148.244.57.234 Open in urlscan Pro
148.244.57.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://148.244.57.234/principal.html
Submission: On March 28 via manual (March 28th 2020, 12:43:04 am UTC) from ES

Summary HTTP 42 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 8 countries across 20 domains to perform 42 HTTP transactions. The main IP is 148.244.57.234, located in Mexico and belongs to Grupo Financiero Bancomer, MX. The main domain is 148.244.57.234.
TLS certificate: Issued by BBVA CCR on May 20th 2015. Valid for: 5 years.

This is the only time 148.244.57.234 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BBVA (Financial)

Domain & IP information

	IP Address	AS Autonomous System
13	148.244.57.234 148.244.57.234	15107 (Grupo Fin...) (Grupo Financiero Bancomer)
7	95.101.185.38 95.101.185.38	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.31.188.35 52.31.188.35	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:818::2008	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE)
1	34.252.123.130 34.252.123.130	16509 (AMAZON-02) (AMAZON-02)
1	15.188.31.119 15.188.31.119	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	172.217.22.34 172.217.22.34	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21f... 2600:9000:21f3:1600:10:fcf8:9549:2801	16509 (AMAZON-02) (AMAZON-02)
1	104.111.249.17 104.111.249.17	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1	80.252.91.52 80.252.91.52	15830 (EQUINIX-C...) (EQUINIX-CONNECT-EMEA)
1	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
1	152.199.23.241 152.199.23.241	15133 (EDGECAST) (EDGECAST)
42	21

13 148.244.57.234 (Mexico)

ASN15107 (Grupo Financiero Bancomer, MX)
PTR: static-148-244-57-234.alestra.net.mx

148.244.57.234	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 95.101.185.38 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-185-38.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.188.35 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-188-35.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States) 1 redirects

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.123.130 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-123-130.eu-west-1.compute.amazonaws.com

bbvape.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.31.119 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

bbvape.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s16-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:1600:10:fcf8:9549:2801 (United States)

ASN16509 (AMAZON-02, US)

bcdn-god.we-stats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.249.17 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-249-17.deploy.static.akamaitechnologies.com

cdn-akamai.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.252.91.52 (Netherlands)

ASN15830 (EQUINIX-CONNECT-EMEA, GB)

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.23.241 (United States)

ASN15133 (EDGECAST, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	adobedtm.com assets.adobedtm.com	134 KB
3	demdex.net dpm.demdex.net bbvape.demdex.net	2 KB
2	facebook.net connect.facebook.net	54 KB
2	google.de www.google.de	265 B
2	google.com 1 redirects www.google.com	331 B
2	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	18 KB
1	tiqcdn.com tags.tiqcdn.com
1	ytimg.com s.ytimg.com	14 KB
1	serving-sys.com bs.serving-sys.com	865 B
1	youtube.com www.youtube.com	992 B
1	mookie1.com cdn-akamai.mookie1.com	7 KB
1	we-stats.com bcdn-god.we-stats.com	101 KB
1	facebook.com www.facebook.com	247 B
1	googleadservices.com www.googleadservices.com	11 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	omtrdc.net bbvape.d3.sc.omtrdc.net	317 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	twitter.com 1 redirects platform.twitter.com	321 B
42	20

	Domain	Requested by
7	assets.adobedtm.com	148.244.57.234 assets.adobedtm.com
2	connect.facebook.net	assets.adobedtm.com connect.facebook.net
2	www.google.de	148.244.57.234
2	www.google.com	1 redirects 148.244.57.234
2	dpm.demdex.net	assets.adobedtm.com 148.244.57.234
1	tags.tiqcdn.com	cdn-akamai.mookie1.com
1	s.ytimg.com	www.youtube.com
1	bs.serving-sys.com	assets.adobedtm.com
1	www.youtube.com	assets.adobedtm.com
1	cdn-akamai.mookie1.com	assets.adobedtm.com
1	bcdn-god.we-stats.com	148.244.57.234
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.facebook.com	148.244.57.234
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	bbvape.d3.sc.omtrdc.net	assets.adobedtm.com
1	bbvape.demdex.net	assets.adobedtm.com
1	stats.g.doubleclick.net	1 redirects
1	www.google-analytics.com	1 redirects
1	ssl.google-analytics.com	assets.adobedtm.com
1	static.ads-twitter.com	148.244.57.234
1	platform.twitter.com	1 redirects
42	23

This site contains no links.

Subject Issuer	Validity	Valid
generico256 BBVA CCR	`2015-05-20` - `2020-05-18`	5 years	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.d3.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.we-stats.com GeoTrust RSA CA 2018	`2018-10-03` - `2020-10-02`	2 years	crt.sh
cdn-akamai.mookie1.com DigiCert SHA2 Secure Server CA	`2020-01-07` - `2021-01-07`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
bs.serving-sys.com Go Daddy Secure Certificate Authority - G2	`2020-01-07` - `2022-03-08`	2 years	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2020-03-17` - `2022-06-17`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://148.244.57.234/principal.html
Frame ID: 7F01394C8E8CAD0C212AF4B972E345F9
Requests: 41 HTTP requests in this frame

Frame: https://bbvape.demdex.net/dest5.html?d_nsid=0
Frame ID: FAA0B62FD411D9B67C3327924CE0866B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /serving-sys\.com\//i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

42
Requests

67 %
HTTPS

54 %
IPv6

20
Domains

23
Subdomains

21
IPs

8
Countries

730 kB
Transfer

2114 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://platform.twitter.com/oct.js HTTP 301
https://static.ads-twitter.com/oct.js

Request Chain 20

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=709890431&t=pageview&_s=1&dl=https%3A%2F%2F148.244.57.234%2Fprincipal.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1628828724&gjid=2066245728&cid=1256477709.1585356168&tid=UA-50463076-1&_gid=1608219241.1585356168&_r=1&z=1453652280 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_gid=1608219241.1585356168&gjid=2066245728&_v=j81&z=1453652280 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_v=j81&z=1453652280 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_v=j81&z=1453652280&slf_rd=1&random=214905016

Request Chain 23

https://cm.everesttech.net/cm/dd?d_uuid=66193670994669926022724380239979058428 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xn6diAAAAbFkbhTJ

42 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request principal.html Show response
148.244.57.234/ 8 KB
3 KB 929ms
169ms Document
text/html 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: f6759b6711b2739b70d0c439287f3d9a4c76e6a490252907d3c58ef7560f3893

Request headers

Host: 148.244.57.234
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

content-encoding: gzip
content-type: text/html
date: Sat, 28 Mar 2020 00:42:47 GMT
last-modified: Wed, 04 Mar 2020 19:03:15 GMT
p3p: CP="NON CUR OUR NOR UNI"
transfer-encoding: chunked

GET
H/1.1 200
OK libraries.v201901.min.css
148.244.57.234/fbin/repositorio/ 122 KB
56 KB 170ms
168ms Stylesheet
text/css 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/libraries.v201901.min.css
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: bfcd7555caa78679f033f7b2dfff738449dad89d03ad78634ee5c8904e4e46ad

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 28 Mar 2020 00:42:47 GMT
content-encoding: gzip
last-modified: Thu, 20 Jun 2019 00:03:34 GMT
content-type: text/css
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK bbva-login.v201901.min.css
148.244.57.234/fbin/repositorio/ 2 KB
1 KB 473ms
157ms Stylesheet
text/css 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/bbva-login.v201901.min.css
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: f6caffd756afb1bed9a7da362a9213b6520f32d1509f2413ae602485ebd3e3a2

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Thu, 28 Feb 2019 13:13:42 GMT
content-type: text/css
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H2 200 satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/ 274 KB
67 KB 24ms
22ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4a66eab99f0fde1604acd3e6c2bc1ec1bbb2c90aaa4645ba998fa84371315f88

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:47 GMT
content-encoding: gzip
last-modified: Thu, 26 Mar 2020 11:53:16 GMT
server: AkamaiNetStorage
etag: "344188a529ef64098c5426c80e58e416:1585223596.478958"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 67708
expires: Sat, 28 Mar 2020 01:42:47 GMT

GET
H/1.1 200
OK jquery-3.1.1.min.js Show response
148.244.57.234/fbin/repositorio/ 85 KB
35 KB 475ms
158ms Script
application/x-javascript 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/jquery-3.1.1.min.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 70dae469f94f214b589d53521b903830a08b4fb589d47a4c269a83c79116886a

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2017 21:21:29 GMT
content-type: application/x-javascript
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK jquery.cookie.js Show response
148.244.57.234/fbin/repositorio/ 3 KB
2 KB 474ms
157ms Script
application/x-javascript 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/jquery.cookie.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 96dccaa929e6a14f0f439d8597777a97b22720516942d36fc625ae11e85c3ada

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2017 21:22:04 GMT
content-type: application/x-javascript
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK tippy.all.min.js Show response
148.244.57.234/fbin/repositorio/ 52 KB
17 KB 503ms
168ms Script
application/x-javascript 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/tippy.all.min.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: be84dcc80fdc2a11b2de293e3291c4ef2482be0c0055211c88615211b8b5739d

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 27 Feb 2019 16:16:30 GMT
content-type: application/x-javascript
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK iframe-resizer-contentwindow.min.js Show response
148.244.57.234/fbin/repositorio/ 13 KB
6 KB 597ms
166ms Script
application/x-javascript 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/iframe-resizer-contentwindow.min.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 8e6bceab555438521eb8279cfee6e1db4360b13f8cabf38264c4101940189130

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 27 Feb 2019 16:14:42 GMT
content-type: application/x-javascript
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK bbva-login.v201901.js Show response
148.244.57.234/fbin/repositorio/ 43 KB
12 KB 631ms
157ms Script
application/x-javascript 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/bbva-login.v201901.js?v=20200304
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 3036db84f3f816fecbb058cf8d963a69b0af0f6ae50ecc1738cc37d507a6250b

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Thu, 12 Mar 2020 22:58:25 GMT
content-type: application/x-javascript
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK bbva-fpd2-polyfills.js Show response
148.244.57.234/fbin/repositorio/ 126 KB
49 KB 633ms
159ms Script
application/x-javascript 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fbin/repositorio/bbva-fpd2-polyfills.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 71bcd90882f7ef90ab2f5394264f3bd96ffdbd7b4b51fdeef46c27b85aa06ccb

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 06 Mar 2019 21:08:21 GMT
content-type: application/x-javascript
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 365 B
1 KB 41ms
41ms XHR
application/json 52.31.188.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=FB99EDA0570E88407F000101%40AdobeOrg&d_nsid=0&ts=1585356168402

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.31.188.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-188-35.eu-west-1.compute.amazonaws.com

Software

Resource Hash

6ca16b31d4066dff0310c60b0eb599472fe839f21e1d7971b62198de20f1ae08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://148.244.57.234/principal.html
Origin: https://148.244.57.234
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v064-00212a916.edge-irl1.demdex.com 5.66.0.20200310121811 2ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: /mZnDxVKRSg=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://148.244.57.234
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 mbox-contents-0d8a42d84b1e687c10263b2654c7b27eebb2e9af.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/ 73 KB
27 KB 22ms
22ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/mbox-contents-0d8a42d84b1e687c10263b2654c7b27eebb2e9af.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6f3afd6aec7a41f64508ca435509d77e35d8044ad719056f44000c5c2669d5fd

Request headers

Referer: https://148.244.57.234/principal.html
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Tue, 10 Mar 2020 12:11:45 GMT
server: AkamaiNetStorage
etag: "6244e941b2e729598c756fb61b8e1336:1583842305.822154"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 27020
expires: Sat, 28 Mar 2020 01:42:48 GMT

GET
H2 200 satellite-59157e9d64746d1997012d8d.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/ 1 KB
752 B 30ms
30ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-59157e9d64746d1997012d8d.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 38ffc2f9c9aa2356e95d211e3cc0333ef6acac4ce61a644718ab4e191819fe8d

Request headers

Referer: https://148.244.57.234/principal.html
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Tue, 10 Mar 2020 12:12:05 GMT
server: AkamaiNetStorage
etag: "0c8578bd8eca7df50f04e4699e75133e:1583842325.137228"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sat, 28 Mar 2020 01:42:48 GMT

GET
H2

200

oct.js Show response
static.ads-twitter.com/
Redirect Chain

https://platform.twitter.com/oct.js
https://static.ads-twitter.com/oct.js

5 KB
2 KB

60ms
21ms

Script
application/javascript

151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
age: 59326
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4057-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1585356168.475869,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

Redirect headers

Access-Control-Allow-Origin: *
Date: Sat, 28 Mar 2020 00:42:48 GMT
Server: ECS (fcn/418C)
Content-Length: 0
Location: https://static.ads-twitter.com/oct.js
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

GET
H2 200 satellite-5bc99a0c64746d01de000ced.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/ 347 B
502 B 29ms
29ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5bc99a0c64746d01de000ced.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3193d439f3bed2c784ff49a6bb77c58f4ac95d6d9eadcaaffe64eba1b73f942a

Request headers

Referer: https://148.244.57.234/principal.html
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Thu, 06 Feb 2020 14:12:25 GMT
server: AkamaiNetStorage
etag: "3e0b45019e363a679f7064e859aa230b:1580998345.591509"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 256
expires: Sat, 28 Mar 2020 01:42:48 GMT

GET
H2 200 satellite-5b8d49a564746d665e008d2f.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/ 442 B
574 B 30ms
29ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5b8d49a564746d665e008d2f.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b924bd3fbee717bb04214ee8303c7ce81a8df0775d6c33cb2610624d02f576b8

Request headers

Referer: https://148.244.57.234/principal.html
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Tue, 17 Mar 2020 09:27:39 GMT
server: AkamaiNetStorage
etag: "6005f2efc3023a444fee27f1441d96f3:1584437259.967031"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 329
expires: Sat, 28 Mar 2020 01:42:48 GMT

GET
H2 200 analytics.js Show response
ssl.google-analytics.com/ 44 KB
18 KB 25ms
5ms Script
text/javascript 2a00:1450:4001:818::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/analytics.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 6958
date: Fri, 27 Mar 2020 22:46:50 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Sat, 28 Mar 2020 00:46:50 GMT

GET
H/1.1 200
OK BentonSansBBVA-Book.woff
148.244.57.234/fonts/ 69 KB
68 KB 168ms
168ms Font
application/octet-stream 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fonts/BentonSansBBVA-Book.woff
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: faef4c0bda0c3c95f57f42c990d7623eedb0d7f8174a6640ff4114f1091217ec

Request headers

Referer: https://148.244.57.234/fbin/repositorio/libraries.v201901.min.css
Origin: https://148.244.57.234
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 27 Feb 2019 16:13:33 GMT
content-type: text/plain
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK ojo-mostrar-password.png
148.244.57.234/img/ 777 B
1022 B 284ms
168ms Image
image/png 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://148.244.57.234/img/ojo-mostrar-password.png
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 1de94981843ff5ddcefd03a8699cd2b98015189e71d8c5e787d9741967360e50

Request headers

Referer: https://148.244.57.234/fbin/repositorio/bbva-login.v201901.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 27 Feb 2019 16:16:07 GMT
content-type: image/png
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK bbva-icons-coronita.woff
148.244.57.234/fonts/ 36 KB
36 KB 230ms
166ms Font
application/octet-stream 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fonts/bbva-icons-coronita.woff
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 78e816c6adb11d67de6c542e9406aef70e8d44c8199d965b2d9e9387940bc15d

Request headers

Referer: https://148.244.57.234/fbin/repositorio/libraries.v201901.min.css
Origin: https://148.244.57.234
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 27 Feb 2019 16:12:44 GMT
content-type: text/plain
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H/1.1 200
OK BentonSansBBVA-Medium.woff
148.244.57.234/fonts/ 71 KB
70 KB 250ms
158ms Font
application/octet-stream 148.244.57.234
Grupo Financiero ...

General

Check archive.org

Show headers Download Go to

Full URL: https://148.244.57.234/fonts/BentonSansBBVA-Medium.woff
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/principal.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 148.244.57.234 , Mexico, ASN15107 (Grupo Financiero Bancomer, MX),
Reverse DNS: static-148-244-57-234.alestra.net.mx
Software: /
Resource Hash: 7af3360fe39c201b1ccbe7a726a5d3c2f0253add6616b71176f0d9e7c849a732

Request headers

Referer: https://148.244.57.234/fbin/repositorio/libraries.v201901.min.css
Origin: https://148.244.57.234
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Wed, 27 Feb 2019 16:14:05 GMT
content-type: text/plain
transfer-encoding: chunked
p3p: CP="NON CUR OUR NOR UNI"

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=709890431&t=pageview&_s=1&dl=https%3A%2F%2F148.244.57.234%2Fprincipal.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBA...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_gid=1608219241.1585356168&gjid=2066245728&_v=j81&z=1453652280
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_v=j81&z=1453652280
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_v=j81&z=1453652280&slf_rd=1&random=214905016

42 B
109 B

16ms
16ms

Image
image/gif

2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_v=j81&z=1453652280&slf_rd=1&random=214905016

Requested by

Host: 148.244.57.234
URL: https://148.244.57.234/principal.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Mar 2020 00:42:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 28 Mar 2020 00:42:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50463076-1&cid=1256477709.1585356168&jid=1628828724&_v=j81&z=1453652280&slf_rd=1&random=214905016
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Cookie set dest5.html
bbvape.demdex.net/ Frame FAA0 0
0 169ms
37ms Document
text/html 34.252.123.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bbvape.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.252.123.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-123-130.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: bbvape.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://148.244.57.234/principal.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=66193670994669926022724380239979058428
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://148.244.57.234/principal.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 18 Mar 2020 11:39:41 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=66193670994669926022724380239979058428;Path=/;Domain=.demdex.net;Expires=Thu, 24-Sep-2020 00:42:48 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: 5Vf29cajSQc=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
bbvape.d3.sc.omtrdc.net/ 2 B
317 B 103ms
31ms XHR
application/x-javascript 15.188.31.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bbvape.d3.sc.omtrdc.net/id?d_visid_ver=4.5.2&d_fieldgroup=A&mcorgid=FB99EDA0570E88407F000101%40AdobeOrg&mid=65889091849688270952693935240732803057&ts=1585356168454

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://148.244.57.234/principal.html
Origin: https://148.244.57.234
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Sat, 28 Mar 2020 00:42:48 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5cd6d4f775-mjdzt
vary: Origin
x-c: master-1216.I0bfb28.M0-370
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://148.244.57.234
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Xn6diAAAAbFkbhTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=66193670994669926022724380239979058428
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xn6diAAAAbFkbhTJ

42 B
915 B

40ms
40ms

Image
image/gif

52.31.188.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xn6diAAAAbFkbhTJ

Requested by

Host: 148.244.57.234
URL: https://148.244.57.234/principal.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.31.188.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-188-35.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v064-0d15d7988.edge-irl1.demdex.com 5.66.0.20200310121811 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: CwIkvosXRE4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sat, 28 Mar 2020 00:42:48 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xn6diAAAAbFkbhTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-977810892

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5bc99a0c64746d01de000ced.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0dc13d36b13028a7842f20cbd64e3b6852034cd1c9b2c78b3c5013f978ff890

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28423
x-xss-protection: 0
last-modified: Sat, 28 Mar 2020 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 28 Mar 2020 00:42:48 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5b8d49a564746d665e008d2f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: vvR0bAq3xQbbjnkWZDOFA+n7WO0cBSr3LITfIBuH1eek/rPYYxvc6Hvt7TS8ewo/FPTeZ1fmgqn5ngK6+Mk6tQ==
x-fb-trip-id: 1850256238
date: Sat, 28 Mar 2020 00:42:48 GMT, Sat, 28 Mar 2020 00:42:48 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 150427408648072 Show response
connect.facebook.net/signals/config/ 100 KB
25 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/150427408648072?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

216ffa874891bf433aa4608a88d2f5645d09fba233a32a212aaa748653ea9e33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 25011
x-xss-protection: 0
pragma: public
x-fb-debug: VVQzBukYfWGv8MSzhYgkjrbL3UEYlRUEU0APzXgb3Hv91TaKy8Gvs3AIfuHCPzOSIlAgSyDkkjSvPCy5kDWCOw==
x-fb-trip-id: 1850256238
date: Sat, 28 Mar 2020 00:42:48 GMT, Sat, 28 Mar 2020 00:42:48 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 26 KB
11 KB 79ms
32ms Script
text/javascript 172.217.22.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-977810892

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

c5b1ef448841c8a0f34532d4be5f5656d9eb4eea66e04755c0b64f2662d35eed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9982
x-xss-protection: 0
server: cafe
etag: 13837497077581106518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 28 Mar 2020 00:42:48 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
247 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=150427408648072&ev=PageView&dl=https%3A%2F%2F148.244.57.234%2Fprincipal.html&rl=&if=false&ts=1585356168526&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&it=1585356168507&coo=false&rqm=GET

Requested by

Host: 148.244.57.234
URL: https://148.244.57.234/principal.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT, Sat, 28 Mar 2020 00:42:48 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 28 Mar 2020 00:42:48 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/977810892/ 2 KB
1 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/977810892/?random=1585356168602&cv=9&fst=1585356168602&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2F148.244.57.234%2Fprincipal.html&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30f6b31172019e6edf87be90315a5dab50837f78bffd19ad4bf6aa8ce88d5a1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1010
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/977810892/ 42 B
151 B 21ms
20ms Image
image/gif 2a00:1450:4001:81f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/977810892/?random=1585356168602&cv=9&fst=1585353600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2F148.244.57.234%2Fprincipal.html&async=1&fmt=3&is_vtc=1&random=1852386599&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: 148.244.57.234
URL: https://148.244.57.234/principal.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 28 Mar 2020 00:42:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/977810892/ 42 B
156 B 19ms
19ms Image
image/gif 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/977810892/?random=1585356168602&cv=9&fst=1585353600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2F148.244.57.234%2Fprincipal.html&async=1&fmt=3&is_vtc=1&random=1852386599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: 148.244.57.234
URL: https://148.244.57.234/principal.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 28 Mar 2020 00:42:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s-code-contents-9487a48542a672aaef5511b5436a89852be6216c.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/ 109 KB
39 KB 23ms
22ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/s-code-contents-9487a48542a672aaef5511b5436a89852be6216c.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99588c40498061ae1809cdc3c7c20c375af3194b0b05444c31ed305a37b556d9

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Tue, 10 Mar 2020 12:11:42 GMT
server: AkamaiNetStorage
etag: "38da2a5ffb9d91977dcade298b74e501:1583842302.461227"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 39376
expires: Sat, 28 Mar 2020 01:42:48 GMT

GET
H2 200 satellite-5d64e0f164746d6e3e000d96.js Show response
assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/ 205 B
408 B 32ms
31ms Script
application/x-javascript 95.101.185.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5d64e0f164746d6e3e000d96.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f2b150606cd58f2a1e297682a505473582635379.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.185.38 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a33ca99e70cba7d23c0d7a61194cf5cbff18850ff3575f1b03f006ec6d7bc8ca

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:48 GMT
content-encoding: gzip
last-modified: Thu, 26 Mar 2020 11:53:39 GMT
server: AkamaiNetStorage
etag: "3ec5aaa989511d0b2f02c90504893a6a:1585223619.909232"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 163
expires: Sat, 28 Mar 2020 01:42:48 GMT

GET
H2 200 a3edf858.js Show response
bcdn-god.we-stats.com/scripts/181e494/ 443 KB
101 KB 139ms
98ms Script
application/javascript 2600:9000:21f3:1600:10:fcf8:9549:2801
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcdn-god.we-stats.com/scripts/181e494/a3edf858.js
Requested by: Host: 148.244.57.234
URL: https://148.244.57.234/fbin/repositorio/bbva-login.v201901.js?v=20200304
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:1600:10:fcf8:9549:2801 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f066566a98c8fb08a051e7a718d84240f6303702e93bc6e420472847f377f6c

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:50 GMT
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 23:54:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
etag: "23da01bdf680bfdbbb7ac102d62b5e4d"
x-cache: Miss from cloudfront
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 103433
via: 1.1 06d36e78e8dfd9468327f09115761a9e.cloudfront.net (CloudFront)
x-amz-cf-id: 6kwc6cYxE1E7uY0zptiroSQqgQ49GWHld6iDT1qN4fuZpL47KDallQ==

GET
H/1.1 200
OK LightningBolt.js Show response
cdn-akamai.mookie1.com/LB/ 25 KB
7 KB 100ms
27ms Script
application/x-javascript 104.111.249.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-akamai.mookie1.com/LB/LightningBolt.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5d64e0f164746d6e3e000d96.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.249.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-17.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9f3b19efa659fbf7804482f1a753b03f7a5631910405ee1439f4d3303acf130d

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 28 Mar 2020 00:42:49 GMT
Content-Encoding: gzip
Access-Control-Max-Age: 86400
Connection: keep-alive
Content-Length: 6705
Last-Modified: Tue, 22 Oct 2019 03:40:29 GMT
Server: AkamaiNetStorage
ETag: "76e34bc2992a3c43ddad31aac7c1870f:1571715629.631687"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Sun, 29 Mar 2020 00:42:49 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
992 B 19ms
19ms Script
application/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/s-code-contents-9487a48542a672aaef5511b5436a89852be6216c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

331e846c17bf9cd732c1086710cdc3af20bb75a59d7de0fde40846a68b4fefd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 00:42:49 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H/1.1 200
OK ActivityServer.bs Show response
bs.serving-sys.com/BurstingPipe/ 56 B
865 B 76ms
19ms Script
text/html 80.252.91.52
EQUINIX-CONNECT-EMEA

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/BurstingPipe/ActivityServer.bs?cn=as&vn=omn&activityID=977357&advID=111772&var=s_4_Integrate_Sizmek_ACM_get_0&rnd=6662770443939
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/s-code-contents-9487a48542a672aaef5511b5436a89852be6216c.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 80.252.91.52 , Netherlands, ASN15830 (EQUINIX-CONNECT-EMEA, GB),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET, ARR/2.5, ASP.NET
Resource Hash: eac04c6896cb3a134e720dc7b7c72ac1a66d2b91b371fca726903da53f2e88dd

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sat, 28 Mar 2020 00:42:48 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET, ARR/2.5, ASP.NET
P3P: CP="NOI DEVa OUR BUS UNI", CP="NOI DEVa OUR BUS UNI"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=UTF-8
Content-Length: 56
Expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfln21F5R/ 38 KB
14 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfln21F5R/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 26 Mar 2020 17:41:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111656
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 13931
x-xss-protection: 0
last-modified: Thu, 26 Mar 2020 16:05:50 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 03 Apr 2020 17:41:53 GMT

GET
H2 404 utag.js
tags.tiqcdn.com/utag/xaxis/57.234/prod/ 0
0 227ms
173ms Script
text/html 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/xaxis/57.234/prod/utag.js
Requested by: Host: cdn-akamai.mookie1.com
URL: https://cdn-akamai.mookie1.com/LB/LightningBolt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: EOS (vny/044F) /
Resource Hash

Request headers

Referer: https://148.244.57.234/principal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sat, 28 Mar 2020 00:42:49 GMT
cache-control: max-age=300
expires: Sat, 28 Mar 2020 00:47:49 GMT
server: EOS (vny/044F)
content-length: 345
content-type: text/html

GET
BLOB 200
OK 6a18dc3d-0678-45eb-bb74-5881ea29359c
https://148.244.57.234/ 141 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://148.244.57.234/6a18dc3d-0678-45eb-bb74-5881ea29359c
Requested by: Host: bcdn-god.we-stats.com
URL: https://bcdn-god.we-stats.com/scripts/181e494/a3edf858.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e79ef9e151a12e5d6aebf7cd5686fb479962074baf65b352a95687436f802ebe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: worker

Response headers

Content-Length: 143901
Content-Type: application/javascript

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 12:41:48	Name: demdex Value: 66193670994669926022724380239979058428
148.244.57.234/	1970-01-19 17:08:12	Name: bmuid Value: 1585356169182-C3473806-336B-481C-9EFA-F02EB052553F
148.244.57.234/	1969-12-31 23:59:59	Name: AMCVS_FB99EDA0570E88407F000101%40AdobeOrg Value: 1
148.244.57.234/	1969-12-31 23:59:59	Name: s_ppv Value: https%253A%2F%2F148.244.57.234%2Fprincipal.html%2C100%2C100%2C1200
148.244.57.234/	1969-12-31 23:59:59	Name: cdContextId Value: 2
148.244.57.234/	1970-01-19 08:22:36	Name: _gat_4a897eb0af6e8843a07580da603c45fe Value: 1
148.244.57.234/	1969-12-31 23:59:59	Name: tp Value: 1200
148.244.57.234/	1970-01-20 01:53:48	Name: s_nr Value: 1585356169101-New
148.244.57.234/	1970-01-19 08:22:37	Name: s_adserv Value: bbvap.global.2016.prod
148.244.57.234/	1969-12-31 23:59:59	Name: sessionID Value: XirhoJ84mrslyUWSJ
148.244.57.234/	1970-01-19 08:24:02	Name: _gid Value: GA1.1.1608219241.1585356168
148.244.57.234/	1970-01-20 01:53:44	Name: AMCV_FB99EDA0570E88407F000101%40AdobeOrg Value: -432600572%7CMCIDTS%7C18350%7CMCMID%7C65889091849688270952693935240732803057%7CMCAAMLH-1585960968%7C6%7CMCAAMB-1585960968%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1585363368s%7CNONE%7CMCSYNCSOP%7C411-18357%7CMCAID%7CNONE%7CvVersion%7C4.5.2
148.244.57.234/	1970-01-20 01:53:48	Name: _ga Value: GA1.1.1256477709.1585356168

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://bcdn-god.we-stats.com/scripts/181e494/a3edf858.js(Line 7) Message: The Js is call from: )
console-api	log	URL: https://bcdn-god.we-stats.com/scripts/181e494/a3edf858.js(Line 3) Message: The Js is call from: )
console-api	log	URL: https://148.244.57.234/fbin/repositorio/bbva-login.v201901.js?v=20200304(Line 1138) Message: loadScript: successfully loaded
console-api	log	URL: https://bcdn-god.we-stats.com/scripts/181e494/a3edf858.js(Line 9) Message: resetSessionNumber()
console-api	log	URL: https://bcdn-god.we-stats.com/scripts/181e494/a3edf858.js(Line 8) Message: cdApi.changeContext(LOGIN)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
bbvape.d3.sc.omtrdc.net
bbvape.demdex.net
bcdn-god.we-stats.com
bs.serving-sys.com
cdn-akamai.mookie1.com
cm.everesttech.net
connect.facebook.net
dpm.demdex.net
googleads.g.doubleclick.net
platform.twitter.com
s.ytimg.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
tags.tiqcdn.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.youtube.com
104.111.249.17
148.244.57.234
15.188.31.119
151.101.112.157
152.199.23.241
172.217.22.34
2600:9000:21f3:1600:10:fcf8:9549:2801
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:818::2008
2a00:1450:4001:81b::200e
2a00:1450:4001:81d::2008
2a00:1450:4001:81d::200e
2a00:1450:4001:81f::2004
2a00:1450:4001:824::2003
2a00:1450:4001:824::200e
2a00:1450:4001:825::2002
2a00:1450:400c:c07::9c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.252.123.130
52.31.188.35
66.117.28.86
80.252.91.52
95.101.185.38
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1de94981843ff5ddcefd03a8699cd2b98015189e71d8c5e787d9741967360e50
216ffa874891bf433aa4608a88d2f5645d09fba233a32a212aaa748653ea9e33
3036db84f3f816fecbb058cf8d963a69b0af0f6ae50ecc1738cc37d507a6250b
30f6b31172019e6edf87be90315a5dab50837f78bffd19ad4bf6aa8ce88d5a1b
3193d439f3bed2c784ff49a6bb77c58f4ac95d6d9eadcaaffe64eba1b73f942a
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
331e846c17bf9cd732c1086710cdc3af20bb75a59d7de0fde40846a68b4fefd6
38ffc2f9c9aa2356e95d211e3cc0333ef6acac4ce61a644718ab4e191819fe8d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a66eab99f0fde1604acd3e6c2bc1ec1bbb2c90aaa4645ba998fa84371315f88
4f066566a98c8fb08a051e7a718d84240f6303702e93bc6e420472847f377f6c
575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
6ca16b31d4066dff0310c60b0eb599472fe839f21e1d7971b62198de20f1ae08
6f3afd6aec7a41f64508ca435509d77e35d8044ad719056f44000c5c2669d5fd
70dae469f94f214b589d53521b903830a08b4fb589d47a4c269a83c79116886a
71bcd90882f7ef90ab2f5394264f3bd96ffdbd7b4b51fdeef46c27b85aa06ccb
78e816c6adb11d67de6c542e9406aef70e8d44c8199d965b2d9e9387940bc15d
7af3360fe39c201b1ccbe7a726a5d3c2f0253add6616b71176f0d9e7c849a732
8e6bceab555438521eb8279cfee6e1db4360b13f8cabf38264c4101940189130
96dccaa929e6a14f0f439d8597777a97b22720516942d36fc625ae11e85c3ada
99588c40498061ae1809cdc3c7c20c375af3194b0b05444c31ed305a37b556d9
9f3b19efa659fbf7804482f1a753b03f7a5631910405ee1439f4d3303acf130d
a0dc13d36b13028a7842f20cbd64e3b6852034cd1c9b2c78b3c5013f978ff890
a33ca99e70cba7d23c0d7a61194cf5cbff18850ff3575f1b03f006ec6d7bc8ca
b924bd3fbee717bb04214ee8303c7ce81a8df0775d6c33cb2610624d02f576b8
be84dcc80fdc2a11b2de293e3291c4ef2482be0c0055211c88615211b8b5739d
bfcd7555caa78679f033f7b2dfff738449dad89d03ad78634ee5c8904e4e46ad
c5b1ef448841c8a0f34532d4be5f5656d9eb4eea66e04755c0b64f2662d35eed
e79ef9e151a12e5d6aebf7cd5686fb479962074baf65b352a95687436f802ebe
eac04c6896cb3a134e720dc7b7c72ac1a66d2b91b371fca726903da53f2e88dd
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6759b6711b2739b70d0c439287f3d9a4c76e6a490252907d3c58ef7560f3893
f6caffd756afb1bed9a7da362a9213b6520f32d1509f2413ae602485ebd3e3a2
faef4c0bda0c3c95f57f42c990d7623eedb0d7f8174a6640ff4114f1091217ec

148.244.57.234 Open in urlscan Pro 148.244.57.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

42 Requests

67 %HTTPS

54 %IPv6

20 Domains

23 Subdomains

21 IPs

8 Countries

730 kBTransfer

2114 kBSize

13 Cookies

0 Outgoing links

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

148.244.57.234 Open in urlscan Pro
148.244.57.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

67 %
HTTPS

54 %
IPv6

20
Domains

23
Subdomains

21
IPs

8
Countries

730 kB
Transfer

2114 kB
Size

13
Cookies

42 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!