1.0.40.js

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/sfext-min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 06:32:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
x-amz-request-id: 7JJY1RCAWG11FM34
age: 2954
x-amz-server-side-encryption: AES256
content-length: 16540
x-amz-id-2: TStQbIBYX6BtVq0IKh9fSfu1UoTz80QbDAy7/FZ7vroEpWTbCsTjUWkMNGJkKSk73B8/14ML8Pg=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Apr 2022 16:08:42 GMT
server: ATS
etag: "adf514fab5c3f95007c73e6c3c901bfe-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=14400
accept-ranges: bytes

GET
H2 200 index.html Show response
s.yimg.com/cv/apiv2/default/houseAdsExchange/ Frame 0ADF 5 KB
2 KB 429ms
428ms Document
text/html 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=yonly

Requested by

Host: oao-js-tag.onemobile.yahoo.com
URL: https://oao-js-tag.onemobile.yahoo.com/admax/adServe.do?ypubblob=_RSHASH_|_PVID_|794200033|RICH|_ADTIME_&brxdSectionId=&req(url)=https://login.aol.com/&pos=y963897761_marketing_house&secure=1&wd=1440&ht=1024&brxdPublisherId=20459933223&brxdSiteId=4465551&csrtype=5&of=js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

d28377f1af0c55467353355bf408fc6faf7d9de21ddbf99513ccade70a2ea7cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2
cache-control: max-age=300
content-encoding: gzip
content-length: 1759
content-type: text/html
date: Tue, 07 Feb 2023 07:21:50 GMT
etag: "2387eef8fb3705efb7ac06493666e5c0-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
last-modified: Tue, 18 Aug 2020 14:24:50 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=15552000
vary: Accept-Encoding,Origin
x-amz-id-2: a2+HSTFszNq5Ya0O+X+Vwh2YoiJGuibBYOztOhO32eRIjATRVL0pKjr1E/NRPkdCwRp5OUm4HWw=
x-amz-request-id: RM4R0M6S67CQNMPT
x-amz-server-side-encryption: AES256
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pixels Show response
service.idsync.analytics.yahoo.com/sp/v0/ Frame A160 2 KB
3 KB 115ms
114ms Script
application/javascript 52.74.162.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://service.idsync.analytics.yahoo.com/sp/v0/pixels?referrer=login.aol.com&limit=12&us_privacy=null&js=1&_origin=1&gdpr=0&euconsent=

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.74.162.2 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

1b6eaec6bc911b089ae34efa103e65ebf3852d0d897e0333a165aa17efac0554

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
server: ATS/9.1.10.25
age: 0
content-type: application/javascript

GET
H2 200 adEvent.do
ap-southeast-1-web-oao.ssp.yahoo.com/admax/ Frame A160 43 B
70 B 109ms
108ms Image
image/gif 13.250.192.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap-southeast-1-web-oao.ssp.yahoo.com/admax/adEvent.do?tidi=770939311&dcn=8a969571017474b0b2abb0db05250007&posi=1471518&grp=%3F%3F%3F&nl=1675754508886&rts=1675754508857&pix=1&et=1&a=4216fce6c29540b3875d3eb853a94a75&m=aXAtMTAtMjItMTQ5LTEz&b=MTMxMjM7VVMgLSBIb3VzZS9QU0EgQmFja3VwOz8_Pzs7OzszZjQ5ZTQ1NWE5NjE0YjRkOWViNDdjMDQxMjE4ZDk3ODsyOTQ2Mjc4ODsxNjc1NzUxNDQ5OzswOzswOztwYXNzYmFjay0xMTM2MDs7MTsxOw..&uid=y-8xGwTTJE2rP.h5HEvIGgRuxXfprpmsF6AevGGmeITL5V%7EA&xdi=Q2hyb21lIC0gV2luZG93c3xHb29nbGV8TlQgMTAuMHwxN3xEZXNrdG9w&xoi=MHxKUE4.&af=7&dety=5
Requested by: Host: oao-js-tag.onemobile.yahoo.com
URL: https://oao-js-tag.onemobile.yahoo.com/admax/adServe.do?ypubblob=_RSHASH_|_PVID_|794200033|RICH|_ADTIME_&brxdSectionId=&req(url)=https://login.aol.com/&pos=y963897761_marketing_house&secure=1&wd=1440&ht=1024&brxdPublisherId=20459933223&brxdSiteId=4465551&csrtype=5&of=js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.250.192.86 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-250-192-86.ap-southeast-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:48 GMT
last-modified: Mon, 06 Feb 2023 19:54:12 GMT
server: ATS/9.1.10.25
accept-ranges: bytes
age: 0
content-length: 43
content-type: image/gif

GET
H2 200 usync
onevideosync.uplynk.com/ Frame A160 0
195 B 463ms
89ms Image
text/plain 52.77.166.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onevideosync.uplynk.com/usync?key=onevideo&comboId=y-rT_rPLxE2uFsB0vS.515K.rET_7NOTZi~A&gdpr=0&gdpr_consent=
Requested by: Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.77.166.200 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-77-166-200.ap-southeast-1.compute.amazonaws.com
Software: ribs2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
server: ribs2.0
content-length: 0
content-type: text/plain

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A160
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1STUNFUHM5RTJ1R1pMcjFyVWJQd2M2SkhQY0JRM3NsN35B&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1STUNFUHM5RTJ1R1pMcjFyVWJQd2M2SkhQY0JRM3NsN35B&gdpr=0&gdpr_consent=&google_tc=

170 B
243 B

40ms
39ms

Image
image/png

142.250.196.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1STUNFUHM5RTJ1R1pMcjFyVWJQd2M2SkhQY0JRM3NsN35B&gdpr=0&gdpr_consent=&google_tc=

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

142.250.196.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s36-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1STUNFUHM5RTJ1R1pMcjFyVWJQd2M2SkhQY0JRM3NsN35B&gdpr=0&gdpr_consent=&google_tc=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

y-K1U4HENE2uIOqLB9uQTiDXqO_LDuotY-~A
pr-bh.ybp.yahoo.com/sync/adtech/ Frame A160
Redirect Chain

https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true
https://pr-bh.ybp.yahoo.com/sync/adtech/y-K1U4HENE2uIOqLB9uQTiDXqO_LDuotY-~A

43 B
426 B

243ms
97ms

Image
image/gif

2406:da18:929:5a01:fe74:64e1:db18:2b0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/adtech/y-K1U4HENE2uIOqLB9uQTiDXqO_LDuotY-~A

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

2406:da18:929:5a01:fe74:64e1:db18:2b0 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/adtech/y-K1U4HENE2uIOqLB9uQTiDXqO_LDuotY-~A
date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

21C3E8211E9F6F9F1664FA901F566EBB
pr-bh.ybp.yahoo.com/sync/msn/ Frame A160
Redirect Chain

https://c.bing.com/c.gif?Red3=OATHMS_pd
https://pr-bh.ybp.yahoo.com/sync/msn/21C3E8211E9F6F9F1664FA901F566EBB

43 B
601 B

177ms
98ms

Image
image/gif

2406:da18:929:5a01:fe74:64e1:db18:2b0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/msn/21C3E8211E9F6F9F1664FA901F566EBB

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

2406:da18:929:5a01:fe74:64e1:db18:2b0 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D965AD1B51BB4EBEA0572923BFAFDF19 Ref B: TYO01EDGE1910 Ref C: 2023-02-07T07:21:49Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://pr-bh.ybp.yahoo.com/sync/msn/21C3E8211E9F6F9F1664FA901F566EBB
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55953/ Frame A160
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aoladtech&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&_origin=0&gdpr=0&gdpr_consent=

0
17 B

14ms
14ms

Image
text/plain

18.178.22.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&_origin=0&gdpr=0&gdpr_consent=

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

18.178.22.21 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-178-22-21.ap-northeast-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:49 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&_origin=0&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 267

GET
H2

200

4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&gdpr=0
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame A160
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156078&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D156078%26xid%3Dy-V.Qp.M5E2uVmH58KaIZQmXn6v46QpXk-~A%2...
https://image8.pubmatic.com/AdServer/ImgSync?p=156078&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D156078%26xid%3Dy-V.Qp.M5E2uVmH58KaIZQmXn6v46QpXk-~A%2...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEFFOUVDRjMtQjY3RS00RjA1LUIyMjItQUQ2RjEwQkQxOUEy&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-V.Qp.M5E2uVmH58KaIZQmXn6v46QpXk-~A&gdpr=0&gdpr_consent=&pmc=1&pr=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58292%2Fsync%3F_origi...
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=0&gdpr=0&gdpr_consent=&uid=4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&redir2=true
https://pr-bh.ybp.yahoo.com/sync/pubmatic/4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&gdpr=0

43 B
601 B

104ms
103ms

Image
image/gif

2406:da18:929:5a01:fe74:64e1:db18:2b0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&gdpr=0

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

2406:da18:929:5a01:fe74:64e1:db18:2b0 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/pubmatic/4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2&gdpr=0
date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

setuid
ib.adnxs.com/prebid/ Frame A160
Redirect Chain

https://ups.analytics.yahoo.com/ups/58230/sync?_origin=0&redir=true&gdpr=0&gdpr_consent=
https://ib.adnxs.com/prebid/setuid?bidder=verizonmedia&uid=y-vaG9DHJE2uEVCqQ8qGz3U0PIL6Y0yw--~A&gdpr=0

43 B
1 KB

518ms
130ms

Image
image/gif

103.43.90.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=verizonmedia&uid=y-vaG9DHJE2uEVCqQ8qGz3U0PIL6Y0yw--~A&gdpr=0

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

HTTP/1.1

Server

103.43.90.114 , Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

602.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Feb 2023 07:21:49 GMT
AN-X-Request-Uuid: 05376639-ddf2-427c-ba57-0dd908e2be3d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.138.252.164; 217.138.252.164; 602.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/prebid/setuid?bidder=verizonmedia&uid=y-vaG9DHJE2uEVCqQ8qGz3U0PIL6Y0yw--~A&gdpr=0
date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58281/ Frame A160
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRWxWX1Z0RTJ1R0RiSTBiTzdHaFlreUpWbVRxTXA4b35B&gdpr=0&gdpr_consent=&_origin=0
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRWxWX1Z0RTJ1R0RiSTBiTzdHaFlreUpWbVRxTXA4b35B&gdpr=0&gdpr_consent=&_origin=0&google_tc=
https://ups.analytics.yahoo.com/ups/58281/sync?redir=false&gdpr=0&gdpr_consent=&_origin=0

0
17 B

12ms
11ms

Image
text/plain

18.178.22.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=false&gdpr=0&gdpr_consent=&_origin=0

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

18.178.22.21 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-178-22-21.ap-northeast-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ups.analytics.yahoo.com/ups/58281/sync?redir=false&gdpr=0&gdpr_consent=&_origin=0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame A160
Redirect Chain

https://eb2.3lift.com/getuid?&gdpr=0&cmp_cs=&redir=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58382%2Fsync%3F_origin%3D0%26ums2%3D0%26redir%3Dtrue%26uid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58382%2Fsync%3F_origin%3D0%26ums2%3D0%26redir%3Dtrue%26uid%3D%24UID%26gdpr%3D0%26gdp...
https://ups.analytics.yahoo.com/ups/58382/sync?_origin=0&ums2=0&redir=true&uid=4632081351056534461228&gdpr=0&gdpr_consent=
https://eb2.3lift.com/sync?px=1&gdpr=0&axid=y-b.H8G.pE2uL0qVmANzgdP7sW92mTU0Ou~A&ums2=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

79ms
79ms

Image
image/gif

52.223.2.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Protocol: H2
Server: 52.223.2.229 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 07 Feb 2023 07:21:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:49 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://eb2.3lift.com/xuid?mid=3658&xuid=9e9424f3-9fc8-4054-a75d-7f5a8e96afdb&dongle=0cfd&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 251

GET
H2 204 sync
ups.analytics.yahoo.com/ups/56613/ Frame A160 0
494 B 224ms
20ms Image
text/plain 18.178.22.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/56613/sync?_origin=0&gdpr=0&gdpr_consent=

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.178.22.21 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-178-22-21.ap-northeast-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

7768182250994049699
pr-bh.ybp.yahoo.com/sync/msft/csrc/3/ Frame A160
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55936%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26redir2%3Dtrue
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fups.analytics.yahoo.com%252Fups%252F55936%252Fsync%253Fuid%253D%2524UID%2526_origin%253D0%2526redir2%253Dtrue
https://ups.analytics.yahoo.com/ups/55936/sync?uid=7768182250994049699&_origin=0&redir2=true
https://pr-bh.ybp.yahoo.com/sync/msft/csrc/3/7768182250994049699

43 B
601 B

75ms
75ms

Image
image/gif

2406:da18:929:5a01:fe74:64e1:db18:2b0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/msft/csrc/3/7768182250994049699

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

2406:da18:929:5a01:fe74:64e1:db18:2b0 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/msft/csrc/3/7768182250994049699
date: Tue, 07 Feb 2023 07:21:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

usersync.aspx
dis.criteo.com/dis/ Frame A160
Redirect Chain

https://ssp-sync.criteo.com/user-sync/redirect?profile=73&gdprapplies=0&gdpr=
https://dis.criteo.com/dis/usersync.aspx?r=12&p=73&dis=0&url=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fredirect%3fprofile%3d73%26gdprapplies%3d0%26gdpr%3d%26uid%3d%40%40CRITEO_USERID%40%40%26...

43 B
363 B

23ms
11ms

Image
image/gif

182.161.74.16
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=12&p=73&dis=0&url=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fredirect%3fprofile%3d73%26gdprapplies%3d0%26gdpr%3d%26uid%3d%40%40CRITEO_USERID%40%40%26dised%3dtrue&gdpr=&gdpr_consent=

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html

Protocol

Server

182.161.74.16 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:48 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 177002
expires: Tue, 07 Feb 2023 00:00:00 GMT

Redirect headers

location: https://dis.criteo.com/dis/usersync.aspx?r=12&p=73&dis=0&url=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fredirect%3fprofile%3d73%26gdprapplies%3d0%26gdpr%3d%26uid%3d%40%40CRITEO_USERID%40%40%26dised%3dtrue&gdpr=&gdpr_consent=
date: Tue, 07 Feb 2023 07:21:49 GMT
cache-control: no-store,max-age=0
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Kestrel
content-length: 0

GET
H2 200 ads.js Show response
s.yimg.com/cv/apiv2/default/houseAdsExchange/ Frame 0ADF 34 KB
3 KB 490ms
489ms Script
application/javascript 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/cv/apiv2/default/houseAdsExchange/ads.js?cb=1675754509

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=yonly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

b25b39a688c311a383a5a06b0250bc2c7118687707103c1aa6789fbf5a5422c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=yonly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 07:21:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
x-amz-request-id: RM4XTJHST23SGAZW
age: 0
x-amz-server-side-encryption: AES256
x-amz-id-2: QVjc/dPnfIKk9OFj/cG9HPx0xn7c5LIO8vzYectimccUk1dfe5SfoRGJLkvkpRAb0n/NJg5Urkw=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Jan 2023 16:30:15 GMT
server: ATS
etag: "125aae22ddbda16fbc9575366dd6acfb-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding,Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes

GET
H2 200 960_DCM-DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_AOL_detect2_platform___Malwarebytes_aonly.html Show response
s.yimg.com/cv/apiv2/default/Houseads/202201/html/ Frame B544 676 B
907 B 5ms
5ms Document
text/html 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/cv/apiv2/default/Houseads/202201/html/960_DCM-DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_AOL_detect2_platform___Malwarebytes_aonly.html

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=yonly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

45559e5b76b295695897988fc49a1501c181da9ca013c6a8c222d5a3fd188be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=yonly
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 4759739
cache-control: max-age=31536000
content-length: 676
content-type: text/html
date: Wed, 14 Dec 2022 05:12:53 GMT
etag: "632b6c4f5ecf70330b270c3768b452e2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
last-modified: Wed, 19 Jan 2022 16:47:08 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=15552000
vary: Origin
x-amz-id-2: CLbKF7BSJJBCYgWOubOMMh1CS3u4NKDSs1sOCUd7CFPZXDnQPWABJbAImwsqkI9uEIXBVs3ht1o=
x-amz-request-id: TZA72ENMZTZ5F5QW
x-amz-server-side-encryption: AES256
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 AOL_detect2_platform___Malwarebytes.jpg
s.yimg.com/cv/apiv2/default/Houseads/202201/ Frame B544 407 KB
407 KB 5ms
5ms Image
image/jpeg 119.161.5.251
YAHOO-SG internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/cv/apiv2/default/Houseads/202201/AOL_detect2_platform___Malwarebytes.jpg

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/cv/apiv2/default/Houseads/202201/html/960_DCM-DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_AOL_detect2_platform___Malwarebytes_aonly.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

119.161.5.251 , Korea, Republic Of, ASN10230 (YAHOO-SG internet content provider, SG),

Reverse DNS

e1-rr.ycpi.jpa.yahoo.com

Software

ATS /

Resource Hash

c080601c6e9b3a8b9462a8272ce6054e7084df135dd2ab70711084dac348c7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/cv/apiv2/default/Houseads/202201/html/960_DCM-DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_AOL_detect2_platform___Malwarebytes_aonly.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 30 Dec 2022 12:14:18 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
x-amz-request-id: XMXCFYAK9H7P9ZBX
age: 3352053
x-amz-server-side-encryption: AES256
content-length: 416328
x-amz-id-2: Fv4ndwJOYw+9RwYqFOllHBguEdfFMGL8Q/dcBZbgcvDrZwZvFEYOpZcNCC98aAevy5xgGPfK8mU=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 12:54:10 GMT
server: ATS
etag: "1e6d6118fec5183d6c600f777560f027"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes

GET
H2

200

B23644564.325653870;dc_pre=CJrTwYLwgv0CFQpXDwIdWWEOXQ;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$...
ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/ Frame B544
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.325653870;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;t...
https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.325653870;dc_pre=CJrTwYLwgv0CFQpXDwIdWWEOXQ;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;t...

42 B
118 B

65ms
64ms

Image
image/gif

142.251.42.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.325653870;dc_pre=CJrTwYLwgv0CFQpXDwIdWWEOXQ;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Protocol

Server

142.251.42.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s47-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://s.yimg.com/cv/apiv2/default/Houseads/202201/html/960_DCM-DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_AOL_detect2_platform___Malwarebytes_aonly.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Feb 2023 07:21:50 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.325653870;dc_pre=CJrTwYLwgv0CFQpXDwIdWWEOXQ;dc_trk_aid=472972902;dc_trk_cid=127172993;ord=_ADTIME_;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 11:38:50	Name: sync Value: CgkIOhDNqYLW4jA=
.yahoo.com/	1970-01-20 18:15:12	Name: A3 Value: d=AQABBAz84WMCEBEoVCtE2-FsSXEDSBza1OwFEgEBAQFN42PrYwAAAAAA_eMAAA&S=AQAAArtdT1mEC_BsFjG08lXYFiU
.analytics.yahoo.com/	1970-01-20 18:14:50	Name: IDSYNC Value: "18qt~29uv:18yl~29uv:18vj~29uv:190j~29uv:1769~29uv:18z8~29uv:18xn~29uv:18yx~29uv:191q~29uv:17ol~29uv:175s~29uv:19a3~29uv:18xi~29uv"
.pubmatic.com/	1970-01-20 09:30:40	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 11:38:50	Name: SyncRTB3 Value: 1676937600%3A220
.pubmatic.com/	1970-01-20 18:14:50	Name: KADUSERCOOKIE Value: 4AE9ECF3-B67E-4F05-B222-AD6F10BD19A2
.adsrvr.org/	1970-01-20 18:14:50	Name: TDID Value: 9e9424f3-9fc8-4054-a75d-7f5a8e96afdb
.bing.com/	1970-01-20 18:50:50	Name: MUID Value: 21C3E8211E9F6F9F1664FA901F566EBB
.c.bing.com/	1970-01-20 09:39:19	Name: MR Value: 0
.doubleclick.net/	1970-01-20 19:05:14	Name: IDE Value: AHWqTUn3RQKjx4sKckxDk5CusoxFxKE7tOYl70QCyfGZ9PIr48XGhO4JPvWdODQ9W0Q
.3lift.com/	1970-01-20 11:38:50	Name: tluid Value: 4632081351056534461228
.pubmatic.com/	1970-01-20 09:30:40	Name: pi Value: 156078:3
.pubmatic.com/	1970-01-20 11:38:50	Name: chkChromeAb67Sec Value: 2
.pubmatic.com/	1970-01-20 10:12:26	Name: SPugT Value: 1675754508
.uplynk.com/	1970-01-20 18:50:50	Name: COMBOID Value: "comboid=y-rT_rPLxE2uFsB0vS.515K.rET_7NOTZi~A\|expires_at=1683530509"
.adsrvr.org/	1970-01-20 18:14:50	Name: TDCPM Value: CAESFgoHc3Z4OXQ1MBILCKqp3KvAucQ7EAUYASABKAIyCwiqod_Y1rnEOxAFOAFaB3N2eDl0NTBgAg..
.adnxs.com/	1970-01-20 11:38:50	Name: uuid2 Value: 7768182250994049699
.adnxs.com/	1970-01-20 11:38:50	Name: anj Value: dTM7k!M4.FD>6NRF']wIg2C'$9nXAp!@wnf-Te9(SG_>q1ay.b?U6qipak^InX7kVq8Njnmhj4CAg-p(I+jd59XN^/gin1.'oiM9S/)9T5_m!x%m7*f(j^
.adnxs.com/	1970-01-20 11:38:50	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJ2ZXJpem9ubWVkaWEiOnsidWlkIjoieS12YUc5REhKRTJ1RVZDcVE4cUd6M1UwUElMNlkweXctLX5BIiwiZXhwaXJlcyI6IjIwMjMtMDUtMDhUMDc6MjE6NDlaIn19LCJiaXJ0aGRheSI6IjIwMjMtMDItMDdUMDc6MjE6NDlaIn0=

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://gdhfinag45.com/AOL/multi_step_form.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gdhfinag45.com/AOL/AOL_files/g-r-min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gdhfinag45.com/AOL/AOL_files/boot.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gdhfinag45.com/AOL/AOL_files/rapid-3.53.3.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gdhfinag45.com/AOL/AOL_files/client.php Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gdhfinag45.com/AOL/AOL_files/r-csc.html Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js Message: Unrecognized feature: 'vr'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ap-southeast-1-web-oao.ssp.yahoo.com
c.bing.com
cdn.js7k.com
cm.g.doubleclick.net
dis.criteo.com
eb2.3lift.com
fc.yahoo.com
fonts.googleapis.com
gdhfinag45.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
match.adsrvr.org
oao-js-tag.onemobile.yahoo.com
onevideosync.uplynk.com
pr-bh.ybp.yahoo.com
s.yimg.com
service.idsync.analytics.yahoo.com
ssp-sync.criteo.com
ups.analytics.yahoo.com
103.231.99.242
103.231.99.80
103.231.99.81
103.43.90.114
104.21.80.140
119.161.5.251
13.250.192.86
142.250.196.130
142.251.42.198
18.178.22.21
182.161.74.16
2404:6800:4004:824::200a
2406:2000:a4:9fe::1
2406:2600:4::1b
2406:da18:929:5a01:fe74:64e1:db18:2b0
2606:4700:3034::6815:508c
2620:1ec:c11::200
52.223.2.229
52.223.40.198
52.74.162.2
52.77.166.200
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1a540d6790659adf104de6f73b3be7526e1729da358976fa63f366e2ca01c58d
1b6eaec6bc911b089ae34efa103e65ebf3852d0d897e0333a165aa17efac0554
27b1e8e1c0a403966ac733d1f3ffa53121df5b54051ec6286debd75b468dce93
3f1fdef4f502d2db072df997a1b83e977c3e257521551a9e4de98b1c28fa8a39
4530d183f6b42ae95bc7b2dafab9f38d1901b5c0e7f58253e35ec8e4215bacea
45559e5b76b295695897988fc49a1501c181da9ca013c6a8c222d5a3fd188be8
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
856189d481ed2d854451c028fac29309629eed3301211fe4fe582058f13a3f92
8c6a14a96e308f070f495f999af4e39027527d649157fe1a3ffc116870e14697
97ac5f03a0c9f1c1b702c3374e9d6dc94c9727524ef92bc89b3110e6f12b53e8
b25b39a688c311a383a5a06b0250bc2c7118687707103c1aa6789fbf5a5422c1
b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3
b7847225f1cdfa154d115c9d786385e351673bb992a93821eb21a453352ecbe8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c080601c6e9b3a8b9462a8272ce6054e7084df135dd2ab70711084dac348c7ab
c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397
d28377f1af0c55467353355bf408fc6faf7d9de21ddbf99513ccade70a2ea7cf
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb2783e0f4ae428363f7e36fc4ecb4057dbae329d858efee6775ba60f254a81d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690

gdhfinag45.com Open in urlscan Pro 104.21.80.140 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

39 Requests

72 %HTTPS

29 %IPv6

13 Domains

22 Subdomains

16 IPs

7 Countries

662 kBTransfer

1084 kBSize

19 Cookies

4 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

gdhfinag45.com Open in urlscan Pro
104.21.80.140 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

72 %
HTTPS

29 %
IPv6

13
Domains

22
Subdomains

16
IPs

7
Countries

662 kB
Transfer

1084 kB
Size

19
Cookies

39 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!