ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ci.security.admin-eu2.cas.ms/
Effective URL:
https://ci.security/
Submission: On April 07 via automatic, source certstream-suspicious (April 7th 2020, 8:54:27 am UTC)

Summary HTTP 51 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 25 IPs in 7 countries across 28 domains to perform 51 HTTP transactions. The main IP is 207.38.86.153, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is ci.security.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 10th 2020. Valid for: 3 months.

This is the only time ci.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	20.40.134.79 20.40.134.79	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
15	207.38.86.153 207.38.86.153	30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:310... 2a02:26f0:3100:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.225.73.42 13.225.73.42	16509 (AMAZON-02) (AMAZON-02)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
1	143.204.97.30 143.204.97.30	16509 (AMAZON-02) (AMAZON-02)
2 2	52.214.123.193 52.214.123.193	16509 (AMAZON-02) (AMAZON-02)
1 2	13.225.73.16 13.225.73.16	16509 (AMAZON-02) (AMAZON-02)
3	35.174.151.106 35.174.151.106	14618 (AMAZON-AES) (AMAZON-AES)
1 6	23.213.164.149 23.213.164.149	16625 (AKAMAI-AS) (AKAMAI-AS)
14 16	52.30.46.216 52.30.46.216	16509 (AMAZON-02) (AMAZON-02)
2 2	3.123.244.246 3.123.244.246	16509 (AMAZON-02) (AMAZON-02)
1 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 2	23.213.165.44 23.213.165.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	70.42.32.127 70.42.32.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	151.101.113.44 151.101.113.44	54113 (FASTLY) (FASTLY)
1 2	52.57.79.171 52.57.79.171	16509 (AMAZON-02) (AMAZON-02)
1 2	52.59.91.136 52.59.91.136	16509 (AMAZON-02) (AMAZON-02)
1 2	185.33.223.203 185.33.223.203	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
51	25

1 20.40.134.79 (Paris, France) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ci.security.admin-eu2.cas.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 207.38.86.153 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: web594.webfaction.com

ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100:2b0::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.73.42 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-42.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.97.30 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-97-30.fra50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.123.193 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-123-193.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.73.16 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-16.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.174.151.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-4-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cybersecurity.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.213.164.149 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-164-149.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.30.46.216 (Dublin, Ireland) 14 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-46-216.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.244.246 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-244-246.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.213.165.44 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-165-44.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.127 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.79.171 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-79-171.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.91.136 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-91-136.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.203 (Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 317.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	adroll.com 14 redirects s.adroll.com d.adroll.com	26 KB
16	ci.security ci.security cybersecurity.ci.security	7 MB
3	yahoo.com 2 redirects ups.analytics.yahoo.com ads.yahoo.com	2 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
2	openx.net 1 redirects us-u.openx.net	497 B
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	913 B
2	3lift.com 1 redirects eb2.3lift.com	738 B
2	outbrain.com 1 redirects sync.outbrain.com	804 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 2 redirects pixel.advertising.com	818 B
2	pardot.com pi.pardot.com	4 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	rlcdn.com idsync.rlcdn.com	62 B
1	taboola.com trc.taboola.com	282 B
1	pubmatic.com simage2.pubmatic.com	1010 B
1	rubiconproject.com pixel.rubiconproject.com	797 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	demandbase.com tag.demandbase.com	15 KB
1	licdn.com snap.licdn.com	2 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
1	cas.ms 1 redirects ci.security.admin-eu2.cas.ms	251 B
0	facebook.net Failed connect.facebook.net Failed
0	google.com Failed www.google.com Failed
0	doubleclick.net Failed stats.g.doubleclick.net Failed cm.g.doubleclick.net Failed
51	28

	Domain	Requested by
15	d.adroll.com	13 redirects
15	ci.security	ci.security www.google-analytics.com
6	s.adroll.com	1 redirects ci.security s.adroll.com
2	us-u.openx.net	1 redirects
2	ib.adnxs.com	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	sync.outbrain.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	pixel.advertising.com	2 redirects
2	pi.pardot.com	ci.security pi.pardot.com
2	segments.company-target.com	1 redirects ci.security
2	match.prod.bidr.io	2 redirects
2	px.ads.linkedin.com	1 redirects ci.security
2	www.google-analytics.com	www.googletagmanager.com ci.security
1	cybersecurity.ci.security	pi.pardot.com
1	idsync.rlcdn.com
1	trc.taboola.com
1	ads.yahoo.com	1 redirects
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	d.adroll.mgr.consensu.org	1 redirects
1	api.company-target.com	tag.demandbase.com
1	apt.techtarget.com	ci.security
1	www.linkedin.com	1 redirects
1	trk.techtarget.com	ci.security
1	tag.demandbase.com	ci.security
1	snap.licdn.com	ci.security
1	www.googletagmanager.com	ci.security
1	ci.security.admin-eu2.cas.ms	1 redirects
0	cm.g.doubleclick.net Failed
0	connect.facebook.net Failed	s.adroll.com
0	www.google.com Failed	ci.security
0	stats.g.doubleclick.net Failed	ci.security
51	35

This site contains links to these domains. Also see Links.

Domain
results.ci.security
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
ci.security Let's Encrypt Authority X3	`2020-03-10` - `2020-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.pardot.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-01-17`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-02-13` - `2020-08-11`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.taboola.com DigiCert SHA2 Secure Server CA	`2020-02-19` - `2020-09-10`	7 months	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-17` - `2020-05-04`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
cybersecurity.ci.security Let's Encrypt Authority X3	`2020-03-02` - `2020-05-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ci.security/
Frame ID: 1A4637583E48F727B8227E4978829C5A
Requests: 53 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ci.security.admin-eu2.cas.ms/ HTTP 307
https://ci.security/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

51
Requests

90 %
HTTPS

21 %
IPv6

28
Domains

35
Subdomains

25
IPs

7
Countries

7129 kB
Transfer

7283 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://results.ci.security/case-study/seattle-indian-health-board
Title: Read the case study

Search URL Search Domain Scan URL

URL: http://www.twitter.com/@detectrespond
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cisecurity
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCwXktbtQyr1FzewMFQVz6lA
Title: YouTube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ci.security.admin-eu2.cas.ms/ HTTP 307
https://ci.security/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=2139517419&t=pageview&_s=1&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=268667083&gjid=810689983&cid=240509649.1586249647&tid=UA-72734021-3&_gid=68507398.1586249647&_r=1&gtm=2ou3p1&z=494820579 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=240509649.1586249647&jid=268667083&_gid=68507398.1586249647&gjid=810689983&_v=j81&z=494820579

Request Chain 23

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1586249647623 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fci.security%252F%26time%3D1586249647623%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1586249647623&liSync=true

Request Chain 26

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AACxXk69GH8AAA_wyz9gKg HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACxXk69GH8AAA_wyz9gKg&verifyHash=adbb815e0c81d57387e458065e7b8cd3fac155aa

Request Chain 30

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 32

https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=91b0c9ac1cfbf7f486b5817c4ddd03a9&_b=2 HTTP 302
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=91b0c9ac1cfbf7f486b5817c4ddd03a9&_b=2

Request Chain 33

https://d.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&pv=13079504754.69566&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js

Request Chain 37

https://d.adroll.com/cm/aol/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP585f7e91-78ad-11ea-a537-063e30d52302 HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP585f7e91-78ad-11ea-a537-063e30d52302&verify=true

Request Chain 38

https://d.adroll.com/cm/index/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expiration=1617785649 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expiration=1617785649&C=1

Request Chain 39

https://d.adroll.com/cm/n/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expires=365

Request Chain 40

https://d.adroll.com/cm/outbrain/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&rdrctExp=true

Request Chain 41

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 42

https://d.adroll.com/cm/r/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 43

https://d.adroll.com/cm/taboola/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

Request Chain 44

https://d.adroll.com/cm/triplelift/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 45

https://d.adroll.com/cm/b/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

Request Chain 46

https://d.adroll.com/cm/x/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

Request Chain 47

https://d.adroll.com/cm/l/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=bcde533571474224d3eb42d871e126ee

Request Chain 48

https://d.adroll.com/cm/o/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=bcde533571474224d3eb42d871e126ee HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=bcde533571474224d3eb42d871e126ee

51 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
ci.security/
Redirect Chain

https://ci.security.admin-eu2.cas.ms/
https://ci.security/

25 KB
10 KB

582ms
167ms

Document
text/html

207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

1af8e1af229dc12ad3ed3c2789723eb06cdf85ff695eaad000707dad8dde48e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; font-src 'self' data: .googleusercontent.com; media-src 'self' .thekraken.xyz; manifest-src 'self';script-src 'self' 'nonce-11349245358781299867480078246945' .google-analytics.com 'nonce-5483687168' s.ytimg.com .ci.security .bamboohr.com .adroll.com .adroll.mgr.consensu.org .linkedin.com .licdn.com .demandbase.com .techtarget.com static.doubleclick.net .googletagmanager.com googleads.g.doubleclick.net .pardot.com; style-src 'self' 'unsafe-inline' .bamboohr.com; img-src 'self' data: 'unsafe-inline' cms.thekraken.xyz .company-target.com .linkedin.com .adroll.com .casalemedia.com www.google-analytics.com .twitter.com .bidr.io .techtarget.com stats.g.doubleclick.net .advertising.com .casalemedia.com .rubiconproject.com .outbrain.com .pubmatic.com .yahoo.com .taboola.com/sg/adroll-network .3lift.com .bidswitch.net .adnxs.com .rlcdn.com .openx.net .bamboohr.com .pardot.com s.ytimg.com; connect-src 'self' .google-analytics.com .ci.security .google.com .bamboohr.com .twitter.com .demandbase.com .company-target.com .youtube.com; frame-src 'self' .youtube.com .ci.security .pardot.com .bamboohr.com .twitter.com .google.com .google-analytics.com; frame-ancestors 'self' .driftt.com .bamboohr.com .youtube.com; form-action 'self' .ci.security ci.security *.pardot.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Host: ci.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Server: nginx
Date: Tue, 07 Apr 2020 08:55:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7909
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'none'; base-uri 'self'; font-src 'self' data: *.googleusercontent.com; media-src 'self' *.thekraken.xyz; manifest-src 'self';script-src 'self' 'nonce-11349245358781299867480078246945' *.google-analytics.com 'nonce-5483687168' s.ytimg.com *.ci.security *.bamboohr.com *.adroll.com *.adroll.mgr.consensu.org *.linkedin.com *.licdn.com *.demandbase.com *.techtarget.com static.doubleclick.net *.googletagmanager.com googleads.g.doubleclick.net *.pardot.com; style-src 'self' 'unsafe-inline' *.bamboohr.com; img-src 'self' data: 'unsafe-inline' cms.thekraken.xyz *.company-target.com *.linkedin.com *.adroll.com *.casalemedia.com www.google-analytics.com *.twitter.com *.bidr.io *.techtarget.com stats.g.doubleclick.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com/sg/adroll-network *.3lift.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.bamboohr.com *.pardot.com s.ytimg.com; connect-src 'self' *.google-analytics.com *.ci.security *.google.com *.bamboohr.com *.twitter.com *.demandbase.com *.company-target.com *.youtube.com; frame-src 'self' *.youtube.com *.ci.security *.pardot.com *.bamboohr.com *.twitter.com *.google.com *.google-analytics.com; frame-ancestors 'self' *.driftt.com *.bamboohr.com *.youtube.com; form-action 'self' *.ci.security ci.security *.pardot.com;
Content-Encoding: gzip
Vary: Accept-Encoding
Cache-Control: max-age=2628000, public
Expires: Thu, 07 May 2020 08:55:18 GMT
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin

Redirect headers

Date: Tue, 07 Apr 2020 08:54:06 GMT
Connection: keep-alive
Location: https://ci.security/
Strict-Transport-Security: max-age=31536000
Content-Length: 134
X-MCAS-Request-Id: 12116b31-b715-4442-8cda-28fc5d19c26c

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 76 KB
28 KB 26ms
22ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14665baaaaa488802ebe0045addfbbf4f0ad23ac394f8dbda1ad4f4abc810030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 08:54:07 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 29062
x-xss-protection: 0
last-modified: Tue, 07 Apr 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Apr 2020 08:54:07 GMT

GET
H/1.1 200
OK kraken.min.css
ci.security/static/ 105 KB
105 KB 143ms
141ms Stylesheet
text/css 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/kraken.min.css?v11349245358781299867480078246945

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

fa054d5164ed9515b85fe4680e8cb9f5bb0b7752ea1be6920cdbaf412f3aed67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Tue, 10 Mar 2020 22:42:57 GMT
Server: nginx
ETag: "1a313-5a087d75f789c"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 107283
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 200
OK AICPA-SOC-Level2-Badge.png
ci.security/static/img/ 19 KB
20 KB 539ms
258ms Image
image/png 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ci.security/static/img/AICPA-SOC-Level2-Badge.png

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

45780f9004f49b43678a975c549852684bd5b480319aa077e70d795da9099def

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "4dfe-58f8c39917c8b"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19966
X-Content-Type-Options: nosniff
Expires: Wed, 07 Apr 2021 08:55:18 GMT

GET
H/1.1 200
OK kraken.babel.min.js Show response
ci.security/static/ 10 KB
10 KB 410ms
139ms Script
application/javascript 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/kraken.babel.min.js?v202002

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

1422b530e11686be18d89bcd9f619a20317443f1dba344d8ffd860360c204e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Tue, 22 Oct 2019 14:52:28 GMT
Server: nginx
ETag: "2799-59580f30002e8"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10137
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 206
Partial Content footage_480_color.mp4
ci.security/static/ 6 MB
6 MB 527ms
257ms Media
video/mp4 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/footage_480_color.mp4

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

9d9355326120ed7eff93bae35896afd0c6c0d3fe5644c1ea1ac0b1eff99d6c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Thu, 29 Aug 2019 20:27:24 GMT
Server: nginx
ETag: "6698c2-59147555b9604"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: video/mp4
Content-Range: bytes 0-6723777/6723778
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6723778
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 932
date: Tue, 07 Apr 2020 08:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Tue, 07 Apr 2020 10:38:35 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK consulting_background_@768.jpg
ci.security/static/img/backgrounds/ 43 KB
43 KB 539ms
264ms Image
image/jpeg 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ci.security/static/img/backgrounds/consulting_background_@768.jpg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

3d3da79e30106d0881131e8aea414939db009feab9eaa18a7c7c3e8534ac61aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "ab96-58f8c399197e3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43926
X-Content-Type-Options: nosniff
Expires: Wed, 07 Apr 2021 08:55:18 GMT

GET
H/1.1 200
OK medical_tech_doctor_stethoscope_background-100_@1200.jpg
ci.security/static/img/backgrounds/ 87 KB
87 KB 542ms
264ms Image
image/jpeg 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ci.security/static/img/backgrounds/medical_tech_doctor_stethoscope_background-100_@1200.jpg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

689e0fa64d98bb75fbce794c71e8678839090e60304c51123e8351bcd8a31f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "15c0b-58f8c39923421"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89099
X-Content-Type-Options: nosniff
Expires: Wed, 07 Apr 2021 08:55:18 GMT

GET

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=2139517419&t=pageview&_s=1&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Respon...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=240509649.1586249647&jid=268667083&_gid=68507398.1586249647&gjid=810689983&_v=j81&z=494820579

0
0

GET ga-audiences
www.google.com/ads/ 0
0

GET
H/1.1 200
OK Roboto-Bold-webfont.woff
ci.security/static/fonts/ 21 KB
21 KB 137ms
136ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/Roboto-Bold-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "5348-58f8c399174bb"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21320
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 200
OK Roboto-Regular-webfont.woff
ci.security/static/fonts/ 20 KB
21 KB 154ms
143ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/Roboto-Regular-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "51bc-58f8c399174bb"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20924
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 200
OK RobotoSlab-Regular-webfont.woff
ci.security/static/fonts/ 23 KB
24 KB 265ms
140ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/RobotoSlab-Regular-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "5d40-58f8c399178a3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23872
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 200
OK Roboto-Light-webfont.woff
ci.security/static/fonts/ 20 KB
21 KB 270ms
136ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/Roboto-Light-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "51a8-58f8c399174bb"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20904
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 200
OK FontAwesomeBrands-Regular-webfont.woff2
ci.security/static/fonts/ 20 KB
20 KB 289ms
141ms Font
font/woff2 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/FontAwesomeBrands-Regular-webfont.woff2?v=1.0.0

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

4a7acdea55252ab19b8c6e010eb38e2c11e87fee77e390798ce207b13b883d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:18 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "4e04-58f8c399170d3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19972
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:18 GMT

GET
H/1.1 200
OK RobotoSlab-Bold-webfont.woff
ci.security/static/fonts/ 23 KB
24 KB 408ms
145ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/RobotoSlab-Bold-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

de2ab805d9a0d28cbc9bcb5a4adf47ba419db64e21b94330cc97eb57fe9467c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:19 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "5dfc-58f8c399178a3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24060
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:19 GMT

GET
H/1.1 200
OK BlackTie-Regular-webfont.woff2
ci.security/static/fonts/ 13 KB
13 KB 408ms
142ms Font
font/woff2 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/BlackTie-Regular-webfont.woff2?v=1.0.0

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

15c730c302225ad29a32a1852a683e1c02f45e4e8a018bef6c7901a51458e62d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:19 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "3280-58f8c3991651b"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12928
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:19 GMT

GET
H/1.1 200
OK line-awesome.woff2
ci.security/static/fonts/ 44 KB
45 KB 418ms
142ms Font
font/woff2 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/line-awesome.woff2?v=1.1.

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:55:19 GMT
Referrer-Policy: strict-origin
Last-Modified: Tue, 13 Aug 2019 23:30:13 GMT
Server: nginx
ETag: "b034-5900805b59a2a"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45108
X-Content-Type-Options: nosniff
Expires: Thu, 07 May 2020 08:55:19 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 21ms
7ms Script
application/x-javascript 2a02:26f0:3100:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:2b0::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 07 Apr 2020 08:54:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=36445
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 97379541.min.js Show response
tag.demandbase.com/ 57 KB
15 KB 546ms
480ms Script
application/javascript 13.225.73.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/97379541.min.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.42 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-42.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1e0c11bc716611c019190874ecf1cc32986016eb45a525e592d7401052d9024b

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 08:54:08 GMT
content-encoding: gzip
last-modified: Mon, 24 Feb 2020 22:40:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: E3C5T5tXwka.4FnrQ5cy5WFEXOwwn73b
status: 200
cache-control: public, max-age=3600
content-type: application/javascript; charset=utf-8
x-amz-cf-id: E-y3KGI_C7SWPpH9RsWvV2rFk-N6uvQeN_np-d4HdZ7DkKvw188c4g==
via: 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 87ms
20ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 07 Apr 2020 08:54:07 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 357
X-Ws-Request-Id: 5e8c3faf_PSdgflkfFRA2po7_50219-3132
Content-Type: text/javascript
Via: 1.1 VMmgnyNY2gh45:1 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Tue, 07 Apr 2020 08:58:10 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1586249647623
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fci.security%252F%26time%3D1586249647623%26liSy...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1586249647623&liSync=true

0
80 B

169ms
168ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1586249647623&liSync=true
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 07 Apr 2020 08:54:08 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: uPtcjaZ9AxYwRWMgASsAAA==

Redirect headers

date: Tue, 07 Apr 2020 08:54:07 GMT
x-content-type-options: nosniff
linkedin-action: 1
status: 302
strict-transport-security: max-age=2592000
content-length: 0
x-li-uuid: gG6lgaZ9AxbArCDL/ioAAA==
server: Play
pragma: no-cache
x-li-pop: prod-efr5
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1586249647623&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 467ms
118ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=20406435&version=2.0&ref=https%3A%2F%2Fci.security%2F&r=1586249647697
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 07 Apr 2020 08:54:08 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=28
Content-Length: 43

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 419 B
921 B 272ms
109ms XHR
application/json 143.204.97.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fci.security%2F&page_title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&key=ef6f04d2df1cbefc03f9dae82644e767&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/97379541.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-30.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: d6aa0a3fb59311452b5c6f0d1bc9310e2c24ad96d6fab5f9dbc45c6fe561b22a

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 07 Apr 2020 08:54:08 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
request-id: d4318ba1-4c24-4dba-a0cd-cb343bda6133
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://ci.security
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XdG_tV6lzzuMsyG57uKEEIfz0FLL7blleEbb-HgfVmQGFAD2gWiBYg==
expires: Mon, 06 Apr 2020 08:54:08 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AACxXk69GH8AAA_wyz9gKg
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACxXk69GH8AAA_wyz9gKg&verifyHash=adbb815e0c81d57387e458065e7b8cd3fac155aa

26 B
408 B

120ms
119ms

Image
image/gif

13.225.73.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACxXk69GH8AAA_wyz9gKg&verifyHash=adbb815e0c81d57387e458065e7b8cd3fac155aa
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.16 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-16.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:54:08 GMT
Via: 1.1 d9bf8acc1da383db4531789bbb03ac07.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 5cbc0b621f4a12ae
X-Amz-Cf-Id: xyFoiJr5AqRy_BGt5vj_oDYfbz3vu3PRbS871q_h2oKit5W6Z3JtkA==

Redirect headers

Date: Tue, 07 Apr 2020 08:54:08 GMT
Via: 1.1 d9bf8acc1da383db4531789bbb03ac07.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AACxXk69GH8AAA_wyz9gKg&verifyHash=adbb815e0c81d57387e458065e7b8cd3fac155aa
Connection: keep-alive
trace-id: 56017b5ef3b84439
Content-Length: 0
X-Amz-Cf-Id: y6uf5SwIBCegypi2ZUxxTYA3hKT148nU8GtWv7Fqc1E_qFAIStsb3Q==

GET
H2 200 collect
www.google-analytics.com/ 35 B
108 B 6ms
5ms Image
image/gif 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&a=2139517419&t=event&ni=1&_s=2&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAUAB~&jid=&gjid=&cid=240509649.1586249647&tid=UA-72734021-3&_gid=68507398.1586249647&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Switzerland&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=943984770

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 04 Apr 2020 05:47:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 270425
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 434ms
108ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 07 Apr 2020 08:54:09 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Fri, 13 Mar 2020 17:27:39 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Thu, 07 Apr 2022 08:54:09 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 34 KB
11 KB 61ms
21ms Script
text/javascript 23.213.164.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.164.149 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-164-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 19c904aaa555d91d75c5b3682e3f358ba5af4c302339d63c9e464f53d8708ff8

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: EEryoP57M4BXSHtGt9JFNoNG_YhGzXxp
Content-Encoding: gzip
x-amz-request-id: 5B64FB7E0A29A18E
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 07 Apr 2020 08:54:08 GMT
Connection: keep-alive
Content-Length: 10905
x-amz-id-2: cyhtZzUMRRH+3azNobhgA/owi1TOIrHigGwio+Vd/0CCKLcw4WcCHJh++0vWdWKuZdO/e9F4VUU=
Last-Modified: Wed, 01 Apr 2020 18:03:06 GMT
Server: AmazonS3
ETag: "9884704eb3fc99427eb5b90c4bbab62c"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

34ms
34ms

Script
application/javascript

23.213.164.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.164.149 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-164-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: oJIzvk_mmLAXF5iekxvT5NnrQtQSmq7M
Content-Encoding: gzip
x-amz-request-id: CC0F73FCFF952524
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 07 Apr 2020 08:54:09 GMT
Connection: keep-alive
Content-Length: 48
x-amz-id-2: l2SuY/Zqhw+xyJkj7InfvqoJzNpqh9IGnRBj0DT2XibyJ/lFEH5SE9WbzHsCVnMaz+lknVzoYg8=
Last-Modified: Thu, 02 Apr 2020 22:43:50 GMT
Server: AmazonS3
ETag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Tue, 07 Apr 2020 08:54:09 GMT
Server: AkamaiGHost
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/ 0
773 B 257ms
215ms Script
text/javascript 23.213.164.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.164.149 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-164-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: KyPErJKknYY29dYFt8cGovvE9QZThmi8
Content-Encoding: gzip
x-amz-request-id: A99B087014E6C085
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 07 Apr 2020 08:54:09 GMT
Connection: keep-alive
Content-Length: 20
x-amz-id-2: 1MLaNYOkr/9GQBTr0Gs9avHQYNnKvtObLZ7PAUqnHwynnUf7XAN2mAVZGLuGBs15UzBcLNCQQFE=
Last-Modified: Mon, 06 Apr 2020 14:17:56 GMT
Server: AmazonS3
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=91b0c9ac1cfbf7f486b5817c4ddd03a9&_b=2
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=91b0c9ac1cfbf7f486b5817c4ddd03a9&_b=2

116 B
584 B

45ms
43ms

Script
application/javascript

52.30.46.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=91b0c9ac1cfbf7f486b5817c4ddd03a9&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.46.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-46-216.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: d8e4f903f6f957463b6b17228acbd4a35b1e233d7841097d2053599d843c84e3

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
content-length: 116

Redirect headers

status: 302
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=91b0c9ac1cfbf7f486b5817c4ddd03a9&_b=2

GET
H/1.1

200
OK

536ODFE4MFHZHICGAUOOMU.js Show response
s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/
Redirect Chain

https://d.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&pv=13079504754.69566&...
https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js

5 KB
2 KB

227ms
207ms

Script
text/javascript

23.213.164.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.164.149 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-164-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 128feaf8cc76780acc6ee067cf49047a223a58adfb0e70b8c310d5f2f8c9135b

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: SI6FrrqIszDC3g2liGduMDtFVkQty2Ey
Content-Encoding: gzip
x-amz-request-id: AA723875026C7ED5
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 07 Apr 2020 08:54:09 GMT
Connection: keep-alive
Content-Length: 1777
x-amz-id-2: 2yo2qJju45pZ/4i6uaQ2MncvyHe2FNs0LnOewzPcwitQdBjpq9UKeXtN7/dzk6BiGLzL+nTuSV8=
Last-Modified: Wed, 12 Feb 2020 01:15:34 GMT
Server: AmazonS3
ETag: "6bfbb1c93897f512bad3b6b622f98999"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

date: Tue, 07 Apr 2020 08:54:09 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.16.1
x-rule: *
x-segment-eid: 536ODFE4MFHZHICGAUOOMU
location: https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: TSOEJUVR2RDQTK7UULEUDW
x-segment-name: *
x-advertisable-eid: PVQ657GQDFFXLFGCNQJYZN
x-conversion-currency

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 2 KB
2 KB 360ms
360ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&url=https%3A%2F%2Fci.security%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 0154b4aef0d16f095e7f7fe64f780ac7429088ebcba6123337c90f9e10221f61

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:09 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 17/1/180
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 845
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET fbevents.js
connect.facebook.net/en_US/ 0
0

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 21ms
20ms Script
text/javascript 23.213.164.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/pixel/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/536ODFE4MFHZHICGAUOOMU.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.164.149 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-164-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding: gzip
x-amz-request-id: E2F067B4E9F95C64
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 07 Apr 2020 08:54:09 GMT
Connection: keep-alive
Content-Length: 2039
x-amz-id-2: zahNXUrZcHvPMHZ5OZzeA/pmU+ThIaY+/c27IjCJ/f8DH693VdK16PYXiwNkUgRleJPaNozozcA=
Last-Modified: Mon, 03 Feb 2020 20:32:06 GMT
Server: AmazonS3
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://pixel.advertising.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP585f7e91-78ad-11ea-a537-06...
https://ups.analytics.yahoo.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP585f7e91-78ad-11ea-a537-06...

0
977 B

24ms
23ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP585f7e91-78ad-11ea-a537-063e30d52302&verify=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.106 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 07 Apr 2020 08:54:09 GMT
Server: ATS/7.1.2.106
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date: Tue, 07 Apr 2020 08:54:09 GMT
Server: ATS/7.1.2.106
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP585f7e91-78ad-11ea-a537-063e30d52302&verify=true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expiration=1617785649
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expiration=1617785649&C=1

43 B
1003 B

35ms
34ms

Image
image/gif

23.213.165.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expiration=1617785649&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.44 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-44.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:09 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Apr 2020 08:54:09 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:09 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expiration=1617785649&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Tue, 07 Apr 2020 08:54:09 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expires=365

42 B
797 B

95ms
24ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&expires=365
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 124

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&rdrctExp=true

0
450 B

119ms
119ms

Image
text/plain

70.42.32.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&rdrctExp=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-TraceId: cfb3ee17b89e6a0bbfd0a9aec9265889
Date: Tue, 07 Apr 2020 08:54:09 GMT
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&rdrctExp=true
Date: Tue, 07 Apr 2020 08:54:09 GMT
X-TraceId: f55568c0bf3c7662002a48cfecfd2848
Content-Length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
1010 B

140ms
34ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:09 GMT
X-lat: Pug23027:0:323
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Cache-Control: no-store, no-cache, private
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
X-Cnection: close
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 220

GET
H2

200

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
500 B

45ms
44ms

Image
image/gif

52.30.46.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.46.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-46-216.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42

Redirect headers

date: Tue, 07 Apr 2020 08:54:09 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status: 302
x-content-type-options: nosniff
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

0
282 B

72ms
28ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Tue, 07 Apr 2020 08:54:09 GMT
via: 1.1 varnish
server: nginx
x-timer: S1586249650.682762,VS0,VE8
x-served-by: cache-hhn4049-HHN
x-cache: MISS
status: 204
accept-ranges: bytes
x-cache-hits: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://eb2.3lift.com/xuid?mid=4714&xuid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

21ms
21ms

Image
image/gif

52.57.79.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.79.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-79-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 07 Apr 2020 08:54:09 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 37
content-type: image/gif

Redirect headers

status: 302
date: Tue, 07 Apr 2020 08:54:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://x.bidswitch.net/sync?dsp_id=44&user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

43 B
380 B

21ms
21ms

Image
image/gif

52.59.91.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.91.136 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-91-136.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 07 Apr 2020 08:54:09 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

Redirect headers

status: 302
date: Tue, 07 Apr 2020 08:54:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://ib.adnxs.com/setuid?entity=172&code=YmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

43 B
1 KB

34ms
34ms

Image
image/gif

185.33.223.203
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.203 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

317.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:11 GMT
AN-X-Request-Uuid: c55988fc-15c4-4e87-a485-d9d6843d62fb
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 195.242.213.148; 195.242.213.148; 317.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.56:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:11 GMT
AN-X-Request-Uuid: 41936ae1-d17a-4b01-9b66-1e9995ee43ae
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYmNkZTUzMzU3MTQ3NDIyNGQzZWI0MmQ4NzFlMTI2ZWU
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 195.242.213.148; 195.242.213.148; 317.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.21:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://idsync.rlcdn.com/377928.gif?partner_uid=bcde533571474224d3eb42d871e126ee

0
62 B

171ms
128ms

Image
text/plain

35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=bcde533571474224d3eb42d871e126ee
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Tue, 07 Apr 2020 08:54:09 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
server: nginx/1.16.1
location: https://idsync.rlcdn.com/377928.gif?partner_uid=bcde533571474224d3eb42d871e126ee
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
cache-control: no-store, no-cache, must-revalidate
content-length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN
https://us-u.openx.net/w/1.0/sd?id=537103138&val=bcde533571474224d3eb42d871e126ee
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=bcde533571474224d3eb42d871e126ee

43 B
183 B

31ms
31ms

Image
image/gif

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=bcde533571474224d3eb42d871e126ee
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.182.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 08:54:09 GMT
via: 1.1 google
server: OXGW/16.182.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 07 Apr 2020 08:54:09 GMT
via: 1.1 google
server: OXGW/16.182.1
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=bcde533571474224d3eb42d871e126ee
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET out
d.adroll.com/cm/g/ 0
0

GET
H/1.0 200
OK analytics Show response
cybersecurity.ci.security/ 53 B
1 KB 573ms
222ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cybersecurity.ci.security/analytics?conly=true&visitor_id=738589755&visitor_id_sign=31a33db109ca32371faf2d15144187471e77943d7e89b886f14d96c95a64cef642cdaa5f039ab6c6a159fc56147a74637e63e46b&pi_opt_in=&campaign_id=20750&account_id=415142&title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&url=https%3A%2F%2Fci.security%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&url=https%3A%2F%2Fci.security%2F&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: a3663aa6b825e077ddf40b6e5e49fd5d57b8174f06afb0aa37fe86ac9ebfd698

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 08:54:10 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/90/70
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 53
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET pixel
cm.g.doubleclick.net/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: stats.g.doubleclick.net
URL: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=240509649.1586249647&jid=268667083&_gid=68507398.1586249647&gjid=810689983&_v=j81&z=494820579

Domain: www.google.com
URL: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=240509649.1586249647&jid=268667083&_v=j81&z=494820579

Domain: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Domain: d.adroll.com
URL: https://d.adroll.com/cm/g/out?adroll_fpc=d7131f02c0f082784a2aa739437be649-1586249649135&arrfrr=https%3A%2F%2Fci.security%2F&xid_ch=f&advertisable=PVQ657GQDFFXLFGCNQJYZN&google_nid=adroll5

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=vN5TNXFHQiTT60LYceEm7g

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ci.security/	1970-01-19 08:37:29	Name: _gat_gtag_UA_72734021_3 Value: 1
.ci.security/	1970-01-19 08:38:56	Name: _gid Value: GA1.2.68507398.1586249647
.ci.security/	1970-01-20 02:08:41	Name: _ga Value: GA1.2.240509649.1586249647

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://ci.security/(Line 5) Message: Production GA Script

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; font-src 'self' data: .googleusercontent.com; media-src 'self' .thekraken.xyz; manifest-src 'self';script-src 'self' 'nonce-11349245358781299867480078246945' .google-analytics.com 'nonce-5483687168' s.ytimg.com .ci.security .bamboohr.com .adroll.com .adroll.mgr.consensu.org .linkedin.com .licdn.com .demandbase.com .techtarget.com static.doubleclick.net .googletagmanager.com googleads.g.doubleclick.net .pardot.com; style-src 'self' 'unsafe-inline' .bamboohr.com; img-src 'self' data: 'unsafe-inline' cms.thekraken.xyz .company-target.com .linkedin.com .adroll.com .casalemedia.com www.google-analytics.com .twitter.com .bidr.io .techtarget.com stats.g.doubleclick.net .advertising.com .casalemedia.com .rubiconproject.com .outbrain.com .pubmatic.com .yahoo.com .taboola.com/sg/adroll-network .3lift.com .bidswitch.net .adnxs.com .rlcdn.com .openx.net .bamboohr.com .pardot.com s.ytimg.com; connect-src 'self' .google-analytics.com .ci.security .google.com .bamboohr.com .twitter.com .demandbase.com .company-target.com .youtube.com; frame-src 'self' .youtube.com .ci.security .pardot.com .bamboohr.com .twitter.com .google.com .google-analytics.com; frame-ancestors 'self' .driftt.com .bamboohr.com .youtube.com; form-action 'self' .ci.security ci.security *.pardot.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
api.company-target.com
apt.techtarget.com
ci.security
ci.security.admin-eu2.cas.ms
cm.g.doubleclick.net
connect.facebook.net
cybersecurity.ci.security
d.adroll.com
d.adroll.mgr.consensu.org
dsum-sec.casalemedia.com
eb2.3lift.com
ib.adnxs.com
idsync.rlcdn.com
match.prod.bidr.io
pi.pardot.com
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
tag.demandbase.com
trc.taboola.com
trk.techtarget.com
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
x.bidswitch.net
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
stats.g.doubleclick.net
www.google.com
13.225.73.16
13.225.73.42
143.204.97.30
151.101.113.44
163.171.132.119
185.33.223.203
185.64.190.80
20.40.134.79
206.19.49.24
207.38.86.153
23.213.164.149
23.213.165.44
2a00:1288:f03d:1fa::4000
2a00:1450:4001:817::200e
2a00:1450:4001:81d::2008
2a02:26f0:3100:2b0::25ea
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
3.123.244.246
3.126.56.137
34.95.120.147
35.174.151.106
35.190.72.21
52.214.123.193
52.30.46.216
52.57.79.171
52.59.91.136
69.173.144.165
70.42.32.127
0154b4aef0d16f095e7f7fe64f780ac7429088ebcba6123337c90f9e10221f61
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0
072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6
128feaf8cc76780acc6ee067cf49047a223a58adfb0e70b8c310d5f2f8c9135b
1422b530e11686be18d89bcd9f619a20317443f1dba344d8ffd860360c204e75
14665baaaaa488802ebe0045addfbbf4f0ad23ac394f8dbda1ad4f4abc810030
15c730c302225ad29a32a1852a683e1c02f45e4e8a018bef6c7901a51458e62d
19c904aaa555d91d75c5b3682e3f358ba5af4c302339d63c9e464f53d8708ff8
1af8e1af229dc12ad3ed3c2789723eb06cdf85ff695eaad000707dad8dde48e9
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1e0c11bc716611c019190874ecf1cc32986016eb45a525e592d7401052d9024b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d3da79e30106d0881131e8aea414939db009feab9eaa18a7c7c3e8534ac61aa
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
45780f9004f49b43678a975c549852684bd5b480319aa077e70d795da9099def
4a7acdea55252ab19b8c6e010eb38e2c11e87fee77e390798ce207b13b883d2d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
689e0fa64d98bb75fbce794c71e8678839090e60304c51123e8351bcd8a31f46
7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d9355326120ed7eff93bae35896afd0c6c0d3fe5644c1ea1ac0b1eff99d6c48
a3663aa6b825e077ddf40b6e5e49fd5d57b8174f06afb0aa37fe86ac9ebfd698
a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
d6aa0a3fb59311452b5c6f0d1bc9310e2c24ad96d6fab5f9dbc45c6fe561b22a
d8e4f903f6f957463b6b17228acbd4a35b1e233d7841097d2053599d843c84e3
de2ab805d9a0d28cbc9bcb5a4adf47ba419db64e21b94330cc97eb57fe9467c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fa054d5164ed9515b85fe4680e8cb9f5bb0b7752ea1be6920cdbaf412f3aed67
faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

ci.security Open in urlscan Pro 207.38.86.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

51 Requests

90 %HTTPS

21 %IPv6

28 Domains

35 Subdomains

25 IPs

7 Countries

7129 kBTransfer

7283 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

90 %
HTTPS

21 %
IPv6

28
Domains

35
Subdomains

25
IPs

7
Countries

7129 kB
Transfer

7283 kB
Size

3
Cookies

51 HTTP transactions
2 data transactions