www.khq.com Open in urlscan Pro
192.104.183.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://post.spmailtechnol.com/f/a/C570-IU7SrrQKR-1WTRbbQ~~/AAAFXAA~/RgRgqQERP4QSA2h0dHA6Ly90cmFjay5hY2NvdW50aW5nbmV3c3dhdGNoLm...
Effective URL:
https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9...
Submission: On May 21 via api (May 21st 2020, 3:15:12 pm UTC) from US

Summary HTTP 25 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 18 domains to perform 25 HTTP transactions. The main IP is 192.104.183.209, located in United States and belongs to LEE-ASN, US. The main domain is www.khq.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 22nd 2020. Valid for: 3 months.

This is the only time www.khq.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.41.142.186 52.41.142.186	16509 (AMAZON-02) (AMAZON-02)
1 1	3.94.176.246 3.94.176.246	14618 (AMAZON-AES) (AMAZON-AES)
1 1	70.39.247.36 70.39.247.36	30366 (AS-RHYTHM...) (AS-RHYTHMIC-NY)
1 1	70.39.246.51 70.39.246.51	30366 (AS-RHYTHM...) (AS-RHYTHMIC-NY)
1	192.104.183.209 192.104.183.209	10668 (LEE-ASN) (LEE-ASN)
2	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
1	91.228.74.147 91.228.74.147	27281 (QUANTCAST) (QUANTCAST)
1	169.50.137.176 169.50.137.176	36351 (SOFTLAYER) (SOFTLAYER)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700:20:... 2606:4700:20::681a:374	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	169.50.137.179 169.50.137.179	36351 (SOFTLAYER) (SOFTLAYER)
1	2606:4700:20:... 2606:4700:20::681a:274	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:204... 2600:9000:2047:fe00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	91.228.74.136 91.228.74.136	27281 (QUANTCAST) (QUANTCAST)
1	2600:9000:204... 2600:9000:2047:3200:18:1fcd:34e:a8e1	16509 (AMAZON-02) (AMAZON-02)
1	52.3.64.39 52.3.64.39	14618 (AMAZON-AES) (AMAZON-AES)
25	18

1 52.41.142.186 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-142-186.us-west-2.compute.amazonaws.com

post.spmailtechnol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.94.176.246 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-176-246.compute-1.amazonaws.com

track.accountingnewswatch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.39.247.36 (United States) 1 redirects

ASN30366 (AS-RHYTHMIC-NY, US)

www.newsdesk.lexisnexis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.39.246.51 (United States) 1 redirects

ASN30366 (AS-RHYTHMIC-NY, US)
PTR: clickthru.moreover.com

ct.moreover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.104.183.209 (United States)

ASN10668 (LEE-ASN, US)
PTR: cms.newyork1.vip.townnews.com

www.khq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.147 (United Kingdom)

ASN27281 (QUANTCAST, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.176 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b0.89.32a9.ip4.static.sl-reverse.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:374 (United States)

ASN13335 (CLOUDFLARENET, US)

tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.179 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b3.89.32a9.ip4.static.sl-reverse.com

i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:274 (United States)

ASN13335 (CLOUDFLARENET, US)

beacon.tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2047:fe00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.136 (United Kingdom)

ASN27281 (QUANTCAST, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2047:3200:18:1fcd:34e:a8e1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.3.64.39 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-64-39.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	google-analytics.com 1 redirects www.google-analytics.com	47 KB
3	tru.am tru.am beacon.tru.am	13 KB
2	facebook.com www.facebook.com	350 B
2	doubleclick.net 1 redirects stats.g.doubleclick.net	255 B
2	google.de ampcid.google.de www.google.de	619 B
2	google.com 1 redirects ampcid.google.com www.google.com	443 B
2	facebook.net connect.facebook.net	161 KB
2	simpli.fi tag.simpli.fi i.simpli.fi	3 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	googletagmanager.com www.googletagmanager.com	79 KB
1	chartbeat.net ping.chartbeat.net	168 B
1	chartbeat.com static.chartbeat.com	14 KB
1	quantcount.com rules.quantcount.com	352 B
1	khq.com www.khq.com	3 KB
1	moreover.com 1 redirects ct.moreover.com	219 B
1	lexisnexis.com 1 redirects www.newsdesk.lexisnexis.com	417 B
1	accountingnewswatch.com 1 redirects track.accountingnewswatch.com	745 B
1	spmailtechnol.com 1 redirects post.spmailtechnol.com	980 B
25	18

	Domain	Requested by
5	www.google-analytics.com	1 redirects www.googletagmanager.com www.google-analytics.com www.khq.com
2	www.facebook.com	www.khq.com
2	stats.g.doubleclick.net	1 redirects www.khq.com
2	tru.am	www.googletagmanager.com tru.am
2	connect.facebook.net	www.khq.com connect.facebook.net
2	www.googletagmanager.com	www.khq.com
1	ping.chartbeat.net
1	static.chartbeat.com	www.khq.com
1	pixel.quantserve.com	www.khq.com
1	rules.quantcount.com	secure.quantserve.com
1	beacon.tru.am	tru.am
1	i.simpli.fi	tag.simpli.fi
1	www.google.de	www.khq.com
1	www.google.com	1 redirects
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	tag.simpli.fi	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.khq.com
1	ct.moreover.com	1 redirects
1	www.newsdesk.lexisnexis.com	1 redirects
1	track.accountingnewswatch.com	1 redirects
1	post.spmailtechnol.com	1 redirects
25	23

This site contains links to these domains. Also see Links.

Domain
gdpr-info.eu

Subject Issuer	Validity	Valid
khq.com Let's Encrypt Authority X3	`2020-03-22` - `2020-06-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-05-14` - `2020-08-05`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-25` - `2020-10-09`	10 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2020-04-04` - `2021-04-04`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2019-12-16` - `2020-12-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
Frame ID: C6DF7166B1F61FD3C65D6A0BAD95F148
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://post.spmailtechnol.com/f/a/C570-IU7SrrQKR-1WTRbbQ~~/AAAFXAA~/RgRgqQERP4QSA2h0dHA6Ly90cmFjay5hY2NvdW... HTTP 302
http://track.accountingnewswatch.com/?xtl=1mt5ba3nvmfhn920nyltlyksl8xfizzqd1q4v5jkjann1yc9ypybjllnnjvdbh4no4qalmb... HTTP 302
https://www.newsdesk.lexisnexis.com/click/?a=42160477502&f=TmV3cw&s=ZXhwb3J0&u=c2NvdHRzcGlld2FrQG5ld3N3YXRjaG1lZ... HTTP 302
https://ct.moreover.com/?a=42160477502&p=14e&v=1&x=iz-0-2PjiNxdCjQlz5ACEQ&u1=ND&u2=up-urn:user:PA186... HTTP 302
https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilitie... Page URL

Detected technologies

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /chartbeat\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

25
Requests

100 %
HTTPS

57 %
IPv6

18
Domains

23
Subdomains

18
IPs

5
Countries

331 kB
Transfer

1106 kB
Size

11
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://gdpr-info.eu/
Title: General Data Protection Regulation

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://post.spmailtechnol.com/f/a/C570-IU7SrrQKR-1WTRbbQ~~/AAAFXAA~/RgRgqQERP4QSA2h0dHA6Ly90cmFjay5hY2NvdW50aW5nbmV3c3dhdGNoLmNvbS8_eHRsPTFtdDViYTNudm1maG45MjBueWx0bHlrc2w4eGZpenpxZDFxNHY1amtqYW5uMXljOXlweWJqbGxubmp2ZGJoNG5vNHFhbG1ibWM5Y2RyNHM3OHhnbmpjOG50ajIwOTV2ZGJraGM4M2NkbDlpc2R3OTI5M3U2MjVrZXo1cGtsbWEyMXc2MXB1d2RzMXNsMjZvaGNodXpmNXo1Ym40dW1xd2o0ZHM1cmoweGw1YjQ4cjFycmVram54eThsb280MjJicjhwcDNxb3Z1cWF2cXR1cHY1bHB5bW55Ym5mN3IyZ3JiZHRoeW4zOWpwOW9sZzJ0bWprOG1wOHJ6OGNwZzNzcmdhZ3d3OWV5MTUxODZjazl4aTZjODhjM3hodWVsODdicmp6Z3d4NHpzbjU0OWY4dHRwZnN4eXFmYTQxbnhxcHU4ZXFwYW5veDZhaDEzdmlpcDI0OGtsaTdieTYzM2Q5YWI0azhvd2s4dGFhOGdqM2Y4OWhiZmM3ZXRtNGZxemp1eG1xdXp1eHRkc2pyY2c0bXF4YWtwN3hlcXF0N29nNWg3d2xvZndwbzJoNDg4cjNrdG9icXI0NG9odXRqZmE2bHYxbzF4cWtxbW4ycXNmZnFudTk0cTZmYTg1azI2aGN4ODg3aHZnd2Q4dzlycHVhYXg4NGM0N3E3ZjVuMXgwYnhpYXJpa2RvbXJxdHM5bDNndGU1dTI4aDR1czJsNTMwaGIydHk1NzFsbHd6cmEyZGVscmVzYWQ5cXVoenQ2dWcwNGN0NWczajI3OG53ZzYwaTB0Nzdlc2RkajA2bDZmZzluMmVvZXU4dGR3aGx2YWNuaHJ3ZTQ4ZmRzOW43YjlrcWRtdnEybHlwazBqdXVkem4xeHNmamJjdjFxaHYxeW45cTJ4aTd6eThjYnU0ZXVpOGx0YmE0NjYzamJuJmVpaD1mNnR5eGtjcjQ3eHMwaXc5bmR0Znd5OGwyaDZjaTloeHQ5MWk0cmR1dVcDc3BjQgoAIxp8xl7BK3tHUhpjaGFybGVuZS5iZWxsQGVuYnJpZGdlLmNvbVgEAAAAAA~~ HTTP 302
http://track.accountingnewswatch.com/?xtl=1mt5ba3nvmfhn920nyltlyksl8xfizzqd1q4v5jkjann1yc9ypybjllnnjvdbh4no4qalmbmc9cdr4s78xgnjc8ntj2095vdbkhc83cdl9isdw9293u625kez5pklma21w61puwds1sl26ohchuzf5z5bn4umqwj4ds5rj0xl5b48r1rrekjnxy8loo422br8pp3qovuqavqtupv5lpymnybnf7r2grbdthyn39jp9olg2tmjk8mp8rz8cpg3srgagww9ey15186ck9xi6c88c3xhuel87brjzgwx4zsn549f8ttpfsxyqfa41nxqpu8eqpanox6ah13viip248kli7by633d9ab4k8owk8taa8gj3f89hbfc7etm4fqzjuxmquzuxtdsjrcg4mqxakp7xeqqt7og5h7wlofwpo2h488r3ktobqr44ohutjfa6lv1o1xqkqmn2qsffqnu94q6fa85k26hcx887hvgwd8w9rpuaax84c47q7f5n1x0bxiarikdomrqts9l3gte5u28h4us2l530hb2ty571llwzra2delresad9quhzt6ug04ct5g3j278nwg60i0t77esddj06l6fg9n2eoeu8tdwhlvacnhrwe48fds9n7b9kqdmvq2lypk0juudzn1xsfjbcv1qhv1yn9q2xi7zy8cbu4eui8ltba4663jbn&eih=f6tyxkcr47xs0iw9ndtfwy8l2h6ci9hxt91i4rduu HTTP 302
https://www.newsdesk.lexisnexis.com/click/?a=42160477502&f=TmV3cw&s=ZXhwb3J0&u=c2NvdHRzcGlld2FrQG5ld3N3YXRjaG1lZGlhLmNvbQ&cn=TmV3c3dhdGNobWVkaWEuQ29t&ci=106402&i=0&si=27745&fmi=169667440&e=S0hRIFJpZ2h0IE5vdw&d=110939&t=3&mbc=Q1QzL2E9NDIxNjA0Nzc1MDImcD0xNGUmdj0xJng9aXotMC0yUGppTnhkQ2pRbHo1QUNFUSZ1MT1ORCZ1Mj11cC11cm46dXNlcjpQQTE4Njk2MDEzMg&fi=287597&wa=1&ac=&ck=c143e24818a8673bfaf759bddd596ad9 HTTP 302
https://ct.moreover.com/?a=42160477502&p=14e&v=1&x=iz-0-2PjiNxdCjQlz5ACEQ&u1=ND&u2=up-urn:user:PA186960132 HTTP 302
https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=2036562384&t=pageview&_s=1&dl=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html&ul=en-us&de=UTF-8&dt=Avista%20warning%20customers%20of%20scammers%20threatening%20to%20disconnect%20utilities%20%7C%20News%20%7C%20khq.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUALQAQC~&jid=521910279&gjid=1480793384&cid=1381543077.1590074095&tid=UA-15497971-17&_gid=1133095939.1590074095&_r=1&gtm=2wg5e1NJF4PQT&z=1482820476 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_gid=1133095939.1590074095&gjid=1480793384&_v=j82&z=1482820476 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_v=j82&z=1482820476 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_v=j82&z=1482820476&slf_rd=1&random=2986661415

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

451

Primary Request article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html Show response
www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/
Redirect Chain

http://post.spmailtechnol.com/f/a/C570-IU7SrrQKR-1WTRbbQ~~/AAAFXAA~/RgRgqQERP4QSA2h0dHA6Ly90cmFjay5hY2NvdW50aW5nbmV3c3dhdGNoLmNvbS8_eHRsPTFtdDViYTNudm1maG45MjBueWx0bHlrc2w4eGZpenpxZDFxNHY1amtqYW5uM...
http://track.accountingnewswatch.com/?xtl=1mt5ba3nvmfhn920nyltlyksl8xfizzqd1q4v5jkjann1yc9ypybjllnnjvdbh4no4qalmbmc9cdr4s78xgnjc8ntj2095vdbkhc83cdl9isdw9293u625kez5pklma21w61puwds1sl26ohchuzf5z5bn4...
https://www.newsdesk.lexisnexis.com/click/?a=42160477502&f=TmV3cw&s=ZXhwb3J0&u=c2NvdHRzcGlld2FrQG5ld3N3YXRjaG1lZGlhLmNvbQ&cn=TmV3c3dhdGNobWVkaWEuQ29t&ci=106402&i=0&si=27745&fmi=169667440&e=S0hRIFJp...
https://ct.moreover.com/?a=42160477502&p=14e&v=1&x=iz-0-2PjiNxdCjQlz5ACEQ&u1=ND&u2=up-urn:user:PA186960132
https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

7 KB
3 KB

480ms
223ms

Document
text/html

192.104.183.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

192.104.183.209 , United States, ASN10668 (LEE-ASN, US),

Reverse DNS

cms.newyork1.vip.townnews.com

Software

Resource Hash

bfaad04ba9cda9e953ceab001af0d411d202811d4e0a5473231d0172c0035508

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.khq.com
:scheme: https
:path: /news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 451
date: Thu, 21 May 2020 15:14:55 GMT
content-type: text/html; charset=UTF-8
x-loop: 1
x-robots-tag: noarchive
x-ua-compatible: IE=edge
link: <https://bloximages.newyork1.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin
x-tncms: 1.50.2; app20; 0.08s; 2M
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
vary: X-IPCountry, Accept-Encoding
age: 0
x-vcache: MISS
content-length: 2469

Redirect headers

Location: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
Content-Length: 0
Connection: close

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 126 KB
41 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N&gtm_auth=UaWpb3d_PDCaIVzoLRLRYA&gtm_preview=env-2&gtm_cookies_win=x

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a917dd18a53cc2a9275da4e154289704f1697538e024f0493e9cee1caf18558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: br
vary: *
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41641
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 116 KB
38 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NJF4PQT&gtm_cookies_win=x

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

88a289e95d82e992e565e7982c043bde3b43835131624ac89b0a5dc553d2dd5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39295
x-xss-protection: 0
expires: Thu, 21 May 2020 15:14:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N&gtm_auth=UaWpb3d_PDCaIVzoLRLRYA&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 1116
date: Thu, 21 May 2020 14:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Thu, 21 May 2020 16:56:19 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 21 KB
8 KB 217ms
55ms Script
application/x-javascript 91.228.74.147
QUANTCAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.quantserve.com/quant.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJF4PQT&gtm_cookies_win=x

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.147 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 21 May 2020 15:14:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 21-May-2020 15:14:55 GMT
Server: QS
Etag: M0-004a9efe
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Strict-Transport-Security: max-age=86400
Content-Length: 8025
Expires: Thu, 28 May 2020 15:14:55 GMT

GET
H2 200 160ec170-1ba4-0135-1123-0cc47a63c1a4 Show response
tag.simpli.fi/sifitag/ 2 KB
3 KB 163ms
54ms Script
application/javascript 169.50.137.176
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.simpli.fi/sifitag/160ec170-1ba4-0135-1123-0cc47a63c1a4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJF4PQT&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.176 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b0.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

0843900120977b5d77b87ae738a718eba1f4b3b51cbc096c492435825668d8e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache, no-cache
date: Thu, 21 May 2020 15:14:55 GMT
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 1998
x-request-id: FhET9xicKpRUmAEIlWSh
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 131 KB
31 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 31766
x-xss-protection: 0
pragma: public
x-fb-debug: eFVctTsUAMclfNw5oS8yDH08mp16NtTKpf3LbFvbqEXpMj/YloLFYM0Oxdqkewj6ma4bvQrIE2l1lj2fY0WIvA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Thu, 21 May 2020 15:14:55 GMT, Thu, 21 May 2020 15:14:55 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 khq.js Show response
tru.am/scripts/custom/ 800 B
1 KB 120ms
20ms Script
text/javascript 2606:4700:20::681a:374
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/custom/khq.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJF4PQT&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:374 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3aa0ab4025dc77adcf4069497af134130bd2112c46345ba68243a29d270ada2

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: br
cf-cache-status: HIT
age: 2372250
x-guploader-uploadid: AAANsUklhiPr93ZFFJuS279z1QIkVPGlfv96sW7BDQyOyIq3kTf2zQnE2NPbK6qJQVXJbTmOJ_NGi4R3etDn75uPeg
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02d9664f2200001f4131209200000001
last-modified: Tue, 28 Jan 2020 17:22:31 GMT
server: cloudflare
etag: W/"ada80c17210e6157fe46621bb4dd0c4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Sdcgkw==, md5=ragMFyEOYVf+RmIbtN0MTg==
x-goog-generation: 1580232151178724
content-type: text/javascript
cache-control: public, max-age=2678400
x-goog-stored-content-length: 800
cf-ray: 596f3ff83c651f41-FRA
expires: Fri, 24 Apr 2020 05:17:25 GMT

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 14:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2239
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Thu, 21 May 2020 15:37:36 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
267 B 16ms
14ms XHR
application/json 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.khq.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 2400291516909370 Show response
connect.facebook.net/signals/config/ 517 KB
130 KB 83ms
83ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2400291516909370?v=2.9.18&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6aafc78b72c6200e36ae49eb6328df1c3a0e96da0adeabd733390a95b1bedbfd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: eYjAdnnAj8CL5gi2K4tSWdFNt92rg63EIL3GEHuU01wGA6mQNfO44mwMqEsrUSo51tHi7D3L0J+puIjof67ifA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Thu, 21 May 2020 15:14:55 GMT, Thu, 21 May 2020 15:14:55 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
513 B 34ms
14ms XHR
application/json 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.khq.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 68 KB
27 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-56TZLS9&t=gtm20&cid=1381543077.1590074095

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bd57fc2546bccec7fadaa65ae96b0af02ac624838f5a0dedebdb2947a9a7cf78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27707
x-xss-protection: 0
expires: Thu, 21 May 2020 15:14:55 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
96 B 7ms
6ms Image
image/gif 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j82&aip=1&a=2036562384&t=pageview&_s=1&dl=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html&ul=en-us&de=UTF-8&dt=Avista%20warning%20customers%20of%20scammers%20threatening%20to%20disconnect%20utilities%20%7C%20News%20%7C%20khq.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgUALQAQC~&jid=881344260&gjid=53245598&cid=1381543077.1590074095&tid=UA-54716522-7&_gid=1133095939.1590074095&gtm=2wg5e1PDQV3N&cd2=editorial&cd3=flex&cd4=flex-editorial&cd5=no&cd6=Large%3A%20Desktop%20computers.&cd8=451&cd9=No&cd10=No&cd12=No&cd13=null&cd16=No&cd17=Page%20View&cd20=12386fa4-9ad4-11ea-9d12-43f5427f767a&cm1=80&z=918327518

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 May 2020 06:55:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 375544
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
99 B 16ms
15ms Image
image/gif 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j82&tid=UA-54716522-7&cid=1381543077.1590074095&jid=881344260&gjid=53245598&_gid=1133095939.1590074095&_u=aGBAgUALQAQC~&z=514970450

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 21 May 2020 15:14:55 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=2036562384&t=pageview&_s=1&dl=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Fa...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_gid=1133095939.1590074095&gjid=1480793384&_v=j82&z=1482820476
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_v=j82&z=1482820476
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_v=j82&z=1482820476&slf_rd=1&random=2986661415

42 B
106 B

19ms
19ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_v=j82&z=1482820476&slf_rd=1&random=2986661415

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 May 2020 15:14:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 May 2020 15:14:55 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-15497971-17&cid=1381543077.1590074095&jid=521910279&_v=j82&z=1482820476&slf_rd=1&random=2986661415
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
249 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2400291516909370&ev=PageView&dl=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html&rl=&if=false&ts=1590074095448&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1590074095447.1029778101&it=1590074095318&coo=false&rqm=GET

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT, Thu, 21 May 2020 15:14:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 21 May 2020 15:14:55 GMT

GET
H2 200 p Show response
i.simpli.fi/ 34 B
563 B 156ms
52ms Script
application/javascript 169.50.137.179
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://i.simpli.fi/p?cid=&cb=sifi_att_42656._hp

Requested by

Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/160ec170-1ba4-0135-1123-0cc47a63c1a4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.179 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b3.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e09104e2d44f1a94518d3115e39e60dec46fd3486d07db5a0c815c434a7899f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache, no-cache
date: Thu, 21 May 2020 15:14:55 GMT
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ta-pagesocial-sdk.js Show response
tru.am/scripts/ 35 KB
12 KB 27ms
27ms Script
application/javascript 2606:4700:20::681a:374
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by: Host: tru.am
URL: https://tru.am/scripts/custom/khq.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:374 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT
content-encoding: br
cf-cache-status: HIT
age: 2580488
x-guploader-uploadid: AEnB2Ur30WG3gGaDtRjBANNBIlS8cUsuk3CSCuGc846N5Gi6_1pM1gqbyfLeg7g5fDbRwSjm386GS-2rqCBAv7nRZEDRdInArw
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02d9664f6400001f413120e200000001
last-modified: Fri, 19 Apr 2019 06:14:55 GMT
server: cloudflare
etag: W/"942d5ae1e512ccdf18813550428dd002"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=O7AZFg==, md5=lC1a4eUSzN8YgTVQQo3QAg==
x-goog-generation: 1555654495662585
content-type: application/javascript
cache-control: private, max-age=2678400
x-goog-stored-content-length: 35540
cf-ray: 596f3ff8adb31f41-FRA
expires: Tue, 21 Apr 2020 19:26:47 GMT

POST
H2 200 beacon
beacon.tru.am/ 0
0 161ms
128ms Fetch 2606:4700:20::681a:274
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.tru.am/beacon
Requested by: Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 21 May 2020 15:14:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-origin: https://www.khq.com
cache-control: no-cache, private, max-age=0
cf-ray: 596f3ff909750614-FRA
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 0
cf-request-id: 02d9664fa800000614373b2200000001
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 rules-p-7a2Lu3B2sAwk2.js Show response
rules.quantcount.com/ 3 B
352 B 364ms
364ms Script
application/x-javascript 2600:9000:2047:fe00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-7a2Lu3B2sAwk2.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:fe00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:56 GMT
via: 1.1 36c13eeffcddf77ad33d7874b28e6168.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 20:08:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA53
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: RefreshHit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-length: 3
x-amz-cf-id: Z1MIqycbhd26hrvqpGHv4FBXM5cIRjnRunZ4h_PD82Yn5BVbnEz1yQ==

GET
H/1.1 200
OK pixel;r=1219881555;source=gtm;rf=0;a=p-7a2Lu3B2sAwk2;url=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d1...
pixel.quantserve.com/ 35 B
658 B 62ms
62ms Image
image/gif 91.228.74.136
QUANTCAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1219881555;source=gtm;rf=0;a=p-7a2Lu3B2sAwk2;url=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html;fpan=1;fpa=P0-819057992-1590074095881;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1590074095881;tzo=-120;ogl=type.article%2Curl.https%3A%2F%2Fwww%252Ekhq%252Ecom%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-dis%2Cimage.https%3A%2F%2Fbloximages%252Enewyork1%252Evip%252Etownnews%252Ecom%2Fkhq%252Ecom%2Fcontent%2Ftncms%2Fassets%2Fv3%2Fedi%2Cimage%3Awidth.840%2Cimage%3Aheight.630%2Ctitle.Avista%20warning%20customers%20of%20scammers%20threatening%20to%20disconnect%20utilities%2Cdescription.SPOKANE%252C%20Wash%252E%20-%20Avista%20Utilities%20is%20warning%20its%20customers%20of%20scammers%20out%20on%20th%2Csite_name.KHQ%20Right%20Now%2Csection.News

Requested by

Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.136 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 May 2020 15:14:55 GMT
Server: QS
Strict-Transport-Security: max-age=86400
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 27ms
10ms Script
application/x-javascript 2600:9000:2047:3200:18:1fcd:34e:a8e1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.khq.com
URL: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:3200:18:1fcd:34e:a8e1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9233eac6e8f7adc20a334ce3854d5adbbed6dcc031a36ea1eee952894407951c

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 14:14:10 GMT
content-encoding: gzip
last-modified: Fri, 24 Apr 2020 01:13:41 GMT
server: nginx
age: 3644
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA53
x-amz-cf-id: 76g_E0k5T4sJwFzwEBu7J-flvNhzLmF0VxJwfhLMtj0LW72vTLAb3A==
via: 1.1 150f249515041adfcc44683bff172916.cloudfront.net (CloudFront)
expires: Thu, 21 May 2020 16:14:10 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2400291516909370&ev=Microdata&dl=https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html&rl=&if=false&ts=1590074095950&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Avista%20warning%20customers%20of%20scammers%20threatening%20to%20disconnect%20utilities%20%7C%20News%20%7C%20khq.com%22%2C%22meta%3Akeywords%22%3A%22scammer%2C%20customer%2C%20commerce%2C%20advertising%2C%20payment%2C%20logo%2C%20information%2C%20tell-tale%2C%20skill%2C%20internet%22%2C%22meta%3Adescription%22%3A%22SPOKANE%2C%20Wash.%20-%20Avista%20Utilities%20is%20warning%20its%20customers%20of%20scammers%20out%20on%20the%20prowl%20in%20the%20region.%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.khq.com%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fbloximages.newyork1.vip.townnews.com%2Fkhq.com%2Fcontent%2Ftncms%2Fassets%2Fv3%2Feditorial%2F9%2F68%2F968f3d8c-1127-11ea-9d64-777b79595094%2F5dde913772e5a.image.jpg%3Fcrop%3D929%252C697%252C170%252C0%26resize%3D840%252C630%26order%3Dcrop%252Cresize%22%2C%22og%3Aimage%3Awidth%22%3A%22840%22%2C%22og%3Aimage%3Aheight%22%3A%22630%22%2C%22og%3Atitle%22%3A%22Avista%20warning%20customers%20of%20scammers%20threatening%20to%20disconnect%20utilities%22%2C%22og%3Adescription%22%3A%22SPOKANE%2C%20Wash.%20-%20Avista%20Utilities%20is%20warning%20its%20customers%20of%20scammers%20out%20on%20the%20prowl%20in%20the%20region.%22%2C%22og%3Asite_name%22%3A%22KHQ%20Right%20Now%22%2C%22og%3Asection%22%3A%22News%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.18&r=stable&ec=1&o=30&fbp=fb.1.1590074095447.1029778101&it=1590074095318&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 May 2020 15:14:55 GMT, Thu, 21 May 2020 15:14:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 21 May 2020 15:14:55 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 399ms
133ms Image
image/gif 52.3.64.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=khq.com&p=%2Fnews%2Favista-warning-customers-of-scammers-threatening-to-disconnect-utilities%2Farticle_12386fa4-9ad4-11ea-9d12-43f5427f767a.html&u=BRb84jCJ1cJYpVy_4&d=khq.com&g=23815&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=3483&t=CU1qUjCT4lG1DCGBnegG6mNmULH2&V=120&i=Avista%20warning%20customers%20of%20scammers%20threatening%20to%20disconnect%20utilities%20%7C%20News%20%7C%20khq.com&tz=-120&sn=1&sv=D06djuDnNfjuDPNjWPDpVORnDRWXhW&sd=1&im=06530c43&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.64.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-64-39.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.khq.com/news/avista-warning-customers-of-scammers-threatening-to-disconnect-utilities/article_12386fa4-9ad4-11ea-9d12-43f5427f767a.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Thu, 21 May 2020 15:14:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.khq.com/	1970-01-19 09:41:15	Name: _cb_svref Value: null
.khq.com/	1970-01-19 11:50:50	Name: _fbp Value: fb.1.1590074095447.1029778101
.khq.com/	1970-01-19 09:41:14	Name: _dc_gtm_UA-54716522-7 Value: 1
.khq.com/	1970-01-19 09:42:40	Name: _gid Value: GA1.2.1133095939.1590074095
.khq.com/	1970-01-19 19:05:42	Name: __qca Value: P0-819057992-1590074095881
.khq.com/	1970-01-19 09:41:14	Name: _gat_UA-15497971-17 Value: 1
www.khq.com/	1970-01-19 19:10:02	Name: _cb Value: BRb84jCJ1cJYpVy_4
.khq.com/	1970-01-20 03:12:26	Name: _ga Value: GA1.2.1381543077.1590074095
www.khq.com/	1970-01-19 19:10:02	Name: _chartbeat2 Value: .1590074096071.1590074096071.1.D06djuDnNfjuDPNjWPDpVORnDRWXhW.1
www.khq.com/	1970-01-19 19:10:02	Name: _cb_ls Value: 1
.khq.com/	1970-01-19 09:41:17	Name: AMP_TOKEN Value: %24NOT_FOUND

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ampcid.google.com
ampcid.google.de
beacon.tru.am
connect.facebook.net
ct.moreover.com
i.simpli.fi
ping.chartbeat.net
pixel.quantserve.com
post.spmailtechnol.com
rules.quantcount.com
secure.quantserve.com
static.chartbeat.com
stats.g.doubleclick.net
tag.simpli.fi
track.accountingnewswatch.com
tru.am
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.khq.com
www.newsdesk.lexisnexis.com
169.50.137.176
169.50.137.179
192.104.183.209
2600:9000:2047:3200:18:1fcd:34e:a8e1
2600:9000:2047:fe00:6:44e3:f8c0:93a1
2606:4700:20::681a:274
2606:4700:20::681a:374
2a00:1450:4001:800::2003
2a00:1450:4001:800::2008
2a00:1450:4001:808::200e
2a00:1450:4001:81b::200e
2a00:1450:4001:81e::2004
2a00:1450:4001:821::200e
2a00:1450:400c:c00::9a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.94.176.246
52.3.64.39
52.41.142.186
70.39.246.51
70.39.247.36
91.228.74.136
91.228.74.147
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0843900120977b5d77b87ae738a718eba1f4b3b51cbc096c492435825668d8e9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
6a917dd18a53cc2a9275da4e154289704f1697538e024f0493e9cee1caf18558
6aafc78b72c6200e36ae49eb6328df1c3a0e96da0adeabd733390a95b1bedbfd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88a289e95d82e992e565e7982c043bde3b43835131624ac89b0a5dc553d2dd5c
9233eac6e8f7adc20a334ce3854d5adbbed6dcc031a36ea1eee952894407951c
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3aa0ab4025dc77adcf4069497af134130bd2112c46345ba68243a29d270ada2
b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0
bd57fc2546bccec7fadaa65ae96b0af02ac624838f5a0dedebdb2947a9a7cf78
bfaad04ba9cda9e953ceab001af0d411d202811d4e0a5473231d0172c0035508
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e09104e2d44f1a94518d3115e39e60dec46fd3486d07db5a0c815c434a7899f6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.khq.com Open in urlscan Pro 192.104.183.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

100 %HTTPS

57 %IPv6

18 Domains

23 Subdomains

18 IPs

5 Countries

331 kBTransfer

1106 kBSize

11 Cookies

1 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

11 Cookies

Security Headers

Indicators

www.khq.com Open in urlscan Pro
192.104.183.209 Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

100 %
HTTPS

57 %
IPv6

18
Domains

23
Subdomains

18
IPs

5
Countries

331 kB
Transfer

1106 kB
Size

11
Cookies

25 HTTP transactions
0 data transactions