ats.eccmp.com Open in urlscan Pro
63.148.46.75 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe
Submission: On May 27 via manual (May 27th 2021, 10:54:46 am UTC) from TW

Summary HTTP 14 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 14 HTTP transactions. The main IP is 63.148.46.75, located in United States and belongs to ASN-CHEETA-MAIL, US. The main domain is ats.eccmp.com.

This is the only time ats.eccmp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	63.148.46.75 63.148.46.75	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
4	2600:9000:20e... 2600:9000:20eb:f000:1e:b154:3480:93a1	16509 (AMAZON-02) (AMAZON-02)
1	173.213.4.176 173.213.4.176	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
7	198.176.166.187 198.176.166.187	397973 (CDS-GLOBA...) (CDS-GLOBAL-01)
1 2	198.176.166.174 198.176.166.174	397973 (CDS-GLOBA...) (CDS-GLOBAL-01)
14	5

1 63.148.46.75 (United States)

ASN53316 (ASN-CHEETA-MAIL, US)
PTR: ats.eccmp.com

ats.eccmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20eb:f000:1e:b154:3480:93a1 (United States)

ASN16509 (AMAZON-02, US)

fonts.natgeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.213.4.176 (United States)

ASN53316 (ASN-CHEETA-MAIL, US)

l.orders.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 198.176.166.187 (United States)

ASN397973 (CDS-GLOBAL-01, US)
PTR: w1.buysub.com

w1.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.176.166.174 (United States) 1 redirects

ASN397973 (CDS-GLOBAL-01, US)
PTR: 174-ngm-eng.buysub.com

ngkidsubs.nationalgeographic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	buysub.com l.orders.buysub.com w1.buysub.com	1 MB
4	natgeo.com fonts.natgeo.com	125 KB
2	nationalgeographic.com 1 redirects ngkidsubs.nationalgeographic.com	1 KB
1	eccmp.com ats.eccmp.com	13 KB
14	4

	Domain	Requested by
7	w1.buysub.com	ats.eccmp.com
4	fonts.natgeo.com	ats.eccmp.com fonts.natgeo.com
2	ngkidsubs.nationalgeographic.com	1 redirects ats.eccmp.com
1	l.orders.buysub.com	ats.eccmp.com
1	ats.eccmp.com
14	5

This site contains links to these domains. Also see Links.

Domain
l.orders.buysub.com

Subject Issuer	Validity	Valid
fonts.natgeo.com Amazon	`2021-04-17` - `2022-05-16`	a year	crt.sh
*.buysub.com DigiCert SHA2 Secure Server CA	`2019-07-05` - `2021-07-09`	2 years	crt.sh
ngmdomsubs.nationalgeographic.com Entrust Certification Authority - L1K	`2020-06-03` - `2022-06-03`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe
Frame ID: CE0E0E3C581C50406B8DA28563A2B576
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx?(?:$|\?)/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /\.aspx?(?:$|\?)/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx?(?:$|\?)/i

Page Statistics

14
Requests

86 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

1266 kB
Transfer

1299 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://l.orders.buysub.com/rts/go2.aspx?h=159574&tp=i-16IJ-Gs-C9y-iFzd-1n-i60p-1c-Mg8-G-l66oKMkZDi-1Lepow&x=30381
Title: RESTART YOUR NATIONAL GEOGRAPHIC KIDS GIFT SUBSCRIPTION NOW

Search URL Search Domain Scan URL

URL: http://l.orders.buysub.com/rts/go2.aspx?h=159571&tp=i-16IJ-Gs-C9y-iFzd-1n-i60p-1c-Mg8-G-l66oKMkZDi-1Lepow

Search URL Search Domain Scan URL

URL: http://l.orders.buysub.com/rts/go2.aspx?h=159572&tp=i-16IJ-Gs-C9y-iFzd-1n-i60p-1c-Mg8-G-l66oKMkZDi-1Lepow
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://l.orders.buysub.com/rts/go2.aspx?h=159573&tp=i-16IJ-Gs-C9y-iFzd-1n-i60p-1c-Mg8-G-l66oKMkZDi-1Lepow&x=6119487848
Title: Unsubscribe

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://ngkidsubs.nationalgeographic.com/servlet/ODROpenRate?cds_fn=312420NKD30381H HTTP 302
https://ngkidsubs.nationalgeographic.com/pubs/NG/NKD/images/cds_open_rate.gif

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set msg.aspx Show response
ats.eccmp.com/ats/ 52 KB
13 KB 557ms
542ms Document
text/html 63.148.46.75
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe
Protocol: HTTP/1.1
Server: 63.148.46.75 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: ats.eccmp.com
Software: / ASP.NET
Resource Hash: 56f2b4895ec810c65093f965bd669c214e72312837efdeee8422947230fcb159

Request headers

Host: ats.eccmp.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: 0
X-Powered-By: ASP.NET
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Date: Thu, 27 May 2021 10:54:26 GMT
Connection: keep-alive
Content-Length: 12993
Set-Cookie: BIGipServercnv_ats_pool=!C6z/IvvOhgJHLe6oFVQbWBKi/4Lz4lExKxC+SQGJ1oTRZswbomffrfZyMm6j3FAhBSum7ICSaC/+tbM=; path=/; Httponly
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H2 200 geograph.css
fonts.natgeo.com/ngp/geograph/ 13 KB
14 KB 48ms
21ms Stylesheet
text/css 2600:9000:20eb:f000:1e:b154:3480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.natgeo.com/ngp/geograph/geograph.css
Requested by: Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f000:1e:b154:3480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6d285566cdbf9f4a3904aa40ce26b4877b0c9cc3f649ebcd986215fe808e326d

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: qxYWac0zlO80X0oIDs6mw4yh5pOGbtl3
via: 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
last-modified: Wed, 11 Jul 2018 20:26:24 GMT
server: AmazonS3
age: 33917
etag: "2e05cbe8cd53084c69498ff4f0a67867"
x-cache: Hit from cloudfront
content-type: text/css
date: Thu, 27 May 2021 01:29:10 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 13557
x-amz-cf-id: ZhfTiye1c5gyWG52065QHc2Wn138O9x-nT3K5qvw7_IDUqSAE-1IpA==

GET
H/1.1 200
OK open.aspx
l.orders.buysub.com/rts/ 43 B
492 B 283ms
182ms Image
image/gif 173.213.4.176
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://l.orders.buysub.com/rts/open.aspx?tp=i-16IJ-Gs-C9y-iFzd-1n-i60p-1c-Mg8-G-l66oKMkZDi-1Lepow
Requested by: Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe
Protocol: HTTP/1.1
Server: 173.213.4.176 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 10:54:27 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-Control: private
Expires: 0

GET
H/1.1 200
OK ngkblackyellowrgb4763x2087bfe30a32.png
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 229 KB
229 KB 655ms
255ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ngkblackyellowrgb4763x2087bfe30a32.png

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

d6c731600b6c6e9c745fc0940413ef1472aebeebab909762ebdff6796d9cc260

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2956
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=10, max=92
Content-Length: 234162
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK PolarBearheadermobilev2.jpg
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 160 KB
160 KB 652ms
255ms Image
image/jpeg 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/PolarBearheadermobilev2.jpg

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

ce90dd85f00bc263ad2a06af0b8c67a8ced1570b86d80da26227e2b187496a62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2958
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Keep-Alive: timeout=10, max=92
Content-Length: 163871
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 2600x400PolarBears.jpg
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 166 KB
167 KB 682ms
255ms Image
image/jpeg 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/2600x400PolarBears.jpg

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

7b666c21d627de3d57662aa1c23f4a275137e20abe0b5d56442b2963edbf41af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2958
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Keep-Alive: timeout=10, max=98
Content-Length: 170181
X-XSS-Protection: 1; mode=block

GET
H2 200 geographweb-regular.woff2
fonts.natgeo.com/ngp/geograph/ 36 KB
36 KB 500ms
463ms Font
binary/octet-stream 2600:9000:20eb:f000:1e:b154:3480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.natgeo.com/ngp/geograph/geographweb-regular.woff2
Requested by: Host: fonts.natgeo.com
URL: https://fonts.natgeo.com/ngp/geograph/geograph.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f000:1e:b154:3480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d406ffcfc364ca981792ee6293d4cb5a9d9cdaa53cde28a0beb292ef60e36923

Request headers

Origin: http://ats.eccmp.com
Referer: https://fonts.natgeo.com/ngp/geograph/geograph.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 10:54:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-length: 36771
last-modified: Wed, 11 Jul 2018 19:45:21 GMT
server: AmazonS3
etag: "330c2fe699f7f95af1441f145ea1c017"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: 0n1Eg0uoGkBkA0jpaqxT1CBonT2rxsVX
access-control-allow-origin: *
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: QTYMhfZr_YxNtlFp-cWtHFoeo8_qjdXUDwhMZaelSqXEcS8Bb0spRQ==

GET
H/1.1 200
OK sp.gif
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 93 B
548 B 525ms
130ms Image
image/gif 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/sp.gif

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

3437eb9e04560aa4a723deb514a51398d99b8ff2412c72b739a2e68a53ed2157

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2293
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/gif
Vary: Accept-Encoding
Content-Length: 93
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=10, max=78

GET
H/1.1 200
OK 2d1bc9d81b6bb65b1670aa6237f92e53c48bfcbc.jpg
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 175 KB
176 KB 650ms
255ms Image
image/jpeg 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/2d1bc9d81b6bb65b1670aa6237f92e53c48bfcbc.jpg

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

3ba5df0cb6915a6abe49080d29a4d41a6818eee89679ea86d9491cefd6b1ed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2956
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Keep-Alive: timeout=10, max=99
Content-Length: 179532
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Store2.jpg
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 206 KB
207 KB 835ms
310ms Image
image/jpeg 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/Store2.jpg

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

a33754d733cb1cf74174c18e54e383d5e8fcbc44a7d8c565d3a486affc0e5908

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2956
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Keep-Alive: timeout=10, max=86
Content-Length: 211032
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Store3.jpg
w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/ 187 KB
187 KB 549ms
255ms Image
image/jpeg 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/NG/NKD/images/2020_Renewals/Store3.jpg

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

42384a94b4bb2b86d70fb52d4350a3d6e18b62dd0e313ca238eb146a1a968904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Fri, 20 Mar 2020 21:06:05 GMT
Age: 2956
Date: Thu, 27 May 2021 10:54:27 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Keep-Alive: timeout=10, max=88
Content-Length: 191191
X-XSS-Protection: 1; mode=block

GET
H2 200 geographweb-bold.woff2
fonts.natgeo.com/ngp/geograph/ 37 KB
38 KB 464ms
462ms Font
binary/octet-stream 2600:9000:20eb:f000:1e:b154:3480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.natgeo.com/ngp/geograph/geographweb-bold.woff2
Requested by: Host: fonts.natgeo.com
URL: https://fonts.natgeo.com/ngp/geograph/geograph.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f000:1e:b154:3480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17eedfd4ffc4bd5a4b2f5ed2abb9f2d6d424fdab76a8c268d5a091f850786d23

Request headers

Origin: http://ats.eccmp.com
Referer: https://fonts.natgeo.com/ngp/geograph/geograph.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 10:54:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-length: 37927
last-modified: Wed, 11 Jul 2018 19:45:19 GMT
server: AmazonS3
etag: "05f355d6b9309081689a7fc355554dc7"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: hHr4HzHjsErKUeSh.Kz8lJX52H6kDVcO
access-control-allow-origin: *
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: qjjesTQuIxtsRsZHTeX7lJC92ClBiOIBxsw9FlZyUB3d7xq9J0aexQ==

GET
H2 200 geographeditweb-regular.woff2
fonts.natgeo.com/ngp/geograph/ 37 KB
38 KB 37ms
35ms Font
binary/octet-stream 2600:9000:20eb:f000:1e:b154:3480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.natgeo.com/ngp/geograph/geographeditweb-regular.woff2
Requested by: Host: fonts.natgeo.com
URL: https://fonts.natgeo.com/ngp/geograph/geograph.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f000:1e:b154:3480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3685727926217a34f66ba0dbbfa32ea5ad0b49ba0c78f181ed500e88f954cd48

Request headers

Origin: http://ats.eccmp.com
Referer: https://fonts.natgeo.com/ngp/geograph/geograph.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 10:11:56 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 2552
x-cache: Hit from cloudfront
content-length: 38207
last-modified: Wed, 11 Jul 2018 19:45:16 GMT
server: AmazonS3
etag: "e867eb4bb279db889ff2e4c53483ac4a"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: 0KyUrxEKuaTZjrkYaugjK9srhgdEDOdc
access-control-allow-origin: *
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: T6D9BUI3hG12zuwwfWWyGM2O80G5UH0m8-VusTtUOBDJyLRToljA7Q==

GET
H/1.1

200
OK

cds_open_rate.gif
ngkidsubs.nationalgeographic.com/pubs/NG/NKD/images/
Redirect Chain

https://ngkidsubs.nationalgeographic.com/servlet/ODROpenRate?cds_fn=312420NKD30381H
https://ngkidsubs.nationalgeographic.com/pubs/NG/NKD/images/cds_open_rate.gif

49 B
504 B

131ms
130ms

Image
image/gif

198.176.166.174
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ngkidsubs.nationalgeographic.com/pubs/NG/NKD/images/cds_open_rate.gif

Requested by

Host: ats.eccmp.com
URL: http://ats.eccmp.com/ats/msg.aspx?sg1=8a3cf4a8df3589923b532576e7845abe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.174 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

174-ngm-eng.buysub.com

Software

Resource Hash

1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ats.eccmp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Tue, 03 Apr 2018 17:41:31 GMT
Age: 2698
Date: Thu, 27 May 2021 10:54:28 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/gif
Vary: Accept-Encoding
Content-Length: 49
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=10, max=99

Redirect headers

Pragma: no-cache
Date: Thu, 27 May 2021 10:54:27 GMT
X-content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Language: en-US
Location: https://ngkidsubs.nationalgeographic.com/pubs/NG/NKD/images/cds_open_rate.gif
Cache-Control: no-cache, no-store
Content-Security-Policy: frame-ancestors 'none' ;
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ats.eccmp.com/	1969-12-31 23:59:59	Name: BIGipServercnv_ats_pool Value: !C6z/IvvOhgJHLe6oFVQbWBKi/4Lz4lExKxC+SQGJ1oTRZswbomffrfZyMm6j3FAhBSum7ICSaC/+tbM=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ats.eccmp.com
fonts.natgeo.com
l.orders.buysub.com
ngkidsubs.nationalgeographic.com
w1.buysub.com
173.213.4.176
198.176.166.174
198.176.166.187
2600:9000:20eb:f000:1e:b154:3480:93a1
63.148.46.75
17eedfd4ffc4bd5a4b2f5ed2abb9f2d6d424fdab76a8c268d5a091f850786d23
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
3437eb9e04560aa4a723deb514a51398d99b8ff2412c72b739a2e68a53ed2157
3685727926217a34f66ba0dbbfa32ea5ad0b49ba0c78f181ed500e88f954cd48
3ba5df0cb6915a6abe49080d29a4d41a6818eee89679ea86d9491cefd6b1ed6d
42384a94b4bb2b86d70fb52d4350a3d6e18b62dd0e313ca238eb146a1a968904
56f2b4895ec810c65093f965bd669c214e72312837efdeee8422947230fcb159
6d285566cdbf9f4a3904aa40ce26b4877b0c9cc3f649ebcd986215fe808e326d
7b666c21d627de3d57662aa1c23f4a275137e20abe0b5d56442b2963edbf41af
a33754d733cb1cf74174c18e54e383d5e8fcbc44a7d8c565d3a486affc0e5908
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ce90dd85f00bc263ad2a06af0b8c67a8ced1570b86d80da26227e2b187496a62
d406ffcfc364ca981792ee6293d4cb5a9d9cdaa53cde28a0beb292ef60e36923
d6c731600b6c6e9c745fc0940413ef1472aebeebab909762ebdff6796d9cc260

ats.eccmp.com Open in urlscan Pro 63.148.46.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

86 %HTTPS

20 %IPv6

4 Domains

5 Subdomains

5 IPs

1 Countries

1266 kBTransfer

1299 kBSize

1 Cookies

4 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

1 Cookies

Indicators

ats.eccmp.com Open in urlscan Pro
63.148.46.75 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

1266 kB
Transfer

1299 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions