urlscan.io logo urlscan.io
SecurityTrails logo

threatpost.com Open in urlscan Pro
35.173.160.135  Public Scan

Go To Rescan Add Verdict Report
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Submission: On May 31 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 90 IPs in 8 countries across 82 domains to perform 364 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 152409.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.
This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 35.173.160.135 14618 (AMAZON-AES)
9 143.204.98.66 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700:303... 13335 (CLOUDFLAR...)
11 2600:9000:215... 16509 (AMAZON-02)
3 11 2a00:1450:400... 15169 (GOOGLE)
1 185.85.15.31 200107 (KL-EXT)
5 143.204.95.188 16509 (AMAZON-02)
1 9 151.101.130.137 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
10 142.251.37.98 15169 (GOOGLE)
1 23.206.210.112 16625 (AKAMAI-AS)
1 46.105.202.126 16276 (OVH)
6 2a00:1450:400... 15169 (GOOGLE)
3 5 2620:116:800d... 16509 (AMAZON-02)
1 199.232.136.157 54113 (FASTLY)
2 52.212.178.2 16509 (AMAZON-02)
1 64.140.160.2 18450 (WEBNX)
1 63.32.228.167 16509 (AMAZON-02)
2 15.236.176.210 16509 (AMAZON-02)
1 1 54.154.144.208 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.195 13414 (TWITTER)
7 151.101.2.137 54113 (FASTLY)
10 18.220.70.240 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 141.95.98.69 16276 (OVH)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 4 216.52.2.30 30282 (AS-INAPCD...)
3 3.122.214.173 16509 (AMAZON-02)
6 159.89.246.130 14061 (DIGITALOC...)
5 52.28.203.152 16509 (AMAZON-02)
5 213.19.147.43 3356 (LEVEL3)
3 185.64.189.112 62713 (AS-PUBMATIC)
3 23.32.59.34 16625 (AKAMAI-AS)
1 3 145.40.89.200 54825 (PACKET)
11 52.210.150.207 16509 (AMAZON-02)
4 2602:803:c004... 26667 (RUBICONPR...)
9 34.98.64.218 15169 (GOOGLE)
1 52.57.64.227 16509 (AMAZON-02)
4 13 37.252.172.38 29990 (ASN-APPNEX)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
12 2a00:1450:400... 15169 (GOOGLE)
15 2a00:1450:400... 15169 (GOOGLE)
3 4 2620:1ec:22::14 8068 (MICROSOFT...)
1 13.107.43.14 8068 (MICROSOFT...)
1 2 142.250.184.198 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
3 151.101.65.108 54113 (FASTLY)
6 23.35.236.201 16625 (AKAMAI-AS)
4 11 23.35.236.247 16625 (AKAMAI-AS)
3 3 185.29.134.248 30419 (MEDIAMATH...)
4 4 37.157.6.241 198622 (ADFORM)
1 9 35.244.159.8 15169 (GOOGLE)
6 52.223.40.198 16509 (AMAZON-02)
3 9 172.217.18.98 15169 (GOOGLE)
4 23.205.235.133 16625 (AKAMAI-AS)
1 2620:1ec:49::45 8075 (MICROSOFT...)
1 143.204.98.64 16509 (AMAZON-02)
1 76.223.111.18 16509 (AMAZON-02)
1 35.227.252.103 15169 (GOOGLE)
2 3 2a05:d018:d29... 16509 (AMAZON-02)
2 2 18.158.156.180 16509 (AMAZON-02)
5 5 35.157.246.2 16509 (AMAZON-02)
2 2 18.195.12.34 16509 (AMAZON-02)
1 52.210.200.111 16509 (AMAZON-02)
2 3 18.195.155.181 16509 (AMAZON-02)
2 2 193.0.160.128 ()
2 178.162.133.149 60781 (LEASEWEB-...)
2 2 35.157.154.128 16509 (AMAZON-02)
3 3 18.156.0.31 16509 (AMAZON-02)
6 54.75.147.219 16509 (AMAZON-02)
1 67.202.105.24 32748 (STEADFAST)
1 51.89.9.254 16276 (OVH)
1 2 185.86.137.107 201081 (SMARTADSE...)
7 10 69.173.144.165 26667 (RUBICONPR...)
1 1 72.251.249.9 29791 (VOXEL-DOT...)
1 1 54.226.216.14 14618 (AMAZON-AES)
4 4 213.19.147.45 26120 (RHYTHMONE)
1 1 37.252.173.38 29990 (ASN-APPNEX)
1 13 34.247.233.198 16509 (AMAZON-02)
2 2 35.210.53.219 19527 (GOOGLE-2)
3 3 70.42.32.127 22075 (AS-OUTBRAIN)
1 66.155.71.25 ()
1 1 34.205.3.24 ()
1 1 34.233.85.84 ()
1 1 193.122.128.135 31898 (ORACLE-BM...)
1 169.197.150.8 398989 (DEEPINTENT)
2 2 70.42.32.95 ()
1 1 69.192.160.219 ()
2 2 54.229.131.207 16509 (AMAZON-02)
1 1 198.148.27.139 19189 (PULSEPOINT)
1 1 151.101.130.49 54113 (FASTLY)
1 1 202.241.208.57 ()
2 2 185.184.8.90 204995 (RTB-HOUSE...)
1 1 23.75.240.210 16625 (AKAMAI-AS)
4 7 209.54.180.3 ()
1 141.226.228.48 200478 (TABOOLA-AS)
1 192.132.33.46 ()
1 1 34.111.151.213 15169 (GOOGLE)
2 3 52.95.119.178 16509 (AMAZON-02)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 2 34.196.247.148 14618 (AMAZON-AES)
1 3 185.86.139.106 201081 (SMARTADSE...)
1 1 85.114.159.118 24961 (MYLOC-AS ...)
1 8.2.111.142 46636 (NATCOWEB)
364 90
44    35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com
threatpost.com
kasperskycontenthub.com
9    143.204.98.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-66.fra50.r.cloudfront.net
tagan.adlightning.com
1    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
7    2606:4700:3030::ac43:cf70 (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
11    2600:9000:2156:5c00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)
media.threatpost.com
11    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)
media.kaspersky.com
5    143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net
c.amazon-adsystem.com
9    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
capi.connatix.com
img.connatix.com
5    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
www.google.de
10    142.251.37.98 (United States)

ASN15169 (GOOGLE, US)
PTR: prg03s13-in-f2.1e100.net
securepubads.g.doubleclick.net
pubads.g.doubleclick.net
1    23.206.210.112 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-210-112.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    46.105.202.126 (France)

ASN16276 (OVH, FR)
cdn.id5-sync.com
6    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    52.212.178.2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-178-2.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com
geo.ipify.org
1    63.32.228.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-228-167.eu-west-1.compute.amazonaws.com
kaspersky.demdex.net
2    15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
kaspersky.d3.sc.omtrdc.net
1    54.154.144.208 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-144-208.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    2600:9000:2156:4000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
7    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
lit.connatix.com
vid.connatix.com
10    18.220.70.240 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-220-70-240.us-east-2.compute.amazonaws.com
capi-tier-2-us-east-2.connatix.com
4    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    141.95.98.69 (France)

ASN16276 (OVH, FR)
PTR: ns3216534.ip-141-95-98.eu
id5-sync.com
2    2a00:1450:400c:c03::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
1    2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
4    216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
3    3.122.214.173 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-173.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
6    159.89.246.130 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
x.serverbid.com
5    52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
c2shb.pubgw.yahoo.com
5    213.19.147.43 (Utrecht, Netherlands)

ASN3356 (LEVEL3, US)
tag.1rx.io
3    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
3    23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
3    145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
11    52.210.150.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
ads.servenobid.com
4    2602:803:c004:200::143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
9    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
teachingaids-d.openx.net
u.openx.net
eu-u.openx.net
us-u.openx.net
1    52.57.64.227 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-64-227.eu-central-1.compute.amazonaws.com
tlx.3lift.com
13    37.252.172.38 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
5    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
9    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com
1    2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
12    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
15    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
4    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net
9582686.fls.doubleclick.net
3    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
3    151.101.65.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
6    23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
11    23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com
js-sec.indexww.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
3    185.29.134.248 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
4    37.157.6.241 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
9    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
eu-u.openx.net
us-u.openx.net
6    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
9    172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net
cm.g.doubleclick.net
4    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    2620:1ec:49::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
1    143.204.98.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-64.fra50.r.cloudfront.net
sync.serverbid.com
1    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
3    2a05:d018:d29:3605:2e02:fe1c:9c40:529 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
2    18.158.156.180 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-156-180.eu-central-1.compute.amazonaws.com
pm.w55c.net
5    35.157.246.2 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-2.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    18.195.12.34 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-12-34.eu-central-1.compute.amazonaws.com
ads.creative-serving.com
1    52.210.200.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-200-111.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
3    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
2    193.0.160.128 (None, )

ASN- ()
p.rfihub.com
2    178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
2    35.157.154.128 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-154-128.eu-central-1.compute.amazonaws.com
pixel.advertising.com
3    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
6    54.75.147.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
1    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
pixel.33across.com
1    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
2    185.86.137.107 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
10    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
1    72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ce.lijit.com
1    54.226.216.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-216-14.compute-1.amazonaws.com
x.yieldlift.com
4    213.19.147.45 (Utrecht, Netherlands)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
1    37.252.173.38 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
13    34.247.233.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
2    35.210.53.219 (Brussels, Belgium)

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com
pool.admedo.com
3    70.42.32.127 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    66.155.71.25 (None, )

ASN- ()
pixel-sync.sitescout.com
1    34.205.3.24 (None, )

ASN- ()
sync.srv.stackadapt.com
1    34.233.85.84 (None, )

ASN- ()
sync.ipredictive.com
1    193.122.128.135 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    70.42.32.95 (None, )

ASN- ()
b1sync.zemanta.com
1    69.192.160.219 (None, )

ASN- ()
stags.bluekai.com
2    54.229.131.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-131-207.eu-west-1.compute.amazonaws.com
ad.360yield.com
1    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    202.241.208.57 (None, )

ASN- ()
tg.socdm.com
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
1    23.75.240.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
7    209.54.180.3 (None, )

ASN- ()
s.amazon-adsystem.com
1    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
1    192.132.33.46 (None, )

ASN- ()
bttrack.com
1    34.111.151.213 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com
dmp.brand-display.com
3    52.95.119.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
2    34.196.247.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-247-148.compute-1.amazonaws.com
um2.eqads.com
3    185.86.139.106 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    85.114.159.118 (Sankt Georgen im Schwarzwald, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
1    8.2.111.142 (United States)

ASN46636 (NATCOWEB, US)
cs.admanmedia.com
Apex Domain
Subdomains		 Transfer
53 threatpost.com
threatpost.com — Cisco Umbrella Rank: 152409
media.threatpost.com — Cisco Umbrella Rank: 370210
828 KB
26 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 173
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
pubads.g.doubleclick.net — Cisco Umbrella Rank: 479
9582686.fls.doubleclick.net — Cisco Umbrella Rank: 341777
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
cm.g.doubleclick.net — Cisco Umbrella Rank: 191
172 KB
26 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3085
cds.connatix.com — Cisco Umbrella Rank: 3207
capi.connatix.com — Cisco Umbrella Rank: 3465
lit.connatix.com — Cisco Umbrella Rank: 6829
capi-tier-2-us-east-2.connatix.com — Cisco Umbrella Rank: 4481
vid.connatix.com — Cisco Umbrella Rank: 3911
img.connatix.com — Cisco Umbrella Rank: 3790
2 MB
22 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 136
204 KB
19 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1382
usersync.gumgum.com — Cisco Umbrella Rank: 1794
rtb.gumgum.com — Cisco Umbrella Rank: 1119
6 KB
19 openx.net
teachingaids-d.openx.net — Cisco Umbrella Rank: 23635
u.openx.net — Cisco Umbrella Rank: 699
eu-u.openx.net — Cisco Umbrella Rank: 1641
us-u.openx.net — Cisco Umbrella Rank: 348
rtb.openx.net — Cisco Umbrella Rank: 1376
4 KB
19 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 445
eus.rubiconproject.com — Cisco Umbrella Rank: 530
pixel.rubiconproject.com — Cisco Umbrella Rank: 306
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 977
token.rubiconproject.com — Cisco Umbrella Rank: 644
29 KB
17 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 214
acdn.adnxs.com — Cisco Umbrella Rank: 550
secure.adnxs.com — Cisco Umbrella Rank: 391
72 KB
16 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 70
3 KB
15 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 308
325 KB
15 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 280
s.amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1099
50 KB
12 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1663
public.servenobid.com — Cisco Umbrella Rank: 3316
8 KB
12 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 820
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 942
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 452
ups.analytics.yahoo.com — Cisco Umbrella Rank: 279
ads.yahoo.com — Cisco Umbrella Rank: 1013
4 KB
11 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 439
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 494
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 518
11 KB
9 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 416
ads.pubmatic.com — Cisco Umbrella Rank: 413
35 KB
9 1rx.io
tag.1rx.io — Cisco Umbrella Rank: 1201
sync.1rx.io — Cisco Umbrella Rank: 499
3 KB
9 adlightning.com
tagan.adlightning.com — Cisco Umbrella Rank: 1378
208 KB
7 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 3133
sync.serverbid.com — Cisco Umbrella Rank: 6227
x.serverbid.com — Cisco Umbrella Rank: 7210
2 KB
7 admetricspro.com
qd.admetricspro.com — Cisco Umbrella Rank: 24028
338 KB
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 329
2 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
40 KB
5 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1156
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 565
2 KB
5 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 269
3 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 320
www.linkedin.com — Cisco Umbrella Rank: 560
px4.ads.linkedin.com — Cisco Umbrella Rank: 5318
4 KB
5 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 575
ce.lijit.com — Cisco Umbrella Rank: 821
2 KB
5 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 890
pixel.quantserve.com — Cisco Umbrella Rank: 412
11 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
397 KB
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 539
2 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 358
mug.criteo.com — Cisco Umbrella Rank: 2958
1 KB
4 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 381
743 KB
3 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 706
1 KB
3 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 837
487 B
3 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 409
2 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 586
5 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 6117
adservice.google.de — Cisco Umbrella Rank: 8526
1 KB
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1087
1 KB
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 953
337 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1742
mp.4dex.io — Cisco Umbrella Rank: 2245
24 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 194
kaspersky.demdex.net — Cisco Umbrella Rank: 265278
5 KB
2 eqads.com
um2.eqads.com — Cisco Umbrella Rank: 3211
563 B
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 649
695 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 622
622 B
2 zemanta.com
b1sync.zemanta.com
1 KB
2 admedo.com
pool.admedo.com — Cisco Umbrella Rank: 4349
752 B
2 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 460
626 B
2 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 883
948 B
2 rfihub.com
p.rfihub.com
1 KB
2 creative-serving.com
ads.creative-serving.com — Cisco Umbrella Rank: 3455
1 KB
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 802
1 KB
2 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 533
eb2.3lift.com — Cisco Umbrella Rank: 372
646 B
2 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 923
sync-tm.everesttech.net — Cisco Umbrella Rank: 536
747 B
2 omtrdc.net
kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 228867
559 B
2 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1452
id5-sync.com — Cisco Umbrella Rank: 600
12 KB
2 gstatic.com
www.gstatic.com
288 KB
2 kasperskycontenthub.com
kasperskycontenthub.com — Cisco Umbrella Rank: 390628
1 KB
1 admanmedia.com
cs.admanmedia.com — Cisco Umbrella Rank: 1379
225 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1476
487 B
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1692
366 B
1 bttrack.com
bttrack.com
380 B
1 taboola.com
sync.taboola.com — Cisco Umbrella Rank: 835
99 B
1 socdm.com
tg.socdm.com
697 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 529
388 B
1 bluekai.com
stags.bluekai.com
1 KB
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 811
44 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1009
338 B
1 ipredictive.com
sync.ipredictive.com
433 B
1 stackadapt.com
sync.srv.stackadapt.com
577 B
1 sitescout.com
pixel-sync.sitescout.com
191 B
1 yieldlift.com
x.yieldlift.com — Cisco Umbrella Rank: 3542
593 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 741
1 33across.com
pixel.33across.com — Cisco Umbrella Rank: 2241
1 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 464
430 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 760
3 KB
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 242
17 KB
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 506
356 B
1 t.co
t.co — Cisco Umbrella Rank: 505
337 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 862
354 B
1 ipify.org
geo.ipify.org — Cisco Umbrella Rank: 63108
628 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 608
15 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1323
17 KB
1 kaspersky.com
media.kaspersky.com — Cisco Umbrella Rank: 135924
49 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 163
28 KB
364 82
Domain Requested by
42 threatpost.com threatpost.com
15 cdn.ampproject.org threatpost.com
13 usersync.gumgum.com 1 redirects g2.gumgum.com
13 ib.adnxs.com 4 redirects qd.admetricspro.com
cds.connatix.com
acdn.adnxs.com
12 tpc.googlesyndication.com tagan.adlightning.com
threatpost.com
11 ads.servenobid.com qd.admetricspro.com
public.servenobid.com
g2.gumgum.com
ssum-sec.casalemedia.com
ssbsync.smartadserver.com
11 www.google.com 3 redirects threatpost.com
tagan.adlightning.com
11 media.threatpost.com threatpost.com
10 capi-tier-2-us-east-2.connatix.com cd.connatix.com
9 cm.g.doubleclick.net 3 redirects u.openx.net
g2.gumgum.com
ssum-sec.casalemedia.com
9 pagead2.googlesyndication.com srcdoc
securepubads.g.doubleclick.net
tpc.googlesyndication.com
9 tagan.adlightning.com threatpost.com
tagan.adlightning.com
7 s.amazon-adsystem.com 4 redirects ssum-sec.casalemedia.com
ssbsync.smartadserver.com
7 eu-u.openx.net u.openx.net
qd.admetricspro.com
eu-u.openx.net
7 securepubads.g.doubleclick.net tagan.adlightning.com
www.googletagservices.com
securepubads.g.doubleclick.net
threatpost.com
7 qd.admetricspro.com threatpost.com
qd.admetricspro.com
6 match.adsrvr.org u.openx.net
sync.serverbid.com
g2.gumgum.com
ssum-sec.casalemedia.com
6 us-u.openx.net 1 redirects u.openx.net
eu-u.openx.net
6 ads.pubmatic.com cds.connatix.com
qd.admetricspro.com
sync.serverbid.com
public.servenobid.com
g2.gumgum.com
6 vid.connatix.com cd.connatix.com
cds.connatix.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
threatpost.com
5 token.rubiconproject.com 5 redirects
5 rtb.gumgum.com g2.gumgum.com
5 pixel.rubiconproject.com 2 redirects public.servenobid.com
g2.gumgum.com
5 x.bidswitch.net 5 redirects
5 adservice.google.com imasdk.googleapis.com
tagan.adlightning.com
9582686.fls.doubleclick.net
5 tag.1rx.io qd.admetricspro.com
cds.connatix.com
5 www.googletagmanager.com threatpost.com
www.googletagmanager.com
5 cds.connatix.com threatpost.com
cd.connatix.com
tagan.adlightning.com
5 c.amazon-adsystem.com qd.admetricspro.com
c.amazon-adsystem.com
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
um2.eqads.com
4 sync.1rx.io 4 redirects
4 ssum-sec.casalemedia.com 3 redirects public.servenobid.com
4 eus.rubiconproject.com qd.admetricspro.com
eus.rubiconproject.com
g2.gumgum.com
4 c1.adform.net 4 redirects
4 pixel.quantserve.com 3 redirects threatpost.com
4 fastlane.rubiconproject.com qd.admetricspro.com
4 ap.lijit.com 1 redirects qd.admetricspro.com
public.servenobid.com
4 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
3 rtb-csync.smartadserver.com 1 redirects ssbsync.smartadserver.com
3 aax-eu.amazon-adsystem.com 2 redirects
3 sync.outbrain.com 3 redirects
3 ups.analytics.yahoo.com 3 redirects
3 cs.emxdgt.com 2 redirects sync.serverbid.com
3 x.serverbid.com sync.serverbid.com
3 pr-bh.ybp.yahoo.com 2 redirects eu-u.openx.net
3 sync.mathtag.com 3 redirects
3 js-sec.indexww.com cds.connatix.com
qd.admetricspro.com
3 acdn.adnxs.com cds.connatix.com
qd.admetricspro.com
3 googleads.g.doubleclick.net threatpost.com
3 px.ads.linkedin.com 2 redirects
3 pubads.g.doubleclick.net imasdk.googleapis.com
3 teachingaids-d.openx.net qd.admetricspro.com
cds.connatix.com
3 prebid.a-mo.net 1 redirects qd.admetricspro.com
cds.connatix.com
3 htlb.casalemedia.com qd.admetricspro.com
cds.connatix.com
3 hbopenbid.pubmatic.com qd.admetricspro.com
cds.connatix.com
3 c2shb.ssp.yahoo.com qd.admetricspro.com
3 e.serverbid.com qd.admetricspro.com
sync.serverbid.com
3 btlr.sharethrough.com qd.admetricspro.com
2 um2.eqads.com 1 redirects ssum-sec.casalemedia.com
2 creativecdn.com 2 redirects
2 ad.360yield.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 pool.admedo.com 2 redirects
2 ssbsync.smartadserver.com 1 redirects public.servenobid.com
2 pixel.advertising.com 2 redirects
2 sync.go.sonobi.com sync.serverbid.com
public.servenobid.com
2 p.rfihub.com 2 redirects
2 ads.creative-serving.com 2 redirects
2 pm.w55c.net 2 redirects
2 u.openx.net cds.connatix.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 9582686.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 c2shb.pubgw.yahoo.com cds.connatix.com
2 www.google.de threatpost.com
2 script.4dex.io qd.admetricspro.com
script.4dex.io
2 stats.g.doubleclick.net www.google-analytics.com
2 img.connatix.com threatpost.com
2 kaspersky.d3.sc.omtrdc.net media.kaspersky.com
2 dpm.demdex.net media.kaspersky.com
threatpost.com
2 www.gstatic.com www.google.com
2 kasperskycontenthub.com threatpost.com
1 cs.admanmedia.com ssbsync.smartadserver.com
1 dsp.adfarm1.adition.com 1 redirects
1 ads.yahoo.com
1 dmp.brand-display.com 1 redirects
1 bttrack.com ssum-sec.casalemedia.com
1 sync.taboola.com ssum-sec.casalemedia.com
1 secure-assets.rubiconproject.com 1 redirects
1 tg.socdm.com 1 redirects
1 sync-tm.everesttech.net 1 redirects
1 bh.contextweb.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com g2.gumgum.com
1 sync.technoratimedia.com 1 redirects
1 sync.ipredictive.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 pixel-sync.sitescout.com g2.gumgum.com
1 secure.adnxs.com 1 redirects
1 x.yieldlift.com 1 redirects
1 ce.lijit.com 1 redirects
1 onetag-sys.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 match.prod.bidr.io eu-u.openx.net
1 rtb.openx.net eu-u.openx.net
1 eb2.3lift.com qd.admetricspro.com
1 sync.serverbid.com qd.admetricspro.com
1 public.servenobid.com qd.admetricspro.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.googletagmanager.com
1 44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.de tagan.adlightning.com
1 s0.2mdn.net imasdk.googleapis.com
1 tlx.3lift.com qd.admetricspro.com
1 mp.4dex.io qd.admetricspro.com
1 id5-sync.com cdn.id5-sync.com
1 lit.connatix.com cd.connatix.com
1 analytics.twitter.com threatpost.com
1 t.co threatpost.com
1 rules.quantcount.com secure.quantserve.com
1 cm.everesttech.net 1 redirects
1 kaspersky.demdex.net tagan.adlightning.com
1 capi.connatix.com cd.connatix.com
1 geo.ipify.org qd.admetricspro.com
1 static.ads-twitter.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 cdn.id5-sync.com tagan.adlightning.com
1 secure.cdn.fastclick.net tagan.adlightning.com
1 cd.connatix.com 1 redirects
1 media.kaspersky.com threatpost.com
1 www.googletagservices.com threatpost.com
364 134
Subject Issuer Validity Valid
threatpost.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
*.adlightning.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-08-11 -
2022-08-10		 a year crt.sh
media.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
kasperskycontenthub.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
media.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-31 -
2023-03-31		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA		 2022-01-15 -
2023-01-17		 a year crt.sh
cdn.id5-sync.com
R3		 2022-04-13 -
2022-07-12		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh
*.d3.sc.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-03-07		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.id5-sync.com
R3		 2022-05-31 -
2022-08-29		 3 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-03-11 -
2023-04-12		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.consumableaudio.com
R3		 2022-04-27 -
2022-07-26		 3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2021-06-01 -
2022-07-02		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.a-mo.net
R3		 2022-04-19 -
2022-07-18		 3 months crt.sh
ads.servenobid.com
Amazon		 2022-05-29 -
2023-06-27		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.3lift.com
Amazon		 2022-05-13 -
2023-06-11		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-07		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-17		 a year crt.sh
sync.serverbid.com
Amazon		 2022-04-04 -
2023-05-03		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.match.prod.bidr.io
Amazon		 2022-01-27 -
2023-02-25		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.gumgum.com
Amazon		 2022-05-06 -
2023-06-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-05-02 -
2023-06-03		 a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon		 2022-02-15 -
2023-03-16		 a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-21 -
2023-04-20		 a year crt.sh
um3.eqads.com
Amazon		 2021-06-26 -
2022-07-25		 a year crt.sh
*.admanmedia.com
Go Daddy Secure Certificate Authority - G2		 2022-04-21 -
2023-05-23		 a year crt.sh

This page contains 51 frames:

Primary Page: https://threatpost.com/chromeloader-hijacker-threats/179761/
Frame ID: 3F7912E905BEEF7B5CB478CDAF7867EF
Requests: 144 HTTP requests in this frame

Frame: https://cds.connatix.com/p/164495/connatix.player.dc.js
Frame ID: 8F626A74855FBA7A35F68F4A25F40970
Requests: 26 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 7141A560E220CE0FE1137882395808E7
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Frame ID: 034085471F1B226D20606D2E4ACC0091
Requests: 16 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Frame ID: BAD7DE73404F266ADEA7A1D4C4D595EE
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Frame ID: 3A29CFAF434DA612E2D6FA87201A99FF
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Frame ID: 5A756BDE5225149C34AFFF19ACBDA1D5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 30A8283387F8BE6E9C720249BEA6E3DD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 24970C80DD07A7A71DB98C5A37CEBB76
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CCEE7DBCBF0C0E74D7ACA26CD288AE55
Requests: 1 HTTP requests in this frame

Frame: https://44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4EBD8FBD2A711BF5F765F2B7E7195A7F
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Frame ID: 46E6C731BA8DFE1B79C3BF68D1589137
Requests: 15 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Frame ID: 272FBE1327BF670CACC4671BC609F86F
Requests: 15 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Frame ID: 1524064612EC25E19F705082EDC3C545
Requests: 14 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F
Frame ID: 5573F302092EF561C182B3F9B0F15982
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2BD1F869111472ACF9BAFDFBE6011910
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7A15C2CB75D4FA0A8A8717A8FADC1498
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 5839AF8CDC2D20E56B2FF21ED38730DB
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 08F9171B97A1F6998B8B248CECE9F46E
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 141560EB0D5CC908D9AB245A6E1951B9
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: F9AAB801FC88C6715922CF7814B8470C
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: DA0820F7CCCEFB56249F05FB67326643
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: BF9332161A39829810C362B4A29C010D
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 1997D59B4FCC8556FC86F168DE29B193
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: A8C3C93C332547B1625DCF2CF7CA589B
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 1F546C0EE2868FE0FCB73B2F15C55B61
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0
Frame ID: 5129ABD042FA969D51C406660FFA4088
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 7CCF4A44B440E49DFA0271F5FF4E65A8
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 6F3F53258AF375366AD59E583CD5A315
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: FE7A36D49F6035CBA58830DA4B06ACB2
Requests: 11 HTTP requests in this frame

Frame: https://sync.serverbid.com/ss/2000891.html
Frame ID: 6529D64A2745144BF3F5044FA0562850
Requests: 9 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: 66D8E129D04D8EE1DA5FD73036DAEF2F
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: EECE7122D88687527C3611C11E2685FF
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 649B77368782FF4A58A93DD1C0773B6A
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Frame ID: 4C3F221DFD45C1AB2BEEB7724402B9CA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: 4DA28FD51EE388D77F0640972E3FA36D
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: D0E1855ADCEC35D48FC712537566BBF4
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 299B0A2A1B7EB877014065BAA345AC09
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 6BB101ABEC80DA3E720D62C404C2CDFB
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 3F5AEE2A4A7F8E87AE8730EB67BED2C9
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: 70425C8447391E722F7B4F72B10ABD3C
Requests: 9 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=02396296-1bd4-4100-9e85-ce18c18a0a66&gdpr=0&gdpr_consent=
Frame ID: 4EA1BFAE1EC43428789BEE030238FB5C
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YpYb0AAAALMmvwNe&gdpr=0&gdpr_consent=
Frame ID: 4E3F329365530492A92F43DC60FB37F7
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8zNTI5OTM1NC1iYjE0LTQ2ZDEtOTJmNS1hMWEwOTUyNGY3YmI=&gdpr=0&gdpr_consent=
Frame ID: 130C04EC65999E2C6A8F7D02928098E8
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 7C5E03160F041AF19955B136946695D1
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 54CA72E425432E36BB9351FCDF1773AE
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=3934069753600962614brt12611654004695570285f1
Frame ID: B08AB319517648556BC2C7E0E0A4067C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YpYb2MCo5ucAAMrGh.UAAAAA
Frame ID: 80BC9D5EF5F22E8D0A375468E6AD2A9F
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=NQhoKvUuTXfcVhZ07G0x&pi=gumgum&tc=1
Frame ID: B1FAF6C11DE3012D9D4817140B07E8EB
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 7908DAD3E20848BA510567E13650A94A
Requests: 3 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 5411F9B88E3F2BE04A65A46C2E86CD3D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats | Threatpost

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

364
Requests

85 %
HTTPS

24 %
IPv6

82
Domains

134
Subdomains

90
IPs

8
Countries

5578 kB
Transfer

13545 kB
Size

105
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/164495/connatix.player.dc.js
Request Chain 91
  • https://cm.everesttech.net/cm/dd?d_uuid=52319406721665800283113615901368638181 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YpYb0AAAALMmvwNe
Request Chain 225
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1654004691670%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fchromeloader-hijacker-threats%252F179761%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&liSync=true&e_ipv6=AQKOG5wsZ43-WgAAAYEaXLYgNMZDhcxdYBe-mfelkfWD64tRWfEg_oGUQtAYrADu3iIdYGNt
Request Chain 229
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F HTTP 302
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F
Request Chain 232
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 233
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 234
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 237
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=zduqnHxJWVBJVkRxTU9UWWNlODc5ditnU2h3Vy9qRlNFa3h6WG42ZjNGdDJ3c3NzN0pIeUpzWUVaL082Q0EyVzdJd1hGOWMxWEtHMGo0MmlkQk9mU01rdU9LL2dTd2MxYnRTM0tpSnJDVlhRYjdYODNVZ251dHJBMlR1L09hTVIxek95Sy9MZzZ3MnRibGc4U0pJMUo0WVYxVG1oV08zSVJYMGdyRnFBTVUrWTA1emxOOFQzK1IvYTRaOG9yWGEzUTlscEMrN2llZ09xWndUMzBJTFlMWmkrMStBN1dZclZBVm0ydzFISlQzVFNnV3RVPXw&cppv=2
Request Chain 247
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=be986296-1bd4-4c00-9189-d46d8d2f311c
Request Chain 248
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
Request Chain 249
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3040707462893682252
Request Chain 252
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
Request Chain 253
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=02396296-1bd4-4100-9e85-ce18c18a0a66
Request Chain 254
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
Request Chain 255
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5967721534380435587
Request Chain 258
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
Request Chain 282
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=DZmpr8f21NW2b55
Request Chain 283
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=openx HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3 HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=63efe4aa-0fff-4702-8343-6fa5ed529f43&ssp=openx&expires=30&user_group=5&bsw_param=13163ccf-fbea-4912-bc3b-5a82092a35a3 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=13163ccf-fbea-4912-bc3b-5a82092a35a3&gdpr=&gdpr_consent=
Request Chain 284
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=3934069753600962614
Request Chain 287
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID HTTP 307
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=Eu5YuBZHYmFy4GW2SCy2Zgkk
Request Chain 289
  • https://p.rfihub.com/cm?pub=42786&in=1 HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588520425564536
Request Chain 290
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D&s=185073&C=1 HTTP 302
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YpYb13U9rOlJvfko5CtADAAA%261216
Request Chain 291
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID HTTP 302
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3934069753600962614
Request Chain 293
  • https://pixel.advertising.com/ups/56621/occ HTTP 302
  • https://pixel.advertising.com/ups/56621/occ?verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPdab561bd-e0e7-11ec-8960-069eec745a7a HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPdab561bd-e0e7-11ec-8960-069eec745a7a
Request Chain 301
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Request Chain 303
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=3934069753600962614
Request Chain 304
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=Eu5YuBZHYmFy4GW2SCy2Zgkk
Request Chain 306
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID HTTP 301
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYjI5NmMzZjMtZDU2OC00YWRlLTk2MGYtMTI3ZTAzM2MxOGRlIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0zMVQxMzo0NDo1NS43MTAwNzNaIn0=
Request Chain 307
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1654004695343 HTTP 302
  • https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Request Chain 308
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5141210820682477444
Request Chain 310
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=4e79d528-00f8-4651-ad33-0dce82e91347&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 311
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-ZSUuocxE2uEU3K8rUF2FiXwY8W6Ixflteq5fuY8-~A
Request Chain 312
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=3934069753600962614
Request Chain 313
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_35299354-bb14-46d1-92f5-a1a09524f7bb&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3 HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=a1497622-595f-45d9-ad81-90aab6a7585b&user_group=1&ssp=gumgum2&bsw_param=13163ccf-fbea-4912-bc3b-5a82092a35a3 HTTP 302
  • https://usersync.gumgum.com/usersync?b=bsw&i=13163ccf-fbea-4912-bc3b-5a82092a35a3
Request Chain 314
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=obn&i=ENC%282seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%282seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_35299354-bb14-46d1-92f5-a1a09524f7bb&obuid=ENC(2seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3D2seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING
Request Chain 315
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=23e95d8a-1ce7-4ae5-9578-c6e8f8a09d8a
Request Chain 316
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-215e3216-897f-425a-5fc1-01ca01ea3112$ip$80.255.7.107
Request Chain 317
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-t8vJidFE2pfiREx_B77ahW.GtgCxy.u1XI6.~A
Request Chain 318
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=db129cf7-e0e7-11ec-a2ea-8b2d7ab0be8f
Request Chain 319
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Request Chain 321
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_35299354-bb14-46d1-92f5-a1a09524f7bb&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=POtTmpotioVp2LKUQDpl&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UCPORKG24DPORUW6VTQGJGEWVKRIRYGYJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UCPORKG24DPORUW6VTQGJGEWVKRIRYGYJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=POtTmpotioVp2LKUQDpl&us_privacy=1---
Request Chain 322
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=4c8e22a4-380c-4a92-ac4f-009145bd214a
Request Chain 323
  • https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/floor6?zcc=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D&cb=1654004695526 HTTP 302
  • https://usersync.gumgum.com/usersync?b=rhy&i=OPTOUT
Request Chain 324
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=IHTxWr5TIsWp&ev=1&pid=558355
Request Chain 325
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=4549185882294245560
Request Chain 327
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=02396296-1bd4-4100-9e85-ce18c18a0a66&gdpr=0&gdpr_consent=
Request Chain 328
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YpYb0AAAALMmvwNe&gdpr=0&gdpr_consent=
Request Chain 332
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=3934069753600962614&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
  • https://usersync.gumgum.com/usersync?b=emx&uid=3934069753600962614brt12611654004695570285f1
Request Chain 333
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YpYb2MCo5ucAAMrGh.UAAAAA
Request Chain 334
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=NQhoKvUuTXfcVhZ07G0x&pi=gumgum&tc=1
Request Chain 335
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 336
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAABMAAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAABMAAAAAB&dcc=t
Request Chain 339
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YpYb13U9rOlJvfko5CtADAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECvRnwiqoFuBctQdE9Wl_c0&google_cver=1&gdpr=1
Request Chain 342
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=25bd9a6a-d0e3-bd4e-31f67e71
Request Chain 344
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNVN09RM1ktNS03V0lF&gdpr=0
Request Chain 345
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=FdyjdVArQ0mEno_P5fiQMQ&rk=usync-na&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FdyjdVArQ0mEno_P5fiQMQ&gdpr=0
Request Chain 346
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=QCDONSeORGaFi8owb0S5zg&rk=usync-other&gdpr=0 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=QCDONSeORGaFi8owb0S5zg&gdpr=0
Request Chain 347
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/cL1tK0koWelzuUmengrc9g?csrc=&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=446527422465644186
Request Chain 348
  • https://token.rubiconproject.com/token?pid=26594&gdpr=0 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3U7OQ3Y-5-7WIE&sigv=1&esig=2~ef21e0396ceb98560ef13ff931e4fdabf807be85&gdpr=0
Request Chain 349
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmYwMjE2ZTJlNTkzZjdjZDdhMGMyNzhlZjk1ZmFmYTc0MWEwYmExZQ&gdpr=0
Request Chain 350
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3U7OQ3Y-5-7WIE&gdpr=0
Request Chain 352
  • https://um2.eqads.com/um/cs HTTP 302
  • https://um2.eqads.com/um/cs&eq_cc=1
Request Chain 354
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=tI5IYbPeFWev2EAysYpcY7eLR2Wv2EFktIm0E9uq
Request Chain 355
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7103896072476817548&gdpr=0&gdpr_consent=
Request Chain 356
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4549185882294245560&gdpr=0&gdpr_consent= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4549185882294245560&gdpr=0&gdpr_consent=&dcc=t

364 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
threatpost.com/chromeloader-hijacker-threats/179761/ 		90 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
8d6c4e55e72824828b2ad972370a8fc256f33fec1b814357fba3adc802d60250
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:46 GMT
link
<https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/179761>; rel="alternate"; type="application/json" <https://threatpost.com/?p=179761>; rel=shortlink
server
nginx/1.18.0
strict-transport-security
max-age=31536000; includeSubDomains
x-cache-hit
HIT
x-content-type-options
nosniff
x-debug-auth
off
x-frame-options
SAMEORIGIN
x-request-host
threatpost.com
x-xss-protection
1; mode=block
museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-3ca8"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
15528
museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-5124"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20772
museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-3dcc"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
15820
museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-51a4"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20900
museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-5c74"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
23668
museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-5194"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20884
museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-5bac"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
23468
museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-51b8"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20920
museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-5b34"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
23348
museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-50c8"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20680
op.js
tagan.adlightning.com/math-aids-threatpost/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0096dfd62961b8bf7ea2d8538fcc3bd5b38905c065c88b115e4e3c3b1e155f59

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
3ZYSLlWKRtR.nOX4gXpQxAHmahNu0h2G
content-encoding
gzip
etag
"f15b43ad48ebf113c17aa00c915101b5"
age
1629
x-cache
Hit from cloudfront
content-length
18442
x-amz-meta-git_commit
7b120a5
last-modified
Sat, 28 May 2022 15:44:42 GMT
server
AmazonS3
date
Tue, 31 May 2022 13:17:39 GMT
content-type
application/javascript
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
odxjby7n3DhMxmHLe-oh-HVhkJ0y5uz_8kN4YI_7_gwvM9lppy_XNw==
gpt.js
www.googletagservices.com/tag/js/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb8ea1c7f3602e85d19b79fe56b1b64796d458705ccf1a05b8e0b333c3aa61b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28137
x-xss-protection
0
server
sffe
etag
"1231 / 358 of 1000 / last-modified: 1653995043"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 31 May 2022 13:44:47 GMT
ros-layout.js
qd.admetricspro.com/js/threatpost/ 		26 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 08 Apr 2022 16:11:01 GMT
server
cloudflare
etag
W/"679a-5dc26d73770fc-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vOFlaDMax1uCHPXB3Yiv84FNbwKklZpP1cz5rpK7bFlbCEuejC2lv9VVu1WyNGTS5SVv%2FBj%2F0FtemUACBW63kIv8PvIbGP46IIXH7bN%2Bu5MD9Z%2B2fazoZiU2hHO5seeeOMUZQ5wtgIxezT3ieGBrfjWW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7140256b6b669bf8-FRA
expires
Tue, 31 May 2022 13:48:51 GMT
cmp.js
qd.admetricspro.com/js/threatpost/ 		310 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 01 Jun 2021 14:47:10 GMT
server
cloudflare
etag
W/"4d957-5c3b56abf6028-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDw90lBrcooKBW9MpZMvzpGdRIj6t9VFnUkpZap2wEf0AFjk31DivzQWwdWu64rhU1SOknK3mNOsgF1R49kI%2FRdbHiOIpTPxHHvumSG4hwRP97vXoEOsemtX8AqDJYnvxh1ML92GrwarE89rHmDzAczq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7140256e5b969bf8-FRA
expires
Tue, 31 May 2022 13:49:08 GMT
uspcmp.js
qd.admetricspro.com/js/threatpost/ 		148 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 08 Aug 2020 22:40:07 GMT
server
cloudflare
etag
W/"24e50-5ac65673cef1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmVC5QwLritWpNzTcgfixL63VkDDBXCNIAMOEmx0TyGbXHGDcP8l4RSrUfFQCJdF9JW0hdsBpYSmn86mRjiiv%2FINJZCDAJzh%2BEYr2PbBy1Gr%2FVN7H%2BohjTpMsGNzElUTFdwO1PEk5HtANO7XFog8M1Xq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7140256e5b989bf8-FRA
expires
Tue, 31 May 2022 13:54:12 GMT
targeting.js
qd.admetricspro.com/js/threatpost/ 		393 B
525 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 21:50:12 GMT
server
cloudflare
etag
W/"189-5c8c2c96f96c7-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOo1rV8ZbYwTLHxXj1ZAWEbwCe5iRsHZs4eHx9PRvE5JykLo9oXu81vo3RK7O3mxClBFFVqssHsz4VgDV0FE0r3S2zzTK1XvXk8QPLxutnFzVT%2FKBufU2LRpFzJ9603EkOkTXAT7gxVXYYcqU%2BxIA0od"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7140256e5b9b9bf8-FRA
expires
Tue, 31 May 2022 13:48:03 GMT
prebid.js
qd.admetricspro.com/js/threatpost/ 		459 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a7e2f2daef118825ab8bb58bc3cd9dbb3c83cb84772a08f6c5758d706fef173

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 02 May 2022 16:56:40 GMT
server
cloudflare
etag
W/"72c32-5de0a46b45676-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=985mM3oiZiP%2Bw4cdIhtExF8Cwz611UY5He7s02jQeXp7Dq8Zb4lu4rGx6i0gl7GMPpKtnBArX5KeC7vg4NCe0zB0BA53uuxadEcuGBqgZViMaE8YsIvhcd9doecj2ylsci5VUAw6LmGIxi%2B7QKno3OQw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7140256e5b9d9bf8-FRA
expires
Tue, 31 May 2022 13:53:30 GMT
engine.js
qd.admetricspro.com/js/threatpost/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/engine.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 24 Jan 2022 02:31:38 GMT
server
cloudflare
etag
W/"8cae-5d64ac49b9c1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MysVL6BiGfNomWOI%2B4lmcIxyVgEuaqdTg5rDD7HZBmbv4Kz9VpdE%2F%2FUlo%2B0d2Znb9G%2BbsslHf0Aea1jsGtAe67XVJM6HqxUXtvtFwsMWni8zQL930ZtZC9DwZxxOvi59dlTlU6HJ9o004NuZzqIiqR5U"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7140256b6b6c9bf8-FRA
expires
Tue, 31 May 2022 13:46:23 GMT
/
threatpost.com/wp-content/plugins/bwp-minify/min/ 		294 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
x-cache-hit
HIT
x-debug-auth
off
x-request-host
threatpost.com
content-length
42696
expires
Wed, 01 Jun 2022 12:37:12 GMT
jquery-1.12.4-wp.js
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-17a56"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:46 GMT
lazyload.js
threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/lazyload.js?ver=202224051706
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
3307268982e18bae27fb0691dea184c6a6ce845db0f6ce1f41ca63e948dde8a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-1a91"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:46 GMT
alert_text.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		107 B
342 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1653647140
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-6b"
content-type
application/javascript
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
107
expires
Tue, 07 Jun 2022 13:44:46 GMT
alert.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1653647140
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-104a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:46 GMT
public.js
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 		116 B
351 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-74"
content-type
application/javascript
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
116
expires
Tue, 07 Jun 2022 13:44:46 GMT
kaspersky-twitter-pullquote.js
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 		599 B
589 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-257"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:46 GMT
loadmore.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-11e7"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:46 GMT
social-share.js
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:46 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-484d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:46 GMT
Chrome_Browser.jpg
media.threatpost.com/wp-content/uploads/sites/103/2017/04/06225342/ 		150 KB
150 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2017/04/06225342/Chrome_Browser.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b4c37dd6131692216350dc42b41f2c4fca394232498e32c003f62c6961827243

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 11:38:32 GMT
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 03 Jul 2018 01:44:16 GMT
server
AmazonS3
age
7576
etag
"e03b5fece62438f5c80923e36fd22e75"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
153195
x-amz-cf-id
E8nvaZqzdwzkQPWp0L3wr7bNI72fIgRUTLzOnQil4cuyNnca1xK5OA==
expires
Wed, 03 Jul 2019 01:44:15 GMT
infosec_insiders_in_article_promo.png
media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 04:44:34 GMT
via
1.1 009e5e3e32afcd1d135a7234c9da5521.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 10 Aug 2021 20:58:17 GMT
server
AmazonS3
age
21286814
etag
"101ba02c43488b8b07cf42f9aa850f6a"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
20484
x-amz-cf-id
uT6PZ8_cPINdxEyb316tCT6WhmcjztKWmBPAg1N01WW2iB-Frbau4w==
expires
Wed, 10 Aug 2022 20:58:15 GMT
api.js
www.google.com/recaptcha/ 		852 B
622 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?hl=en&render=explicit
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e5221f9ad8724e68770726288be421f845a83eb7f2fcb9f60c775ec5146dabf8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
553
x-xss-protection
1; mode=block
expires
Tue, 31 May 2022 13:44:47 GMT
scripts.js
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 		2 KB
919 B 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-828"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
api.js
www.google.com/recaptcha/ 		852 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b7cb1f60a7904347f454c8f41e18206d48d636574c61719e53184f254deb1353
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Tue, 31 May 2022 13:44:47 GMT
main.js
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-ab4"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
main.js
threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/ 		437 B
532 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/main.js?ver=202224051706
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
0de5867fb96beb7a6df6147dea8d8f921d522b0822b0bdc46ac1af2277d3215c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-1b5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
s_code_single_suite.js
media.kaspersky.com/tracking/omniture/ 		173 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
etag
"8064ef82ed4fd81:0"
x-powered-by
Kaspersky Labs, Kaspersky Labs
alt-svc
h3=":443"; ma=86400
content-length
49335
x-xss-protection
1; mode=block
last-modified
Thu, 14 Apr 2022 10:50:53 GMT
server
x-frame-options
SAMEORIGIN
date
Tue, 31 May 2022 13:44:46 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
x-server
fr2/FRA3
accept-ranges
bytes
x-content-type-options
nosniff
main.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		114 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-1c643"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
regenerator-runtime.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-195e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
wp-polyfill.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-4b3d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
dom-ready.min.js
threatpost.com/wp-includes/js/dist/ 		1 KB
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-4e9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
hooks.min.js
threatpost.com/wp-includes/js/dist/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-163a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
i18n.min.js
threatpost.com/wp-includes/js/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-28a7"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
a11y.min.js
threatpost.com/wp-includes/js/dist/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-bfd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
jquery.json.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-730"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
gravityforms.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-abe0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
conditional_logic.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-213f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
placeholders.jquery.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-121f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
expires
Tue, 07 Jun 2022 13:44:47 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:11:19 GMT
content-encoding
gzip
etag
W/"cc07895b7b7c30a55c948b849ccd5e56"
last-modified
Tue, 24 May 2022 19:53:03 GMT
server
AmazonS3
age
2009
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront), 1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
x-amz-cf-pop
FRA6-C1, FRA50-C1
x-amz-cf-id
Nx1tJP9p0V3DU65MPE3Ohfp2BoZAtHTlZjN-oZsFUPc5r4Hm0Yh7fg==
connatix.player.dc.js
cds.connatix.com/p/164495/ Frame 8F62
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/164495/connatix.player.dc.js
893 KB
208 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/164495/connatix.player.dc.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8b383fe4b91292ffde97cf646c717ed08a73f51a34f6844fae7d3366febb3706

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
last-modified
Tue, 31 May 2022 13:01:02 GMT
age
1661
etag
"055cc4f7b7cf843d20263f812c930a67"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
213183

Redirect headers

location
https://cds.connatix.com/p/164495/connatix.player.dc.js
date
Tue, 31 May 2022 13:44:47 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
/
kasperskycontenthub.com/ 		0
299 B 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=371193900&back=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx/1.18.0
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-cache-hit
HIT
x-debug-auth
off
strict-transport-security
max-age=31536000; includeSubDomains
x-request-host
kasperskycontenthub.com
vary
Accept-Encoding
x-xss-protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		186 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1b2ff274ffd965327df129d80049a64cbdf10066ce59067e2ae4c03032889d7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63357
x-xss-protection
0
last-modified
Tue, 31 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 May 2022 13:44:47 GMT
gtm.js
www.googletagmanager.com/ 		486 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f2826b62197ed6d7cc6a00df65e968c71df8e631df6c4c25feeb612166c4c3f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118146
x-xss-protection
0
last-modified
Tue, 31 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 May 2022 13:44:47 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 		13 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-328e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 		13 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/chromeloader-hijacker-threats/179761/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-328e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-4a32"
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
18994
expires
Tue, 07 Jun 2022 13:44:47 GMT
mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		828 B
539 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-33c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		868 B
669 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-364"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		812 B
542 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
W/"6290a724-32c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Tue, 31 May 2022 13:44:47 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-260a"
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
9738
expires
Tue, 07 Jun 2022 13:44:47 GMT
Liz-Montalbano-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095657/ 		77 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095657/Liz-Montalbano-headshot.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
369c67a5afb2ffa25d4480b3781a938e7fe7c5633f89d36570e2c1cc23c49eff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 23:51:39 GMT
via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 11 May 2021 15:45:08 GMT
server
AmazonS3
age
5233988
etag
"09775ac22fdd614b1588724aaef06c61"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
78876
x-amz-cf-id
R0NWLIeboPghgdHCLeyqqFuRWq0fn6mEAKRz-H3Km3MfQLqyEyKq1g==
expires
Wed, 11 May 2022 15:45:07 GMT
office-365-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/08/25155836/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/08/25155836/office-365-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8f0c924e8386e205637b5caa66e77291c73bac2707d2befcd822a3b8ac89215

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 30 May 2022 14:53:53 GMT
via
1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 25 Aug 2020 19:58:41 GMT
server
AmazonS3
age
82255
etag
"632f02fb1653fd447ddc9a099a9adcd4"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
20169
x-amz-cf-id
m0AMVkZccQteQMn0BzmXEB3qkPAG4hOAdj1IF_OJyIKakn3sgeqszg==
expires
Wed, 25 Aug 2021 19:58:39 GMT
industrial_controls-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/05/02101104/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2018/05/02101104/industrial_controls-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3649b58dda08bf188b49c90b4418a26fb06c9a2d3cb9bdef8e8bddc8c4bd89dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 10:33:30 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 03 Jul 2018 02:31:53 GMT
server
AmazonS3
age
357078
etag
"eb744bace9f89b3448cad3695d4c5b51"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
28058
x-amz-cf-id
_0YLHoEISWkZ49q8nLMsFe5E1qf2-vnEjxd3UzrvTJgQtBRGU5x9hA==
expires
Wed, 03 Jul 2019 02:31:51 GMT
zoom-ios-app-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/31133304/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/31133304/zoom-ios-app-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2398e8fabf3dc2958a610d78546ed0463dea6f8c978529bde97d6310d75e964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 25 May 2022 13:03:36 GMT
via
1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 31 Mar 2020 17:33:08 GMT
server
AmazonS3
age
520872
etag
"8d0d0adbac7621f0c2bf30c5ff55cace"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
16126
x-amz-cf-id
zmFweZPIC3znUKP1lN7HDhJZfOCesaXEHgn2I9qWu74tjWUJc4pu0w==
expires
Wed, 31 Mar 2021 17:33:07 GMT
zero-trust-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/06/11165310/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/11165310/zero-trust-64x64.jpeg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2601819d7387eaa39cdce9df2aac15559572e9974bfe2d83bfb89b5873cf638a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 23 May 2022 12:50:25 GMT
via
1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Fri, 11 Jun 2021 20:53:15 GMT
server
AmazonS3
age
694463
etag
"0dbac1a64b0c995eba2c1af030a0b84b"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
2204
x-amz-cf-id
PGXnnWXQDQRkjJXcvD9Thsf8khAYYjhCaHdduKd7Z8n-yY_mkQIHsQ==
expires
Sat, 11 Jun 2022 20:53:14 GMT
honda-data-leak-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2019/07/31143348/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/07/31143348/honda-data-leak-64x64.jpeg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aed74ca5263f835a96dd0e79a8cb9ab61f5b52bbf136dfc51498771a8b6baef7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sat, 28 May 2022 06:23:12 GMT
via
1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 31 Jul 2019 18:33:51 GMT
server
AmazonS3
age
285696
etag
"fe8ccf55bc2ee0c72c0e7f16dda11720"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
2001
x-amz-cf-id
tnOfooS5yhc96EIKGdUpBP6jJxv_xGlAUOBPT0nwu3JegJTVGDZP2g==
expires
Thu, 30 Jul 2020 18:33:48 GMT
DDoS-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/10120505/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/10120505/DDoS-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dc8ae1c2826f713cc3dff20cde6078ba57bec99397f4d61dae38cd82b0f5b48c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 12 May 2022 11:59:29 GMT
via
1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Fri, 10 Sep 2021 16:05:09 GMT
server
AmazonS3
age
1647919
etag
"a5c5593abb184fca0fb91da48fe02ef6"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
1804
x-amz-cf-id
hEyjY_2XhUPL0r9CINy8ezfcF4PSAkSxk_MHWNrpE1WTnUxjhUAv9w==
expires
Sat, 10 Sep 2022 16:05:08 GMT
cloud_web_app-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/cloud_web_app-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f8e26c6e3747211b9e868590efacffe3e5fda8c33df14ea69aeb09b0270064c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 05 May 2022 13:00:36 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Tue, 05 Jan 2021 22:08:25 GMT
server
AmazonS3
age
2249052
etag
"467b7391215e33f5cb19813268f1a4cd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
2755
x-amz-cf-id
w49ulrhsoXTZfsjqcygvfYc73O5ePjDX-aW6gZVG23QM92PJhTvNVQ==
expires
Wed, 05 Jan 2022 22:08:24 GMT
Work-from-Home-WFH-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/Work-from-Home-WFH-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
851913072ba36e6383ee40856fa3dea9ed4c5f03b4e3effb6a3841aab3840d26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 08 May 2022 15:37:41 GMT
via
1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront), 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Fri, 03 Apr 2020 21:48:22 GMT
server
AmazonS3
age
1980427
etag
"8935e353d0d7393d74a9d2a3c8feec32"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1, FRA50-C1
accept-ranges
bytes
content-length
2024
x-amz-cf-id
sISc8mKJG7a9vVD9KhkfxJrIvUzZWDBeDKfK-M3TYpjEb3mWdvaKzg==
expires
Sat, 03 Apr 2021 21:48:21 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ 		362 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
efd0c5d34e459e8199af5d95b25051222bff7c890303ae723653447aaedc07ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 01:16:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44917
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
146184
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 31 May 2023 01:16:10 GMT
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
24868412
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
MvjAm6yXkmKyn36UGWFGZOSu8psLwWHAGwx4KATVFGIz1W7tW3cWjA==
bl-fe8bb3e-6d2cda11.js
tagan.adlightning.com/math-aids-threatpost/ 		45 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b1523eb3a5dc6d32e8fd2e898488a5ba12009d964a4d6aed8bfef6427c462a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sat, 28 May 2022 16:25:39 GMT
content-encoding
gzip
age
249549
x-cache
Hit from cloudfront
content-length
19498
x-amz-meta-git_commit
fe8bb3e
last-modified
Sat, 28 May 2022 15:43:54 GMT
server
AmazonS3
etag
"c77f6009c349f6718c75687c4f46a696"
x-amz-version-id
KvE3Bn2hJFpm9IHXunEWSmsYfTUAeEtY
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
H1n3ImnCCm8pl2b52LT5NYK6j__aeMDQZOkHMQQudB6SDEyCONp7jA==
config
c.amazon-adsystem.com/cdn/prod/ 		662 B
1020 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 11:49:08 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
server
Server
age
6938
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
content-length
662
x-amz-cf-id
-aHkXaCIVC_GKwTTaGh0KCtOE0JLKIVNHCzZmlO67TNzu_IqSOcjYQ==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
31762
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 28 Apr 2022 01:41:20 GMT
server
AmazonS3
date
Tue, 31 May 2022 04:55:26 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
lEvr0NbhcKmgsDvkbvVS368eUMBjzvKEoD5ZRQXhBgT6b5P4bHFFNw==
pubads_impl_2022052401.js
securepubads.g.doubleclick.net/gpt/ 		365 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022052401.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
sffe /
Resource Hash
1deb05609ea8dd3eb5c4a30b059ff80d8121b50d31ef592651bb15cda638a37d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:09:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2119
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126668
x-xss-protection
0
last-modified
Tue, 24 May 2022 08:38:19 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 31 May 2023 13:09:28 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		141 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
cafe /
Resource Hash
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101
x-xss-protection
0
expires
Tue, 31 May 2022 13:44:47 GMT
vendor-list.json
qd.admetricspro.com/js/cmp2/ 		318 KB
45 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Tue, 03 May 2022 16:25:12 GMT
server
cloudflare
etag
W/"4f6fe-5de1df3ffe732"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSwBiWImyNk%2BTvlnGrTMIjYWYoATNIOOGDRROZh8sSiDXy9BtNWJoGdTYnSz0M2sNQxZ05pls7Imi0h0qG%2FNu7%2F%2FSTZj6FioTLpdRNKYZ22lf2UCsuTFwEuaazGEOy3TrdroWlSeNlwDK1r5ptOIV5XR"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
71402571f96a92b7-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 31 May 2022 13:54:48 GMT
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/164495/ Frame 8F62 		0
47 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
last-modified
Tue, 31 May 2022 13:01:02 GMT
age
1661
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
player.css
cds.connatix.com/p/164495/ 		57 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/164495/player.css
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
daf028afc101da7201cb211f9786b6a36f6bf60ad836dfe991306140efca2432

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
last-modified
Tue, 31 May 2022 13:01:02 GMT
age
1661
etag
"ea2f9ede807e1b050a71617a64dba818"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8709
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.210.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-206-210-112.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Tue, 31 May 2022 13:59:47 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.202.126 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:17:12 GMT
content-encoding
br
x-cacheable
Matched cache
x-cdn-pop-ip
137.74.120.0/27
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/javascript;charset=utf-8
cache-control
max-age=3600
x-cdn-pop
sbg
content-disposition
attachment;filename="id5-api.js"
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
11181
x-request-id
483492824
gtm.js
www.googletagmanager.com/ 		433 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
915871f22d9db001cdf8b82b00af9680b5706c2d8005c25242c6bc83599010ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115142
x-xss-protection
0
last-modified
Tue, 31 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 May 2022 13:44:47 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
601
date
Tue, 31 May 2022 13:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 31 May 2022 15:34:46 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Tue, 07 Jun 2022 13:44:47 GMT
uwt.js
static.ads-twitter.com/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9fa5f4494a80ecf219df87f5a3bedccc280a4a458e72a12732411ec531731bb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:47 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 19:44:22 GMT
etag
"37e15fed72b47b0100cbd5c7aaa9d3a0+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
14634
x-served-by
cache-iad-kjyo7100022-IAD, cache-hhn11557-HHN
recaptcha__de.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ 		365 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
195fc406dbdbe81846387873a37f88b81514ddedd3877b59e1a4615e90b18173
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 12:52:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3135
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147703
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 31 May 2023 12:52:32 GMT
id
dpm.demdex.net/ 		368 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1654004687851
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.178.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-178-2.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bb3eef58b174e8ad811f952002750497754fe6159b9384770e1b6ea8c16303d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v033-0a97a81cc.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
qiLajbs5TpM=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
310
Expires
Thu, 01 Jan 1970 00:00:00 UTC
flipboard.svg
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 		236 B
406 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-ec"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
236
fontawesome-webfont.woff2
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v56
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
last-modified
Fri, 27 May 2022 10:25:40 GMT
server
nginx/1.18.0
etag
"6290a724-12d68"
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
77160
v1
geo.ipify.org/api/ 		420 B
628 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),
Reverse DNS
threatintelligenceplatform.com
Software
nginx /
Resource Hash
01fc90337df76cc5ef56b4ea8987d732dd4953716bbbf70d2875edcbcb4f6012
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 13:44:48 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
pls
capi.connatix.com/core/ Frame 8F62 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6eb11d2dd84adc282bf7bf7f894b5c87729613879494ec1c719eb08755296cb3

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
9545
dest5.html
kaspersky.demdex.net/ Frame 7141 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kaspersky.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.228.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-228-167.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v033-09752b257.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
6jpuMYBDTn8=
content-encoding
gzip
date
Tue, 31 May 2022 13:44:48 GMT
last-modified
Thu, 26 May 2022 14:14:00 GMT
vary
accept-encoding
id
kaspersky.d3.sc.omtrdc.net/ 		2 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=50984837797410164222697423648120140991&ts=1654004688318
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-df488f754-94nwn
vary
Origin
x-c
main-1645.Id526ce.M0-571
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YpYb0AAAALMmvwNe
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=52319406721665800283113615901368638181
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YpYb0AAAALMmvwNe
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YpYb0AAAALMmvwNe
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
HTTP/1.1
Server
52.212.178.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-178-2.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v033-0d2d3d456.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
INFryr81R9s=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YpYb0AAAALMmvwNe
Date
Tue, 31 May 2022 13:44:48 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/ 		2 B
354 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:4000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:25:59 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
server
AmazonS3
age
1128
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
content-length
2
x-amz-cf-id
Hm5FeJwxQfwnr-E0X6inBgkaeJQQcmLn8iHtyxuku1BV-V8hgGSkqQ==
adsct
t.co/i/ 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.3.14&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&event_id=29c527e5-2555-4ac1-8e1e-f6791973dd04
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time
117
date
Tue, 31 May 2022 13:44:48 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
b2a11e0347da5f1773e7ead1bf07a757ee55373793f38d4a2c7cf7d14ad048a2
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.14&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&event_id=29c527e5-2555-4ac1-8e1e-f6791973dd04
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time
105
date
Tue, 31 May 2022 13:44:47 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
07b27bdfa00ba648b1197e9db58b5a29f40c5ff8a69f36d53cea3083507eb8ff
content-length
43
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=687334969&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&ul=en-us&de=UTF-8&dt=ChromeLoader%20Browser%20Hijacker%20Provides%20Gateway%20to%20Bigger%20Threats%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=29724147&gjid=853172535&cid=1720830306.1654004688&tid=UA-35676203-21&_gid=1391796103.1654004688&_r=1&gtm=2wg5p1PM29HLF&z=392285660
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=687334969&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&ul=en-us&de=UTF-8&dt=ChromeLoader%20Browser%20Hijacker%20Provides%20Gateway%20to%20Bigger%20Threats%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1720830306.1654004688&tid=UA-35676203-21&_gid=1391796103.1654004688&gtm=2wg5p1PM29HLF&z=4928126
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 07:37:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
22010
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
blockedDomains_17.bin
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 8F62 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_17.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aff26c2f3864a04ba6f021451c4b4102bf7fc57a4b09e24d9d621112c2fa5230

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
last-modified
Wed, 25 May 2022 16:19:12 GMT
age
509044
etag
"cf08dcb50559f0eb8e982959bfbd3d7f"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
1485
sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
sffe /
Resource Hash
fb8ea1c7f3602e85d19b79fe56b1b64796d458705ccf1a05b8e0b333c3aa61b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28137
x-xss-protection
0
server
sffe
etag
"1231 / 271 of 1000 / last-modified: 1653995043"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 31 May 2022 13:44:48 GMT
2_media.bin
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ Frame 8F62 		291 B
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/2_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2ee737a1d1305fdaa71cb4c90438ab581c483eb17a912c0d491b54683690d027

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
last-modified
Fri, 16 Apr 2021 20:10:22 GMT
age
83634
etag
"b71ccacb93402dc4a27785464814f033"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
255
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 8F62 		377 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52ad644da868878b67f129a0857315706f2b683876f5ff18f0ffb5c546d44958
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128968
x-xss-protection
0
expires
Tue, 31 May 2022 13:44:48 GMT
1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
br
age
1228560
etag
"CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age
86400
fastly-io-info
ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
6487
724.json
id5-sync.com/g/v2/ 		213 B
621 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.69 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216534.ip-141-95-98.eu
Software
/
Resource Hash
c173110e5c6192a19a22dbb7793a370e802d640352df5c4901399d0b61f3458c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:48 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=1720830306.1654004688&jid=29724147&gjid=853172535&_gid=1391796103.1654004688&_u=YEBAAEAAAAAAAC~&z=1060497176
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c03::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 31 May 2022 13:44:48 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
localstore.js
script.4dex.io/ 		483 B
975 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3643
content-type
application/javascript
x-amz-request-id
tx868aa8ceaf494ff0b1336-00627a3731
x-amz-id-2
tx868aa8ceaf494ff0b1336-00627a3731
last-modified
Tue, 10 May 2022 09:57:32 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dW%2FWWD7PeOzZthxYjVf%2BUTZbtIUKVg6p4vzJ9vEYAGM4fhzc3ec4fHqZPg5yY80kqwY02K%2Fo8ybrgRTfT%2F4SPWvo6jcpPy812yJVNJceaKImdVK1a6HFIltAQwBauWyJweAZBRDQX9XHt76u"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
1652176652152482
cache-control
public, max-age=1800
cf-ray
714025794fa59be0-FRA
expires
Tue, 31 May 2022 14:14:48 GMT
prebid
mp.4dex.io/ 		114 B
598 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa1130d68d40b685406323e5756cc61e1ccf3bdefe7f4abbd842d467283534c8

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
714025795f8d9a0b-FRA
pragma
no-cache
date
Tue, 31 May 2022 13:44:48 GMT
via
1.1 google
cf-cache-status
DYNAMIC
x-warn
Preparing candidates. No matching rules and/or Bids disallowed and/or Invalid predictions
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
server
cloudflare
expires
0
bid
ap.lijit.com/rtb/ 		94 B
742 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.22.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
c2285a3d2a0b35cfa6805353f679fdbe88c07375be8956fba1e1b70a1a5dbc48

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 31 May 2022 13:44:48 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
v1
btlr.sharethrough.com/universal/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.214.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-214-173.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:49 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.214.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-214-173.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:49 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.214.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-214-173.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:49 GMT
access-control-allow-credentials
true
vary
Origin
v2
e.serverbid.com/api/ 		16 B
389 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
40a9878d60e4755ca74de21519d4bbdbe6fa2f8649ec4c63114f1d70ce4345b8

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
291 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
9504c2c3e1d5bd4c8d2d11daae27302678d09bfa0485eca856dde3a30455c277

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
37e85cd0098d7309c5047bcd7b763e0ba49ba2e77e019c5291f64b570ab102fa

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
mvo
tag.1rx.io/rmp/216477/0/ 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=6.22,2.1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.43 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cygnus
htlb.casalemedia.com/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2232b413a2fa8920f%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.22.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%223390531b42d20c7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%7D%2C%7B%22id%22%3A%2234ec49b19012345%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%7D%2C%7B%22id%22%3A%22358ffa07e7c126%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
456d000a624748457921c095d7cd323ee51b7066ff936ed7ae0c490475742530

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
x-ak-initial-geo
CC:[DE], RC:[BY], CN:[EU], CIP:[80.255.7.107], XFF:[]
server
Apache
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
1411
x-ak-client-geo
12
expires
Tue, 31 May 2022 13:44:49 GMT
c
prebid.a-mo.net/a/ 		0
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:48 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
313
vary
origin, Accept-Encoding
adreq
ads.servenobid.com/ 		598 B
643 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=8427
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
81dc88482cd115f4cc4f9d4dda784b2460f53c8756cc9394999553e985234365

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		504 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=05030511-3022-434b-a8eb-0a9052f7270e&l_pb_bid_id=45a5f9be58e6552&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF&slots=1&rand=0.5585281897566503
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
df07021b354878680bddff47b8e851974cc6b736813ba4084685ad46b39f3508

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:49 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
504
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		502 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=9ee00b7a-faf7-4359-9861-5ddb5f126200&l_pb_bid_id=460d715c838cbbc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF&slots=1&rand=0.340898885216806
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
ad85b6c517cb5c0b7ff1899ca12f4cdf912b4c8ec7f510af86070abe2eeb11bc

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:49 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
502
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		502 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=72992c58-e8e8-43c3-8c6d-f0f1d569015f&l_pb_bid_id=4718114d6133f7f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&slots=1&rand=0.6349609471839277
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
6643b24981f158b1116fd8bde9a520b5e879613a8760baf0cc3b3313b8ab5c29

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:49 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
502
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		502 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=72992c58-e8e8-43c3-8c6d-f0f1d569015f&l_pb_bid_id=48f1e8c1c911b53&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&slots=1&rand=0.32755823716305543
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
9f4a8deac92f47419a74c7f674637c92285a934958a39a82f5665da3fd32629d

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:49 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
502
Expires
Wed, 17 Sep 1975 21:32:10 GMT
arj
teachingaids-d.openx.net/w/1.0/ 		174 B
592 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=05030511-3022-434b-a8eb-0a9052f7270e%2C05030511-3022-434b-a8eb-0a9052f7270e%2C9ee00b7a-faf7-4359-9861-5ddb5f126200%2C72992c58-e8e8-43c3-8c6d-f0f1d569015f%2C72992c58-e8e8-43c3-8c6d-f0f1d569015f&nocache=1654004688775&gdpr=0&x_gdpr_f=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
950f9af6fd1cae52ec0206522e882305e19df453f6a610d4cf7cf977b625f75a

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
server
OXGW/eecec1e
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
165
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=6.22.0&referrer=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tmax=1200&gdpr=false
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.64.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-64-227.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
accept-ch
sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		28 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e19b99747685e65fc62274938b13343fc0fcb2b642196afdc9d0978d53550aa3
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 31 May 2022 13:44:49 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
78b51ba6-61d6-4806-b396-1a5a53bffcd0
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ 		64 B
533 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&pid=Bcum9XXrdMnVP&cb=0&ws=1600x1200&v=7.75.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-amz-rid
JCVWBF3DZAJXBJS57ZTK
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
zsZ6ezftiPZIv8db6X4ik8rRGTYSQlPEHSveRzTmBi3VltS1CM7_Vw==
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/164495/ Frame 8F62 		162 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
br
last-modified
Tue, 31 May 2022 13:01:02 GMT
age
1662
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
pixel;r=1813505577;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F;uht=2;fpan=1;fpa=P0-840825839-1654004688811;pbc=;ns=0;ce=1;qjs=1;qv...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1813505577;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F;uht=2;fpan=1;fpa=P0-840825839-1654004688811;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1654004688811;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2017%2F04%2F06225342%2FChrom%2Ctype.article%2Ctitle.ChromeLoader%20Browser%20Hijacker%20Provides%20Gateway%20to%20Bigger%20Threats%2Cdescription.The%20malvertiser%E2%80%99s%20use%20of%20PowerShell%20could%20push%20it%20beyond%20its%20basic%20capabilities%20%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fchromeloader-hijacker-threats%2F179761%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:48 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1720830306.1654004688&jid=29724147&_u=YEBAAEAAAAAAAC~&z=2067219949
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1720830306.1654004688&jid=29724147&_u=YEBAAEAAAAAAAC~&z=2067219949
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ao
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 8F62 		741 B
899 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
f8da60882295151000ecd85799a3ded8d9a1ad597653a20db7743be5728e5e85

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
603
bid
c.amazon-adsystem.com/e/dtb/ 		64 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&pid=Bcum9XXrdMnVP&cb=1&ws=1600x1200&v=7.75.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-amz-rid
W3DF9DBBZJASGVV61QHN
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
P2jZ4KECVmiWebpgmnGkLR7nfMd6vPtAYShoQG4YuG6HSfrzceqMEA==
ps
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d9b5e4abf4bec22e15faff29d2915a5d12714edd9696b60e2dd210d0487cd7db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
br
age
92582
etag
"Cq0QWtdrFxtYGey7S5lRFmA43SjwlD+Mmk6EUdZIQPo"
access-control-max-age
86400
fastly-io-info
ifsz=90668 idim=2560x1440 ifmt=jpeg ofsz=8450 odim=400x225 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
8043
prebid6.20.0-1.js
cds.connatix.com/p/plugins/ Frame 0340 		433 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d92a11899a5768511f0431479d50a6fbabd9aa93099c062bc9f348fdb83be72b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
br
last-modified
Wed, 18 May 2022 09:02:01 GMT
age
1140151
etag
"d147c1dd13a25190e1aa7227401d9c91"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
115039
bridge3.517.2_en.html
imasdk.googleapis.com/js/core/ Frame BAD7 		635 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
582272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210269
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 20:00:17 GMT
expires
Wed, 24 May 2023 20:00:17 GMT
last-modified
Mon, 23 May 2022 16:49:57 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 8F62 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 31 May 2022 13:44:49 GMT
bridge3.517.2_en.html
imasdk.googleapis.com/js/core/ Frame 3A29 		635 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
582272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210269
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 20:00:17 GMT
expires
Wed, 24 May 2023 20:00:17 GMT
last-modified
Mon, 23 May 2022 16:49:57 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.517.2_en.html
imasdk.googleapis.com/js/core/ Frame 5A75 		635 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
582272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210269
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 20:00:17 GMT
expires
Wed, 24 May 2023 20:00:17 GMT
last-modified
Mon, 23 May 2022 16:49:57 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
playlist.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ Frame 8F62 		309 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/playlist.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
last-modified
Fri, 16 Apr 2021 20:10:21 GMT
age
92568
etag
"8a966507b13615ecdc1330a4bc9dcfe1"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
164
adagio.js
script.4dex.io/ 		72 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1827065
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx771af7c6665049f49deea-00627a3804
x-amz-id-2
tx771af7c6665049f49deea-00627a3804
last-modified
Tue, 10 May 2022 09:57:31 GMT
server
cloudflare
etag
W/"2430496689c00115831347992a974246"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8XlpKiokGVThBZHw79mlmVQAl%2F97uPqYmHT3zo8X1BNhOI7fGJS2mmWt1R0%2FR0Bdsl044y2%2BYdMJ%2Bc6Eov2R8Vk9rCPAugR8Hh5SNo%2BFKM8wFBXGnR1Lz88Qz8%2B4egLtO09gxrXrdqk2Rpbu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1652176651393042
cf-ray
7140257b3fed9159-FRA
access-control-allow-headers
Authorization
integrator.js
adservice.google.com/adsid/ Frame 8F62 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 30A8 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:16:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 31 May 2022 14:16:42 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 2497 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:16:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 31 May 2022 14:16:42 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CCEE 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:16:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 31 May 2022 14:16:42 GMT
0.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ Frame 8F62 		607 B
335 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/0.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0d922162404e556a1724b9ac48ad388fff7422c9eee115dc397ff9d873ccb4b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
last-modified
Fri, 16 Apr 2021 20:10:20 GMT
age
92568
etag
"2c5eb48a2196eb63b4f9d32cb89d6291"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
249
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ Frame 8F62 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f3efc45a01827f96b4e0297f07e8aa6c745465c5b1cc0d5c1f743e4cad76541b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Range
bytes=0-1361

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
last-modified
Fri, 16 Apr 2021 20:10:20 GMT
age
92529
etag
"64adae2bd0182f683fe3cf977301189d"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 0-1361/4828044
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1362
translator
hbopenbid.pubmatic.com/ Frame 0340 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
mvo
tag.1rx.io/rmp/216475/0/ Frame 0340 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.43 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/216476/0/ Frame 0340 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.43 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
cygnus
htlb.casalemedia.com/ Frame 0340 		36 B
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%22769269c257a713%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%228685519a9fd3ce%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A3%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220778c6a3-9d75-4d44-a8d5-1eed54d7af31%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c2b0e43b79bc1fff431822d1d5b66c87eb6fe6d074c2303b1505e5e80e5af46f

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
x-ak-initial-geo
CC:[DE], RC:[BY], CN:[EU], CIP:[80.255.7.107], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
36
x-ak-client-geo
12
expires
Tue, 31 May 2022 13:44:49 GMT
mvo
tag.1rx.io/rmp/233098/0/ Frame 0340 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.43 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
cygnus
htlb.casalemedia.com/ Frame 0340 		37 B
329 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%22116c586cee5f1cf%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2212465df859b6233%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A3%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220778c6a3-9d75-4d44-a8d5-1eed54d7af31%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5b117368cb6a910f551c0bc0af44d85a9e71a6ee2ebdb990250a58161e1e66ec

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
x-ak-initial-geo
CC:[DE], RC:[BY], CN:[EU], CIP:[80.255.7.107], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Tue, 31 May 2022 13:44:49 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame 0340 		106 B
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e1ed0fdf-fc84-497a-8211-c515d899217b&nocache=1654004689249&gdpr=0&pubcid=0778c6a3-9d75-4d44-a8d5-1eed54d7af31&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%2C%22minduration%22%3A0%2C%22skippable%22%3Atrue%2C%22placement%22%3A3%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
via
1.1 google
server
OXGW/eecec1e
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame 0340 		106 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e7c7e890-6015-41bf-ba8f-e0951f73cce2&nocache=1654004689251&gdpr=0&pubcid=0778c6a3-9d75-4d44-a8d5-1eed54d7af31&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%2C%22minduration%22%3A0%2C%22skippable%22%3Atrue%2C%22placement%22%3A3%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
via
1.1 google
server
OXGW/eecec1e
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
c
prebid.a-mo.net/a/ Frame 0340 		0
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:48 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
0
vary
origin, Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ Frame 0340 		139 B
827 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
abe4a6605fa810a4174bc0d7ed80a8d242b96e73509c35fd72e9e74bc56363e9
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:49 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
1eb81cc2-7194-4637-82d6-bc89e47a34d7
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ Frame 0340 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 31 May 2022 13:44:48 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bidRequest
c2shb.pubgw.yahoo.com/ Frame 0340 		66 B
99 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
81a9b6dc605b6ad9775a211228dcf062706786858df8984a3231474eb017bdb7

Request headers

Referer
https://threatpost.com/
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
66
mvo
tag.1rx.io/rmp/233148/0/ Frame 0340 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.43 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 31 May 2022 13:44:49 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://threatpost.com
access-control-max-age
600
age
0
content-length
0
date
Tue, 31 May 2022 13:44:49 GMT
server
ATS/9.1.0.46
prebid
ib.adnxs.com/ut/v3/ Frame 0340 		139 B
827 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
66f441c534db193f7fcf7ef4f4ae84f7ff673db73b453e9940c14560222b24ff
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:49 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e50208c2-319c-4844-943d-e68ef58857c2
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ Frame 8F62 		593 KB
594 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2dd5f9a6f76cf75bd9f6722f2b847ea61b585256f1960f6b9c7e4a4c73ee214

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Range
bytes=1362-609035

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
last-modified
Fri, 16 Apr 2021 20:10:20 GMT
age
92529
etag
"64adae2bd0182f683fe3cf977301189d"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 1362-609035/4828044
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
607674
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:48 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		124 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=619830807980834&correlator=2249788937588379&output=ldjh&gdfp_req=1&vrg=2022052401&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681&sfv=1-0-38&ecs=20220531&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_ix%3D64879ac94d2714a%26hb_bidder_ix%3Dix%26dyn_bids%3D0.02%26hb_adid%3D64879ac94d2714a%26hb_bidder%3Dix%7Camznbid%3D2%26amznp%3D2%26hb_adid_appnexus%3D6725836a7e231e3%26hb_bidder_appnexus%3Dappnexus%26hb_adid_ix%3D652b292d1ec1b1e%26hb_bidder_ix%3Dix%26dyn_bids%3D0.02%26hb_adid%3D652b292d1ec1b1e%26hb_bidder%3Dix%7Camznbid%3D2%26amznp%3D2%26hb_adid_appnexus%3D6829efa47bae025%26hb_bidder_appnexus%3Dappnexus%26hb_adid_ix%3D6631bbc53a10ee7%26hb_bidder_ix%3Dix%26dyn_bids%3D0.03%26hb_adid%3D6829efa47bae025%26hb_bidder%3Dappnexus%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fchromeloader-hijacker-threats%252F179761%252F%26urlquery%3Dgoogfc%26contentid%3D179761%26category%3Dvulnerabilities%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1654004689933&lmt=1654004689&dlt=1654004686505&idt=1737&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0&adys=8%2C166%2C1206%2C8&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0&msz=728x0%7C300x0%7C300x0%7C1600x0&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&ga_vid=1720830306.1654004688&ga_sid=1654004690&ga_hid=687334969&ga_fc=true&btvi=0%7C0%7C1%7C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022052401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
cafe /
Resource Hash
6f5fb9a33903b58474befada385f51f313ffe4c372b2043efddea16982cf6c5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15718
x-xss-protection
0
google-lineitem-id
-1,-1,-1,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-1,-1,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4EBD 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022052401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 31 May 2022 13:44:50 GMT
expires
Wed, 31 May 2023 13:44:50 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame BAD7 		156 B
625 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2C22677468627%2FCNX_VIDEO%2F1234-12&description_url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tfcd=0&%5BNPA%5D&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1142140887577960&cust_params=domains%3Dthreatpost.com&ad_type=video&vad_type=linear&sdkv=h.3.517.2&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=478629382&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.517.2&sid=DBE48437-447A-4881-85F8-7B446D78823F&nel=0&eid=44725356%2C44738437%2C44752052%2C44760950%2C44761692%2C44762462&top=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&loc=about%3Ablank&dt=1654004690028&cookie_enabled=1&scor=367846395547259&ged=ve4_td3_tt1_pd3_la3000_er1007.1246.1166.1552_vi0.0.1200.1600_vp100_eb24171
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/ Frame 8F62 		579 KB
579 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/70f1895c-46a4-4382-b119-a7f22bdc905d/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/164495/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cc75178dfff53a4e60cfed34c212ae057fa82e22d6e64cf9238caf41f6e870ad

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Range
bytes=609036-1201890

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
last-modified
Fri, 16 Apr 2021 20:10:20 GMT
age
92529
etag
"64adae2bd0182f683fe3cf977301189d"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 609036-1201890/4828044
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
592855
mq
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/mq?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:49 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022052401&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022052401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3829561261574eb202cc9a143047c1e83cb9ebc176875737f4576dcecf14ebdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10583
x-xss-protection
0
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=687334969&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&dp=%2Fchromeloader-hijacker-threats%2F179761%2F&ul=en-us&de=UTF-8&dt=ChromeLoader%20Browser%20Hijacker%20Provides%20Gateway%20to%20Bigger%20Threats%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=137268619&gjid=422183009&cid=1720830306.1654004688&uid=50984837797410164222697423648120140991&tid=UA-63997723-2&_gid=1391796103.1654004688&_r=1&gtm=2wg5p1WZ7LJ3&cd14=no_locale&cd15=50984837797410164222697423648120140991&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F102.0.5005.61%20Safari%2F537.36&cd16=1720830306.1654004688&z=1128643780
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
604
date
Tue, 31 May 2022 13:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 31 May 2022 15:34:46 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 13:44:50 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=10162
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9582686
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9bb25736b688dadcc5f06e73f319c5a49e44d23983df6a89e187533416ccc427
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39030
x-xss-protection
0
last-modified
Tue, 31 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 May 2022 13:44:50 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 31 May 2022 13:44:50 GMT
integrator.js
adservice.google.com/adsid/ Frame 8F62 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 5A75 		156 B
144 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2C22677468627%2FCNX_VIDEO%2F1234-2&description_url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tfcd=0&%5BNPA%5D&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2474098337837102&cust_params=domains%3Dthreatpost.com&ad_type=video&vad_type=linear&sdkv=h.3.517.2&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1969992916&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.517.2&sid=F17072D6-1018-4B43-B929-77CE05C3CDB7&nel=0&eid=44725355%2C44760950%2C44761692%2C44762462&top=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&loc=about%3Ablank&dlt=1654004686824&idt=3148&dt=1654004690337&cookie_enabled=1&scor=2933793015014558&ged=ve4_td3_tt1_pd3_la3000_er1007.1246.1166.1552_vi0.0.1200.1600_vp100_eb24171
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		191 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fa22f4580a319c4112ffcbfedbddeae410012692ba1345cd7e4fd0a1fa0ffd66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70066
x-xss-protection
0
expires
Tue, 31 May 2022 13:44:50 GMT
bl-fe8bb3e-6d2cda11.js
tagan.adlightning.com/math-aids-threatpost/ Frame 46E6 		45 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b1523eb3a5dc6d32e8fd2e898488a5ba12009d964a4d6aed8bfef6427c462a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sat, 28 May 2022 16:25:39 GMT
content-encoding
gzip
age
249552
x-cache
Hit from cloudfront
content-length
19498
x-amz-meta-git_commit
fe8bb3e
last-modified
Sat, 28 May 2022 15:43:54 GMT
server
AmazonS3
etag
"c77f6009c349f6718c75687c4f46a696"
x-amz-version-id
KvE3Bn2hJFpm9IHXunEWSmsYfTUAeEtY
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
65tQ6Pu1aHzkqLTjP8br_leS4M3grnp6KZ0qqm8gI3lbca9W6UT6Xw==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 46E6 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
24868415
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
nrUCrzVzhIXcO1b1ismZMmb3cDiaDapGkNReSCphjpTifPH-L0wNRw==
bl-fe8bb3e-6d2cda11.js
tagan.adlightning.com/math-aids-threatpost/ Frame 272F 		45 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b1523eb3a5dc6d32e8fd2e898488a5ba12009d964a4d6aed8bfef6427c462a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sat, 28 May 2022 16:25:39 GMT
content-encoding
gzip
age
249552
x-cache
Hit from cloudfront
content-length
19498
x-amz-meta-git_commit
fe8bb3e
last-modified
Sat, 28 May 2022 15:43:54 GMT
server
AmazonS3
etag
"c77f6009c349f6718c75687c4f46a696"
x-amz-version-id
KvE3Bn2hJFpm9IHXunEWSmsYfTUAeEtY
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
DmyW6wAwKsZyra56O-qsFBz4jRjMtKcPzAgoMkn2U4JWYQNAfeP_wA==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 272F 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
24868415
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
qWgUwkuZX4fGFtzPO-fvDAUviaQGNlQY6tYXymTfV9erplhP7uuw8A==
bl-fe8bb3e-6d2cda11.js
tagan.adlightning.com/math-aids-threatpost/ Frame 1524 		45 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-fe8bb3e-6d2cda11.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b1523eb3a5dc6d32e8fd2e898488a5ba12009d964a4d6aed8bfef6427c462a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sat, 28 May 2022 16:25:39 GMT
content-encoding
gzip
age
249552
x-cache
Hit from cloudfront
content-length
19498
x-amz-meta-git_commit
fe8bb3e
last-modified
Sat, 28 May 2022 15:43:54 GMT
server
AmazonS3
etag
"c77f6009c349f6718c75687c4f46a696"
x-amz-version-id
KvE3Bn2hJFpm9IHXunEWSmsYfTUAeEtY
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
2bh-TsZVt9j8Spzwr7wWE0wUUrt_0lpyzgrHm8I0rNNh7TjaRho9GQ==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 1524 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-66.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
24868415
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Bf3w5uUZGmWjteUw56MFLNZvXpoCApGlWRrdBLXmA34h0212IIjfgw==
s84193197686477
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 		43 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s84193197686477?AQB=1&ndh=1&pf=1&t=31%2F4%2F2022%2013%3A44%3A50%202%200&mid=50984837797410164222697423648120140991&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20chromeloader-hijacker-threats%2F179761&g=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20chromeloader-hijacker-threats%2F179761&v9=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220414%3A289%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=ChromeLoader%20Browser%20Hijacker%20Provides%20Gateway%20to%20Bigger%20Threats%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=50984837797410164222697423648120140991&v116=1720830306.1654004688&v125=0.30473382435300644_1654004687854&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
x-content-type-options
nosniff
x-c
main-1645.Id526ce.M0-571
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 01 Jun 2022 13:44:50 GMT
server
jag
xserver
anedge-df488f754-g8ltc
etag
3551948026848870400-4619897712411541309
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 30 May 2022 13:44:50 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=1720830306.1654004688&jid=137268619&uid=50984837797410164222697423648120140991&gjid=422183009&_gid=1391796103.1654004688&_u=aEDAAEABAAAAAC~&z=2102415320
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c03::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 31 May 2022 13:44:51 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
sv
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sv?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:50 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012205161914000/ Frame 46E6 		220 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/amp4ads-v0.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
757319a250590e2bd0a13b21c1541d2de6628e4f27fc53dbc09810a20eece701
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
17954
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61456
x-xss-protection
0
server
sffe
date
Tue, 31 May 2022 08:45:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"42b814baf88beb20"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 31 May 2023 08:45:37 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 46E6 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb79fb74d6258322e62522032aa870d6b08193d00356365ada57b7ec120c831f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5191
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3630c4be819f8fb"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 46E6 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-analytics-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba4104ca707204425da942d41ded59339a7925fa7986876ae2b2fde22a3ef7a2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28900
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ccce7ec6c76e0017"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 46E6 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-fit-text-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3427cca8a2e3789c0a04279acc2720b7f93b87932a915c850fe41a09924f0a8c
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1905
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"862cd07357fd06d9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 46E6 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-form-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1632299889539ec3c89ff14ed39f3a8ad49ab6b13eedf7bb78e0bd70b95d79a9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
585465
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12945
x-xss-protection
0
server
sffe
date
Tue, 24 May 2022 19:07:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"2cd215bb1afb4615"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 24 May 2023 19:07:06 GMT
4064402928989863384
tpc.googlesyndication.com/simgad/ Frame 46E6 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4064402928989863384?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnkNlMDjHfLUK_SQX6i7oCBdyUqFA
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
37c2eed19554cb39bd8d9f3e8d5fbc93868e2eaf0dbb97f809df8228dbb31668
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 20:10:26 GMT
x-content-type-options
nosniff
age
581665
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25084
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 20:29:05 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 24 May 2023 20:10:26 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 46E6 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
14593
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 01 Jun 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 46E6 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
13906
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 01 Jun 2022 09:53:05 GMT
l
www.google.com/ads/measurement/ Frame 46E6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT4R-068ksFsNx_A4o6My0XgrP1HHI5geAV05cAaZp1b7-JqyS4udm_MECpTRTX1w2wuhxPSMHJHgAOak6CxMgW8yRxfw
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame 46E6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CKP3J0huWYuuMAc25gAemqIiYB6jOg9Ro0KfFyIoPuLD5uNUIEAEg-ZvxhAFglYKAgLAHoAGzqLL7AcgBAuACAKgDAcgDCKoEkQJP0D4VFGIE_laW12mTGexciVsvZV3MSZf7dl3bM3N4H1HiwWOds3huHYHJ9yQ4iQt45LBA-tgv670qlBoN5qI3J70iwouy77kEXbBbNy7c8l29XaJhATdrUIirrcRo2_o5jE_2X9kqUmFJ5zxtnzLHd55nXqLWsmnl04Pl9wWJWSSVQmXeQUfRSUz_Wc7d7c6xK1AxstpkOjqk69lMGlwTqu1z9sKyJ-7THdS_OmYgX8FI5Ez1wRoAHkqXPyMRW5IJ7o1eyfcU7fVEKFAZjiD3rCBGRNVTqHPX-nQIZgsMINqrRAsiNWqNYAYlBd_qWtPoNCPOCPDMOaAD6JxZtticTMek3kW4zSrtamQ3PKDsji7ABOr17fHsA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAe1182EAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcFEOrJvALSCAcIiGEQARgdgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=-ak2i93tydM&uach_m=[UACH]
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
truncated
/ Frame 46E6 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb77a9712fa48b953860880d6f55b85fd9054fd13ebfe6a474e91f9d9c99c436

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012205161914000/ Frame 1524 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/amp4ads-v0.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
757319a250590e2bd0a13b21c1541d2de6628e4f27fc53dbc09810a20eece701
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
17954
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61456
x-xss-protection
0
server
sffe
date
Tue, 31 May 2022 08:45:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"42b814baf88beb20"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 31 May 2023 08:45:37 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 1524 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb79fb74d6258322e62522032aa870d6b08193d00356365ada57b7ec120c831f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5191
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3630c4be819f8fb"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 1524 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-analytics-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba4104ca707204425da942d41ded59339a7925fa7986876ae2b2fde22a3ef7a2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28900
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ccce7ec6c76e0017"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 1524 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-fit-text-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3427cca8a2e3789c0a04279acc2720b7f93b87932a915c850fe41a09924f0a8c
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1905
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"862cd07357fd06d9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 1524 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-form-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1632299889539ec3c89ff14ed39f3a8ad49ab6b13eedf7bb78e0bd70b95d79a9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
585465
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12945
x-xss-protection
0
server
sffe
date
Tue, 24 May 2022 19:07:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"2cd215bb1afb4615"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 24 May 2023 19:07:06 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1524 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
14593
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 01 Jun 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1524 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
13906
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 01 Jun 2022 09:53:05 GMT
12292965368575836593
tpc.googlesyndication.com/simgad/ Frame 1524 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/12292965368575836593?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qms813sT0Epg_A-hxkWXTAjJyRC7Q
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c43dcf156cbf8999aad6ccc1e0d5b9b39a7675ccd02679daa1aca4503205773a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sat, 28 May 2022 08:09:06 GMT
x-content-type-options
nosniff
age
279345
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67564
x-xss-protection
0
last-modified
Tue, 09 Mar 2021 23:57:40 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 28 May 2023 08:09:06 GMT
l
www.google.com/ads/measurement/ Frame 1524 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTyPSl-gHleUhI8k2yNbCqb9cW-WD6nlVXABXpmc0JjUnFi4wXh9PcIoAwO_Aao0KbI5k788YRFR5JXHJQFcezeP9m8hA
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame 1524 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CDlHH0huWYu2MAc25gAemqIiYB6jOg9RoiKbFyIoPuLD5uNUIEAEg-ZvxhAFglYKAgLAHoAGzqLL7AcgBAuACAKgDAcgDCKoElQJP0H37nqzM8ZEr_wYSAzEUSXbD5beVv4unXRj1qmaemqOgf_FTB_3oU2J87Kveq6H1Xtj-VscCyRlCso_xUcXVvn_3yWdkU9op9Y87Ro3A-fIApIDRjE7sk1LeB74MMtNX882U3X96PZUlhOzvZMju5qEdLj-2U0Gep_ZtyzNCZw6hL5cyMM7M2SDrbMQlEkJjQlhAbF3sYKVYDxSzEHteLEWRA4dth0NwY99T0hZfXKbsVGKriA1iTOcIgUUvQXvIL_3C-svu8_BbcYSy_7Su2SvMUqJJzd9ma3nDyCYYUVHq3yFz4hIYHoEqCbp3Xsv-KBuH8lS2LlOC4WW_5KuHjGyT0HdeDAZRZSgE6LN_rxHK6NFuwATq9e3x7APgBAGSBQQIBBgBkgUECAUYBKAGAoAHtdfNhAKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDhjj3SCAcIiGEQARgdgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=Imj-d5YNEZw&uach_m=[UACH]
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
truncated
/ Frame 1524 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
812c42db716d7d7efd093720bf70eaacfe57b5f1ffb15b907438ba250a667e20

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012205161914000/ Frame 272F 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/amp4ads-v0.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
757319a250590e2bd0a13b21c1541d2de6628e4f27fc53dbc09810a20eece701
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
17954
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61456
x-xss-protection
0
server
sffe
date
Tue, 31 May 2022 08:45:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"42b814baf88beb20"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 31 May 2023 08:45:37 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 272F 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb79fb74d6258322e62522032aa870d6b08193d00356365ada57b7ec120c831f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5191
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3630c4be819f8fb"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 272F 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-analytics-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba4104ca707204425da942d41ded59339a7925fa7986876ae2b2fde22a3ef7a2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28900
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ccce7ec6c76e0017"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 272F 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-fit-text-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3427cca8a2e3789c0a04279acc2720b7f93b87932a915c850fe41a09924f0a8c
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1905
x-xss-protection
0
server
sffe
date
Mon, 30 May 2022 17:09:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"862cd07357fd06d9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 30 May 2023 17:09:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012205161914000/v0/ Frame 272F 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012205161914000/v0/amp-form-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1632299889539ec3c89ff14ed39f3a8ad49ab6b13eedf7bb78e0bd70b95d79a9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
585465
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12945
x-xss-protection
0
server
sffe
date
Tue, 24 May 2022 19:07:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"2cd215bb1afb4615"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 24 May 2023 19:07:06 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 272F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
14593
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 01 Jun 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 272F 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
13906
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 01 Jun 2022 09:53:05 GMT
1445717661886400619
tpc.googlesyndication.com/simgad/ Frame 272F 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1445717661886400619?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qn8M8CH5QxZUC3WgW1yf0Sc2Rs3ww
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8580fef9bd2d3c7ae71a030999d9960df470e22488d02402c03cb698998168e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 25 May 2022 06:54:26 GMT
x-content-type-options
nosniff
age
543025
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28267
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 20:28:48 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 25 May 2023 06:54:26 GMT
l
www.google.com/ads/measurement/ Frame 272F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRalVX9zIkl-aR2HEzKjIxIbBJFxKF8JgHyfNWCbZA3GEAhiKclWMZI915cZVFJnV2Ks5loMrLAsKaAbo-RD2qp9W67fQ
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame 272F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CNN7r0huWYuyMAc25gAemqIiYB6jOg9RomJrFyIoPuLD5uNUIEAEg-ZvxhAFglYKAgLAHoAGzqLL7AcgBAuACAKgDAcgDCKoElQJP0IXjZPOufF5C3AIOsSVdG5l1sgy67NhhLHRZ1s7nX_Uz16jh3585RKWa1nm1F3-bBlrDxyYeqs-MIJ9m9zm7Qc84Ca49Ln9S1JJaqqCkqD1CySrf9vlKF71ulir0WZUBilsQUYRMi89xUJtvDIGbumN0GlmhkbdQIV4Lci59LxwEGWRDD-znTeFMv_dICqz11IjgzaX9DwGiwF04icx23ARL2M9QUeL_otlX6DPWT_aIcck-BF4AuJYhLzXSeLW5E2WxXiH87AgGJzjFB-E7CIcmo1bAXXKgWapekbFxocn6xOOC7FCz_cI2nIKaPcaPCwW6dMUqgAhBrqOkKFJTEQFbM7MYdj54YybYm90hH4HeS2nnwATq9e3x7APgBAGSBQQIBBgBkgUECAUYBKAGAoAHtdfNhAKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCxqVfSCAcIiGEQARgdgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=jOq0S1I6n8s&uach_m=[UACH]
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
truncated
/ Frame 272F 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f96371999c1dfb7168e065190cfab76d02bf7879632bc90605cd006edfba04d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1654004691670%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fchrom...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&liSync=true&e_ipv6=AQKOG5wsZ43-WgAAAYEaXLYg...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&liSync=true&e_ipv6=AQKOG5wsZ43-WgAAAYEaXLYgNMZDhcxdYBe-mfelkfWD64tRWfEg_oGUQtAYrADu3iIdYGNt
Protocol
H2
Server
13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:52 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: F1726C1BDE70463290244B0F1F2ACA0D Ref B: VIEEDGE1705 Ref C: 2022-05-31T13:44:52Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXgTvosddZHYMEb02LiLw==
x-li-fabric
prod-ltx1

Redirect headers

date
Tue, 31 May 2022 13:44:51 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: F16A012D350F4044815E9FFEDC69F124 Ref B: VIEEDGE1419 Ref C: 2022-05-31T13:44:52Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1654004691670&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&liSync=true&e_ipv6=AQKOG5wsZ43-WgAAAYEaXLYgNMZDhcxdYBe-mfelkfWD64tRWfEg_oGUQtAYrADu3iIdYGNt
x-li-proto
http/2
content-length
0
x-li-uuid
AAXgTvonOoOHmqSOAEreUw==
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1720830306.1654004688&jid=137268619&_u=aEDAAEABAAAAAC~&z=1263287902
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1720830306.1654004688&jid=137268619&_u=aEDAAEABAAAAAC~&z=1263287902
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe5p1&_p=687334969&_z=ccd.tdB&cid=1720830306.1654004688&ul=en-us&sr=1600x1200&_s=1&sid=1654004691&sct=1&seg=0&dl=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&dt=ChromeLoader%20Browser%20Hijacker%20Provides%20Gateway%20to%20Bigger%20Threats%20%7C%20Threatpost&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20chromeloader-hijacker-threats%2F179761&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=50984837797410164222697423648120140991
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hi...
9582686.fls.doubleclick.net/ Frame 5573
Redirect Chain
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-...
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=...
628 B
465 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9582686.fls.doubleclick.net/activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f6.1e100.net
Software
cafe /
Resource Hash
c66a064f7b0ceeb5266d38d48813ad7b30f6fccbf5a87fea1fd7b3e003c3d180
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
442
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 31 May 2022 13:44:52 GMT
expires
Tue, 31 May 2022 13:44:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 31 May 2022 13:44:51 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9582686.fls.doubleclick.net/activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2BD1 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
462
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 31 May 2022 13:37:09 GMT
expires
Wed, 31 May 2023 13:37:09 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 7A15 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0f31008022b246822e04eb8298441a26c4753ff53f3b4c439a26d4097319b31d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XzeJLc-POjJe2NWyC_ywLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-XzeJLc-POjJe2NWyC_ywLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 31 May 2022 13:44:51 GMT
expires
Tue, 31 May 2022 13:44:51 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
si
googleads.g.doubleclick.net/pagead/drt/ Frame 272F
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Redirect headers

date
Tue, 31 May 2022 13:44:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 46E6
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Redirect headers

date
Tue, 31 May 2022 13:44:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 1524
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: threatpost.com
URL: https://threatpost.com/chromeloader-hijacker-threats/179761/
Protocol
H2
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Redirect headers

date
Tue, 31 May 2022 13:44:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=*;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=...
adservice.google.com/ddm/fls/z/ Frame 5573 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=*;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F
Requested by
Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CIuj_tDvifgCFSpHHQkdGoYD3g;src=9582686;type=globalc;cat=globa0;ord=5935663386124;gtm=2od5p1;auiddc=2069262511.1654004692;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fchromeloader-hijacker-threats%2F179761%2F;u6=;u7=50984837797410164222697423648120140991-1720830306.1654004688;u9=_chromeloader-hijacker-threats_179761_;~oref=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9582686.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 31 May 2022 13:44:52 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1151
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 0340
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=zduqnHxJWVBJVkRxTU9UWWNlODc5ditnU2h3Vy9qRlNFa3h6WG42ZjNGdDJ3c3NzN0pIeUpzWUVaL082Q0EyVzdJd1hGOWMxWEtHMGo0MmlkQk9mU01rdU9LL2dTd2MxYnRTM0tpSnJDVlhRYjdYODNVZ251dHJBMlR1L0...
352 B
617 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=zduqnHxJWVBJVkRxTU9UWWNlODc5ditnU2h3Vy9qRlNFa3h6WG42ZjNGdDJ3c3NzN0pIeUpzWUVaL082Q0EyVzdJd1hGOWMxWEtHMGo0MmlkQk9mU01rdU9LL2dTd2MxYnRTM0tpSnJDVlhRYjdYODNVZ251dHJBMlR1L09hTVIxek95Sy9MZzZ3MnRibGc4U0pJMUo0WVYxVG1oV08zSVJYMGdyRnFBTVUrWTA1emxOOFQzK1IvYTRaOG9yWGEzUTlscEMrN2llZ09xWndUMzBJTFlMWmkrMStBN1dZclZBVm0ydzFISlQzVFNnV3RVPXw&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
54faeff6570000222913413c38ed1c989249724eec3230f58904a190dbe78d86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3314
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
location
https://mug.criteo.com/sid?cpp=zduqnHxJWVBJVkRxTU9UWWNlODc5ditnU2h3Vy9qRlNFa3h6WG42ZjNGdDJ3c3NzN0pIeUpzWUVaL082Q0EyVzdJd1hGOWMxWEtHMGo0MmlkQk9mU01rdU9LL2dTd2MxYnRTM0tpSnJDVlhRYjdYODNVZ251dHJBMlR1L09hTVIxek95Sy9MZzZ3MnRibGc4U0pJMUo0WVYxVG1oV08zSVJYMGdyRnFBTVUrWTA1emxOOFQzK1IvYTRaOG9yWGEzUTlscEMrN2llZ09xWndUMzBJTFlMWmkrMStBN1dZclZBVm0ydzFISlQzVFNnV3RVPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1394
content-length
482
expires
0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 5839 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
33469
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 31 May 2022 13:44:52 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 26 May 2022 04:26:53 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 470359
X-Served-By
cache-lga13629-LGA, cache-hhn4035-HHN
X-Timer
S1654004693.581793,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 08F9 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=44408
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:52 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 01 Jun 2022 02:05:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 1415 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Tue, 31 May 2022 13:44:52 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame F9AA 		668 B
732 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
ce28d08e7476f822d388870ea134a9b76d7f0782496a0d8f8173ff4daa1a5d9c

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
420
content-type
text/html
date
Tue, 31 May 2022 13:44:52 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/eecec1e
vary
Accept, Accept-Encoding
via
1.1 google
ixmatch.html
js-sec.indexww.com/um/ Frame DA08 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Tue, 31 May 2022 13:44:52 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame BF93 		668 B
721 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
ce28d08e7476f822d388870ea134a9b76d7f0782496a0d8f8173ff4daa1a5d9c

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
420
content-type
text/html
date
Tue, 31 May 2022 13:44:52 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/eecec1e
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 1997 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=44408
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:52 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 01 Jun 2022 02:05:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame A8C3 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
33469
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 31 May 2022 13:44:52 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 26 May 2022 04:26:53 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 469697
X-Served-By
cache-lga13629-LGA, cache-hhn4059-HHN
X-Timer
S1654004693.607870,VS0,VE0
sodar
pagead2.googlesyndication.com/pagead/ Frame 7A15 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022052401&jk=619830807980834&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
sd
eu-u.openx.net/w/1.0/ Frame F9AA
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=be986296-1bd4-4c00-9189-d46d8d2f311c
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=be986296-1bd4-4c00-9189-d46d8d2f311c
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 31 May 2022 13:44:52 GMT
Server
MT3 4419 e1034d5 master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=be986296-1bd4-4c00-9189-d46d8d2f311c
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 31 May 2022 13:44:51 GMT
sd
us-u.openx.net/w/1.0/ Frame F9AA
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame F9AA
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3040707462893682252
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3040707462893682252
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:53 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3040707462893682252
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame F9AA 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=d4d4f9fa-34f2-72b3-f203-d60530f09ccc&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame F9AA 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZjhiYjJhMzAtZmQ4NS0yYzE3LWU3ZTMtOGNiY2ZhMTI1MmFj
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame F9AA
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:53 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame BF93
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=02396296-1bd4-4100-9e85-ce18c18a0a66
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=02396296-1bd4-4100-9e85-ce18c18a0a66
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 31 May 2022 13:44:52 GMT
Server
MT3 4419 e1034d5 master cdg-pixel-x15 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=02396296-1bd4-4100-9e85-ce18c18a0a66
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 31 May 2022 13:44:51 GMT
sd
us-u.openx.net/w/1.0/ Frame BF93
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=zQVY7spVBejWU1C9yAFM7M4AV-rWU1HrzQJXNQVl
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame BF93
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5967721534380435587
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5967721534380435587
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:53 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5967721534380435587
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame BF93 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=d4d4f9fa-34f2-72b3-f203-d60530f09ccc&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame BF93 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZjhiYjJhMzAtZmQ4NS0yYzE3LWU3ZTMtOGNiY2ZhMTI1MmFj
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame BF93
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:53 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:52 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE0BKCBKRuGC6X_klzD6-xo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
BlV8lHKGnk03wUyhHWlg9fV4CiK26Crs8dLo7bQbDuA.js
pagead2.googlesyndication.com/bg/ Frame 2BD1 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/BlV8lHKGnk03wUyhHWlg9fV4CiK26Crs8dLo7bQbDuA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
06557c9472869e4d37c14ca11d6960f5f5780a22b6e82aecf1d2e8edb41b0ee0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 09:38:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
14765
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13861
x-xss-protection
0
last-modified
Tue, 24 May 2022 10:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 31 May 2023 09:38:47 GMT
async_usersync
ib.adnxs.com/ Frame 5839 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:52 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
1fe10ff8-fd73-4444-a262-a34a9028e6e9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame A8C3 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:52 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
65ddf995-2df5-471e-9c09-6a2f688bcdd9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=zduqnHxJWVBJVkRxTU9UWWNlODc5ditnU2h3Vy9qRlNFa3h6WG42ZjNGdDJ3c3NzN0pIeUpzWUVaL082Q0EyVzdJd1hGOWMxWEtHMGo0MmlkQk9mU01rdU9LL2dTd2MxYnRTM0tpSnJDVlhRYjdYODNVZ251dHJBMlR1L09hTVIxek95Sy9MZzZ3MnRibGc4U0pJMUo0WVYxVG1oV08zSVJYMGdyRnFBTVUrWTA1emxOOFQzK1IvYTRaOG9yWGEzUTlscEMrN2llZ09xWndUMzBJTFlMWmkrMStBN1dZclZBVm0ydzFISlQzVFNnV3RVPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 31 May 2022 13:44:52 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1049
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
generate_204
tpc.googlesyndication.com/ Frame 2BD1 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?CYefag
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022052401&jk=619830807980834&bg=!_P-l_7vNAAao8wy8iPM7ACkAdvg8Wq3h4LobHgatkrGzlRgdES0mrUSJSiaJJnLbaOy3R3eR0FazqAIAAACCUgAAAAJoAQcKAA_Jr9GFjbiC4zBGnSxF2XCZApnZyJsLTGzV2nIPetkfSk4dwMC0F-aPRuv4XB8SUCrWmNmSWIuwY5fGevy15b4DNcKcJOXwp6IJGwPEOcc3m25JLHT1W2rlziQCsQQ4LKyuqE86OYeGxXJjGeZmGPrL8jXRDNAF6qedqHETYPhxOOxuaiP30dlWNXFdQolO2gFBYgv5JpSn-rGPJHgkd7y_l7gNZqHsZORqSvzQpNAN4lVLw_d8iC1wSXGhKALJttPN3BorYjlgv1cZL1M92GBom_cbmDwjRgtXL0_708aAqypb6FsBGzVqYN9_nDIouwWlVIFSYPAfDLEHqMUkp_aDAaej2gArqXdgVj3eShtHBYqMwWq0O3vr-uZ7BhE6Eqs75jUqPzqUY3a3-n963bZc9T7H65BIfasOy5zOEV7m0hi4bhDownJZYBAp2POlVhY6DU25S20bT0KCYqo6IHQ9W0BdzwMqWWKyaBx__bADsei2qF2V3yXQ34FKExARJTgef-u9xPwSKKf5azy5L4SvJA31Om9QwdvpeWmUFCwFZ5Uxmk806Klxb7kkqWwFknSVmpqc4u1CUyXlFvEMMcdO2ujbzzIDUGHiikGcdjs0n9DWq7tHTWoo_n3yrhY7cMhV_R6ufdaN_UePgcJFGZ3S3nS2unqoV4y67v7yZjlceBkozMniOPsS4U3Nm2OXGyQ4IrLCJucMGx8lPkaFlxxHP_kWA_tTY2x_kiFmpV93buvFaRYRvjTLclK2JN68Y5txDVeMtoiifuLU_DPjrMthG8I2DjxCR1fCv8KY5hqeR4g0b2jpnafsxQtzZOEnRxasFgbucKYGs8OKry3lsYbbDxbqVuJrbUWzaODCPz_am-Y5HPe_FeJe0j6qdrxqDIjBkPKQozvTPDvteQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame 46E6 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvft56A2Km210UlOkVithoz0D0oaGfFkFlqVK7rbQfR0qHfg5sf976JgKAaYqYjSLQYtGPK8bTDAgsZoKnpAi1qKlMOaipsF-QHWUF9gs-PsEd8DvLB22_Xjw&sai=AMfl-YSZbmPisS4HkbK4b8oqd0a9D7JApuKRnawnxX0fN9IxCKx61_x6j8-dTOVTqtVZ_vc4Z3HCSXD-6PYUrpUhx6v8OI6aEsI1CHmc5OQ7_UvbWUrLZyyC0KHpNr_dN4PS&sig=Cg0ArKJSzEUuXTEzNphUEAE&id=ampim&o=315,8&d=970,120&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=2055&tls=3056&g=100&h=100&tt=3056&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=4166723991
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abt
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:53 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
activeview
pagead2.googlesyndication.com/pcs/ Frame 272F 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5wfylrDcLmhSPzBpGn3wfhiZotEihK9tS9U3UHZckzNatus4ejwH11lNia13ieYZA8pjF70hVofwZVQBmCNOL-FpgqcNHSV9LIxq8-eWui4SEEi32aYNz2A&sai=AMfl-YSaZohD5Uy17FKbLqdjPd1oNbuwRJW2vevdGZcQn_srfIxM3AaFW43kHC6gvyfXdbztKlaKwiuKdyqi-C3BOiAo4drKVe4eBHeje2NFKqBOgv0WlnPV6IHSqzE6Uo3_&sig=Cg0ArKJSzNEynOM9aGxyEAE&id=ampim&o=1064,286&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=1914&tls=2915&g=100&h=100&tt=2915&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=1414505084
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 5839 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:53 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
19524167-9533-41a3-bae0-a7d43cd5530d
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame A8C3 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:53 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e7e7b477-1506-4a10-a1b0-d6eb08a4c84f
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync.html
acdn.adnxs.com/dmp/ Frame 1F54 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
33471
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 31 May 2022 13:44:54 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 26 May 2022 04:26:53 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 469727
X-Served-By
cache-lga13629-LGA, cache-hhn4059-HHN
X-Timer
S1654004695.916310,VS0,VE0
usync.html
eus.rubiconproject.com/ Frame 5129 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 31 May 2022 13:44:55 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7CCF 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=44406
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:54 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 01 Jun 2022 02:05:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 6F3F 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Tue, 31 May 2022 13:44:54 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
sync.html
public.servenobid.com/ Frame FE7A 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:49::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=86400
content-encoding
br
content-type
text/html
date
Tue, 31 May 2022 13:44:54 GMT
etag
"a067ca1c11975e052149fcb5fac5e2d3"
last-modified
Tue, 26 Apr 2022 01:37:54 GMT
server
AmazonS3
x-amz-id-2
JhHeGRKm5wOhTkldNG9gF8OiDooCAQAnAHMDM7oi2zy+2p9LvaQMMfYBVoKFeu0O
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:5eb96107-ea8e-4447-a80a-9b951732aaca
x-amz-meta-codebuild-content-md5
e5441cba1c83e44c16f2d792acc1823c
x-amz-meta-codebuild-content-sha256
3b14aefb08d603d224cbf56f0ff34e70ebd576659dc2557c0629a8ec6943dc55
x-amz-request-id
2ANS53DF98H83DWC
x-azure-ref
01xuWYgAAAABgN1I/SrmcS7aEFJbo1PR/RlJBMjMxMDUwNDE4MDI3ADg0ZTdkZmEyLTE0NDItNDMzNC1iMzRmLWU0MmQzZjdkZGFkOQ==
x-azure-ref-originshield
0Wg6VYgAAAACWePxaJG6iSrpwW+M8F1L8QU1TMDRFREdFMTgxNAA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache
TCP_HIT
2000891.html
sync.serverbid.com/ss/ Frame 6529 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.serverbid.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-64.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f31877812ade3cbda659976d8597d3059465388c75dd9097c5c9b63ad7aaa7c4

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
76156
content-encoding
gzip
content-type
text/html
date
Mon, 30 May 2022 16:36:00 GMT
etag
W/"80b4cb8427bdc87559a8857675862d26"
last-modified
Sat, 28 May 2022 17:31:04 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
x-amz-cf-id
1d4UiEZLLYDq6J-soS0MrIuDGvEl92Boy3clfI4JOUXtqiu07q5DGw==
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
beacon
ap.lijit.com/ Frame 66D8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13394437
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Tue, 31 May 2022 13:44:54 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap6ams1
sync
eb2.3lift.com/ Frame EECE 		37 B
140 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Tue, 31 May 2022 13:44:55 GMT
pd
eu-u.openx.net/w/1.0/ Frame 649B 		542 B
358 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
b672cbe8455fa538b2100b83622e2ba10f92d93d86323bd87d448252f6acbbce

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
339
content-type
text/html
date
Tue, 31 May 2022 13:44:54 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/eecec1e
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync
ib.adnxs.com/ Frame 1F54 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
f0b351ce-3e72-4375-a379-2848adb23bd9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dds
rtb.openx.net/sync/ Frame 649B 		43 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
j57sqtm3ad6l1ngd116jnba55upmfb65
40139fbe-a45e-e0fa-c3d4-c0f0cfa75185
pr-bh.ybp.yahoo.com/sync/openx/ Frame 649B 		43 B
986 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/40139fbe-a45e-e0fa-c3d4-c0f0cfa75185?gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:2e02:fe1c:9c40:529 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
eu-u.openx.net/w/1.0/ Frame 649B
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=DZmpr8f21NW2b55
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=DZmpr8f21NW2b55
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:54 GMT
Server
PingMatch/bfc3242#bfc324243f5312950ec263cab8f0e25b6cfe09e3 i-05d046f5278a22b8b@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=DZmpr8f21NW2b55
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 649B
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://x.bidswitch.net/ul_cb/sync?ssp=openx
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=63efe4aa-0fff-4702-8343-6fa5ed529f43&ssp=openx&expires=30&user_group=5&bsw_param=13163ccf-fbea-4912-bc3b-5a82092a35a3
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=13163ccf-fbea-4912-bc3b-5a82092a35a3&gdpr=&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=13163ccf-fbea-4912-bc3b-5a82092a35a3&gdpr=&gdpr_consent=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//us-u.openx.net/w/1.0/sd?id=537072968&val=13163ccf-fbea-4912-bc3b-5a82092a35a3&gdpr=&gdpr_consent=
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sd
eu-u.openx.net/w/1.0/ Frame 649B
Redirect Chain
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=3934069753600962614
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=3934069753600962614
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/eecec1e /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
via
1.1 google
server
OXGW/eecec1e
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
29a1b94f-7118-4455-a084-308f9a4f2a52
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=3934069753600962614
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ox
match.prod.bidr.io/cookie-sync/ Frame 649B 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/ox
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.200.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-200-111.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 5129 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
12b33ad08e44ee4fad671f0cad85bfb97960973cfe5fd50b1cc2dbeeb6f47401

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?gdpr=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 13:44:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 May 2022 17:55:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=58912
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9453
Expires
Wed, 01 Jun 2022 06:06:47 GMT
usersync
x.serverbid.com/ Frame 6529
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=Eu5YuBZHYmFy4GW2SCy2Zgkk
35 B
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=Eu5YuBZHYmFy4GW2SCy2Zgkk
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
https://sync.serverbid.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Date
Tue, 31 May 2022 13:44:55 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=Eu5YuBZHYmFy4GW2SCy2Zgkk
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
um
cs.emxdgt.com/ Frame 6529 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24UID
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-length
0
content-type
text/html
i.gif
e.serverbid.com/udb/9969/sync/ Frame 6529
Redirect Chain
  • https://p.rfihub.com/cm?pub=42786&in=1
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588520425564536
35 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588520425564536
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:56 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
https://sync.serverbid.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588520425564536
Date
Tue, 31 May 2022 13:44:56 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usersync
x.serverbid.com/ Frame 6529
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D&s=185073&C=1
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YpYb13U9rOlJvfko5CtADAAA%261216
35 B
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YpYb13U9rOlJvfko5CtADAAA%261216
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
https://sync.serverbid.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YpYb13U9rOlJvfko5CtADAAA%261216
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
306
Expires
Tue, 31 May 2022 13:44:55 GMT
usersync
x.serverbid.com/ Frame 6529
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3934069753600962614
35 B
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3934069753600962614
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
https://sync.serverbid.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
3e0556cd-9c5e-4d0e-8a8a-6bb33fcc84d2
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3934069753600962614
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usa
sync.go.sonobi.com/ Frame 6529 		0
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5444%26spui%3D%26dpui%3D
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame 6529
Redirect Chain
  • https://pixel.advertising.com/ups/56621/occ
  • https://pixel.advertising.com/ups/56621/occ?verify=true
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPdab561bd-e0e7-11ec-8960-069eec745a7a
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPdab561bd-e0e7-11ec-8960-069eec745a7a
35 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPdab561bd-e0e7-11ec-8960-069eec745a7a
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
https://sync.serverbid.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPdab561bd-e0e7-11ec-8960-069eec745a7a
date
Tue, 31 May 2022 13:44:55 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4C3F 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://sync.serverbid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=44405
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 01 Jun 2022 02:05:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
rid
match.adsrvr.org/track/ Frame 6529 		63 B
393 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
749c658e38c36862b8232758824cd0c0588251f94c1f6c12b40d78818b07bf9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://sync.serverbid.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Thu, 30 Jun 2022 13:44:55 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4DA2 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=44405
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 01 Jun 2022 02:05:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
13926
g2.gumgum.com/usync/ Frame D0E1 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.75.147.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6b83bf19d7253ea798b27766ff68dede9abce5c884356f3b959e9aea870dbf38

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Tue, 31 May 2022 13:44:55 GMT
etag
W/"0de870b7494371c1ca01239023795d0a9"
server
nginx
timing-allow-origin
*
ps
pixel.33across.com/ Frame 299B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Tue, 31 May 2022 13:44:54 GMT
server
33XP001
x-33x-status
2000208
/
onetag-sys.com/usync/ Frame 6BB1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame 3F5A 		650 B
900 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.107 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
eb5c2def2c7cd9cb3b90f626b27ed95f264d69a092f1db46fa7eb05dc8e3e5f2

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
650
content-type
text/html
date
Tue, 31 May 2022 13:44:55 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 7042
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4ab73646f8b8b9dd9f8eed36852f57c66ce9ea48c86bac89526b06a3c13f48b2

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1680
Content-Type
text/html
Date
Tue, 31 May 2022 13:44:55 GMT
Dropped-Udsids
241|230|39|45|26|156|191|40
Expires
Tue, 31 May 2022 13:44:55 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync

Redirect headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 31 May 2022 13:44:55 GMT
Expires
Tue, 31 May 2022 13:44:55 GMT
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
sync.php
pixel.rubiconproject.com/exchange/ Frame FE7A 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
78e3bdce5107450057bade54d54a0a7e
Content-Type
image/gif
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=3934069753600962614
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=3934069753600962614
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
fc160940-8378-4224-867e-787663ad6c56
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=3934069753600962614
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ads.servenobid.com/sync?pid=310&uid=Eu5YuBZHYmFy4GW2SCy2Zgkk
0
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=Eu5YuBZHYmFy4GW2SCy2Zgkk
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=Eu5YuBZHYmFy4GW2SCy2Zgkk
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame FE7A 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 31 May 2022 13:44:55 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYjI5NmMzZjMtZDU2OC00YWRlLTk2MGYtMTI3ZTAzM2MxOGRlIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0zMVQxMzo0NDo1NS43MTAwNzNaIn0=
0
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYjI5NmMzZjMtZDU2OC00YWRlLTk2MGYtMTI3ZTAzM2MxOGRlIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0zMVQxMzo0NDo1NS43MTAwNzNaIn0=
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYjI5NmMzZjMtZDU2OC00YWRlLTk2MGYtMTI3ZTAzM2MxOGRlIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0zMVQxMzo0NDo1NS43MTAwNzNaIn0=
Pragma
no-cache
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1654004695343
  • https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
0
336 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5141210820682477444
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5141210820682477444
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5141210820682477444
Date
Tue, 31 May 2022 13:44:56 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame FE7A 		0
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=4e79d528-00f8-4651-ad33-0dce82e91347&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=4e79d528-00f8-4651-ad33-0dce82e91347&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=4e79d528-00f8-4651-ad33-0dce82e91347&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Tue, 31 May 2022 13:44:54 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
0
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame FE7A
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
  • https://ads.servenobid.com/sync?pid=337&uid=y-ZSUuocxE2uEU3K8rUF2FiXwY8W6Ixflteq5fuY8-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-ZSUuocxE2uEU3K8rUF2FiXwY8W6Ixflteq5fuY8-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-ZSUuocxE2uEU3K8rUF2FiXwY8W6Ixflteq5fuY8-~A
date
Tue, 31 May 2022 13:44:55 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=3934069753600962614
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=3934069753600962614
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
fd506578-2d45-4eec-a45b-4f372b02f632
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://usersync.gumgum.com/usersync?b=apn&i=3934069753600962614
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_35299354-bb14-46d1-92f5-a1a09524f7bb&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=13163ccf-fbea-4912-bc3b-5a82092a35a3
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=a1497622-595f-45d9-ad81-90aab6a7585b&user_group=1&ssp=gumgum2&bsw_param=13163ccf-fbea-4912-bc3b-5a82092a35a3
  • https://usersync.gumgum.com/usersync?b=bsw&i=13163ccf-fbea-4912-bc3b-5a82092a35a3
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=bsw&i=13163ccf-fbea-4912-bc3b-5a82092a35a3
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Location
//usersync.gumgum.com/usersync?b=bsw&i=13163ccf-fbea-4912-bc3b-5a82092a35a3
Date
Tue, 31 May 2022 13:44:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
pixelSync
pixel-sync.sitescout.com/dmp/ Frame D0E1
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
  • https://usersync.gumgum.com/usersync?b=obn&i=ENC%282seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_35299354-bb14-46d1-92f5-a1a09524f7bb&obuid=ENC(2seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3...
0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3D2seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
66.155.71.25 -, , ASN (),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:56 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

Location
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3D2seo9osNbAMymimWlN5eAzzsP9lz6PNyHw1JSnyivcJ2gpNnLg_blN8TJx2PLeya&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING
Date
Tue, 31 May 2022 13:44:56 GMT
X-TraceId
966ef249bc63a4f43d9523f6cebaf10f
Content-Length
0
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=23e95d8a-1ce7-4ae5-9578-c6e8f8a09d8a
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=23e95d8a-1ce7-4ae5-9578-c6e8f8a09d8a
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

date
Tue, 31 May 2022 13:44:55 GMT
content-encoding
gzip
server
OXGW/eecec1e
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://usersync.gumgum.com/usersync?b=opx&i=23e95d8a-1ce7-4ae5-9578-c6e8f8a09d8a
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame D0E1
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-215e3216-897f-425a-5fc1-01ca01ea3112$ip$80.255.7.107
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-215e3216-897f-425a-5fc1-01ca01ea3112$ip$80.255.7.107
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.75.147.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-215e3216-897f-425a-5fc1-01ca01ea3112$ip$80.255.7.107
Date
Tue, 31 May 2022 13:44:55 GMT
Connection
keep-alive
Content-Length
121
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame D0E1
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-t8vJidFE2pfiREx_B77ahW.GtgCxy.u1XI6.~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-t8vJidFE2pfiREx_B77ahW.GtgCxy.u1XI6.~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.75.147.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Tue, 31 May 2022 13:44:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-t8vJidFE2pfiREx_B77ahW.GtgCxy.u1XI6.~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
  • https://usersync.gumgum.com/usersync?b=vnt&i=db129cf7-e0e7-11ec-a2ea-8b2d7ab0be8f
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=db129cf7-e0e7-11ec-a2ea-8b2d7ab0be8f
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=db129cf7-e0e7-11ec-a2ea-8b2d7ab0be8f
Date
Tue, 31 May 2022 13:44:55 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
db129cf8-e0e7-11ec-a2ea-8b2d7ab0be8f
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://usersync.gumgum.com/usersync?b=snc&i=GDPR
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

date
Tue, 31 May 2022 13:44:55 GMT
via
1.1 varnish
server
nginx
age
0
location
https://usersync.gumgum.com/usersync?b=snc&i=GDPR
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
29267921
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
content-length
0
142
match.deepintent.com/usersync/ Frame D0E1 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-length
0
server
c
usersync
rtb.gumgum.com/ Frame D0E1
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_35299354-bb14-46d1-92f5-a1a09524f7bb&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=POtTmpotioVp2LKUQDpl&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UCPORKG24DPORUW6VTQGJGEWVKRIRYGYJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=POtTmpotioVp2LKUQDpl&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=POtTmpotioVp2LKUQDpl&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.75.147.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=POtTmpotioVp2LKUQDpl&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=4c8e22a4-380c-4a92-ac4f-009145bd214a
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=4c8e22a4-380c-4a92-ac4f-009145bd214a
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=4c8e22a4-380c-4a92-ac4f-009145bd214a
date
Tue, 31 May 2022 13:44:55 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/floor6?zcc=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D&cb=1654004695526
  • https://usersync.gumgum.com/usersync?b=rhy&i=OPTOUT
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=rhy&i=OPTOUT
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://usersync.gumgum.com/usersync?b=rhy&i=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=IHTxWr5TIsWp&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=IHTxWr5TIsWp&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=IHTxWr5TIsWp&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-8665795bf5-ccdn9
expires
-1
usersync
usersync.gumgum.com/ Frame D0E1
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=sad&i=4549185882294245560
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=4549185882294245560
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=4549185882294245560
date
Tue, 31 May 2022 13:44:55 GMT
content-length
0
sync
ads.servenobid.com/ Frame D0E1 		0
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_35299354-bb14-46d1-92f5-a1a09524f7bb
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
usersync.gumgum.com/ Frame 4EA1
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=02396296-1bd4-4100-9e85-ce18c18a0a66&gdpr=0&gdpr_consent=
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=02396296-1bd4-4100-9e85-ce18c18a0a66&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 31 May 2022 13:44:55 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Tue, 31 May 2022 13:44:55 GMT
Expires
Tue, 31 May 2022 13:44:54 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4419 e1034d5 master cdg-pixel-x10 config:1.0.0
location
https://usersync.gumgum.com/usersync?b=mmh&i=02396296-1bd4-4100-9e85-ce18c18a0a66&gdpr=0&gdpr_consent=
usersync
usersync.gumgum.com/ Frame 4E3F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=atm&i=YpYb0AAAALMmvwNe&gdpr=0&gdpr_consent=
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YpYb0AAAALMmvwNe&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 31 May 2022 13:44:55 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Tue, 31 May 2022 13:44:55 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=YpYb0AAAALMmvwNe&gdpr=0&gdpr_consent=
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4029-HHN
x-timer
S1654004696.566981,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame 130C 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8zNTI5OTM1NC1iYjE0LTQ2ZDEtOTJmNS1hMWEwOTUyNGY3YmI=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Tue, 31 May 2022 13:44:55 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7C5E 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=44405
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 13:44:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 01 Jun 2022 02:05:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 54CA 		70 B
264 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Tue, 31 May 2022 13:44:55 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usersync
usersync.gumgum.com/ Frame B08A
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
  • https://cs.emxdgt.com/umcheck?apnxid=3934069753600962614&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
  • https://usersync.gumgum.com/usersync?b=emx&uid=3934069753600962614brt12611654004695570285f1
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=emx&uid=3934069753600962614brt12611654004695570285f1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 31 May 2022 13:44:55 GMT
Expires
0
Pragma
no-cache

Redirect headers

content-length
0
content-type
text/html
date
Tue, 31 May 2022 13:44:55 GMT
location
https://usersync.gumgum.com/usersync?b=emx&uid=3934069753600962614brt12611654004695570285f1
usersync
rtb.gumgum.com/ Frame 80BC
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YpYb2MCo5ucAAMrGh.UAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YpYb2MCo5ucAAMrGh.UAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.75.147.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Tue, 31 May 2022 13:44:56 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Tue, 31 May 2022 13:44:56 GMT
Location
https://rtb.gumgum.com/usersync?b=sus&i=YpYb2MCo5ucAAMrGh.UAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
2
X-SO-Cluster-ID
61
X-SO-HostName
a-ad40280.dc2p.scaleout.jp
X-SO-IP
80.255.7.107
X-SO-Key
YpYb2MCo5ucAAMrGh.UAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":61,"gdpr":true,"ipv4":"0.0.0.0","key":"YpYb2MCo5ucAAMrGh.UAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40280"}
X-SO-LB-Hostname
a-tgng40016.dc2p.scaleout.jp
X-SO-Upstream-ID
a-ad40280
usersync
rtb.gumgum.com/ Frame B1FA
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=NQhoKvUuTXfcVhZ07G0x&pi=gumgum&tc=1
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=NQhoKvUuTXfcVhZ07G0x&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.75.147.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-147-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Tue, 31 May 2022 13:44:55 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Tue, 31 May 2022 13:44:55 GMT Tue, 31 May 2022 13:44:55 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=NQhoKvUuTXfcVhZ07G0x&pi=gumgum&tc=1
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 7908
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 31 May 2022 13:44:55 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Tue, 31 May 2022 13:44:55 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
dcm
s.amazon-adsystem.com/ Frame 7042
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAABMAAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAABMAAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAABMAAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
209.54.180.3 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4HQ0WXSC7SN9NYXQ4T27
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
WXMWFVMQV28QXNBNRDW2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAABMAAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7042 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YpYb13U9rOlJvfko5CtADAAABMAAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 7042 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 7042
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YpYb13U9rOlJvfko5CtADAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECvRnwiqoFuBctQdE9Wl_c0&google_cver=1&gdpr=1
43 B
1001 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECvRnwiqoFuBctQdE9Wl_c0&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 31 May 2022 13:44:55 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECvRnwiqoFuBctQdE9Wl_c0&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
sync.taboola.com/sg/indexscod/1/cm/ Frame 7042 		0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=YpYb13U9rOlJvfko5CtADAAA%261216
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
41355
cookiesync
bttrack.com/pixel/ Frame 7042 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 -, , ASN (),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-ServerName
Track002-iad
Pragma
no-cache
Date
Tue, 31 May 2022 13:44:40 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
rum
dsum-sec.casalemedia.com/ Frame 7042
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=25bd9a6a-d0e3-bd4e-31f67e71
43 B
1001 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=25bd9a6a-d0e3-bd4e-31f67e71
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 31 May 2022 13:44:55 GMT

Redirect headers

date
Tue, 31 May 2022 13:44:55 GMT
via
1.1 google
server
nginx/1.20.2
access-control-allow-origin
*
p3p
CP='This is not a P3P policy!'
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=25bd9a6a-d0e3-bd4e-31f67e71
cache-control
max-age=3600
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146
sync
ads.servenobid.com/ Frame 7042 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=YpYb13U9rOlJvfko5CtADAAABMAAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
pixel
cm.g.doubleclick.net/ Frame 5129
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNVN09RM1ktNS03V0lF&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNVN09RM1ktNS03V0lF&gdpr=0
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNVN09RM1ktNS03V0lF&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame 5129
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=FdyjdVArQ0mEno_P5fiQMQ&rk=usync-na&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FdyjdVArQ0mEno_P5fiQMQ&gdpr=0
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FdyjdVArQ0mEno_P5fiQMQ&gdpr=0
Protocol
HTTP/1.1
Server
209.54.180.3 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KC4WSQNKJXTF8ZZ1MQ5W
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FdyjdVArQ0mEno_P5fiQMQ&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 5129
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=QCDONSeORGaFi8owb0S5zg&rk=usync-other&gdpr=0
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=QCDONSeORGaFi8owb0S5zg&gdpr=0
43 B
797 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=QCDONSeORGaFi8owb0S5zg&gdpr=0
Protocol
HTTP/1.1
Server
52.95.119.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
6AT2AD7HSQGQANW3BPA3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=QCDONSeORGaFi8owb0S5zg&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 5129
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/cL1tK0koWelzuUmengrc9g?csrc=&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=446527422465644186
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=446527422465644186
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
78e3bdce5107450057bade54d54a0a7e
Content-Type
image/gif

Redirect headers

date
Tue, 31 May 2022 13:44:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=446527422465644186
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
v1
ads.yahoo.com/cms/ Frame 5129
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&gdpr=0
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3U7OQ3Y-5-7WIE&sigv=1&esig=2~ef21e0396ceb98560ef13ff931e4fdabf807be85&gdpr=0
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3U7OQ3Y-5-7WIE&sigv=1&esig=2~ef21e0396ceb98560ef13ff931e4fdabf807be85&gdpr=0
Protocol
H2
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3U7OQ3Y-5-7WIE&sigv=1&esig=2~ef21e0396ceb98560ef13ff931e4fdabf807be85&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 5129
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmYwMjE2ZTJlNTkzZjdjZDdhMGMyNzhlZjk1ZmFmYTc0MWEwYmExZQ&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmYwMjE2ZTJlNTkzZjdjZDdhMGMyNzhlZjk1ZmFmYTc0MWEwYmExZQ&gdpr=0
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmYwMjE2ZTJlNTkzZjdjZDdhMGMyNzhlZjk1ZmFmYTc0MWEwYmExZQ&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 5129
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3U7OQ3Y-5-7WIE&gdpr=0
0
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3U7OQ3Y-5-7WIE&gdpr=0
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:54 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: B4B6FA777EBE44BDA6152C7677803559 Ref B: VIEEDGE1419 Ref C: 2022-05-31T13:44:55Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXgTvpZvIf/dx9gpRSY5g==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3U7OQ3Y-5-7WIE&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 5129 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cs&eq_cc=1
um2.eqads.com/um/ Frame 5411
Redirect Chain
  • https://um2.eqads.com/um/cs
  • https://um2.eqads.com/um/cs&eq_cc=1
186 B
370 B 		Document
General
Check archive.org
Download Go to
Full URL
https://um2.eqads.com/um/cs&eq_cc=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.247.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-247-148.compute-1.amazonaws.com
Software
/
Resource Hash
ba3203fc60f6b4c6cbae227c7c28e4f97ab080b5a3e8ca8bec8d4859a9c1116d

Request headers

Referer
https://ssum-sec.casalemedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, must-revalidate
content-length
186
content-type
text/html; charset=utf-8
date
Tue, 31 May 2022 13:44:56 GMT
expires
Sat, 6 May 1995 12:00:00 GMT
last-modified
Tue, 31 May 2022 13:44:56 GMT
pragma
no-cache

Redirect headers

content-length
41
content-type
text/html; charset=utf-8
date
Tue, 31 May 2022 13:44:55 GMT
location
/um/cs&eq_cc=1
sync
ads.servenobid.com/ Frame 3F5A 		0
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=4549185882294245560&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame 3F5A
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=tI5IYbPeFWev2EAysYpcY7eLR2Wv2EFktIm0E9uq
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=tI5IYbPeFWev2EAysYpcY7eLR2Wv2EFktIm0E9uq
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.106 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=tI5IYbPeFWev2EAysYpcY7eLR2Wv2EFktIm0E9uq
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame 3F5A
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7103896072476817548&gdpr=0&gdpr_consent=
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7103896072476817548&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.106 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 13:44:55 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7103896072476817548&gdpr=0&gdpr_consent=
Date
Tue, 31 May 2022 13:44:55 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
dcm
s.amazon-adsystem.com/ Frame 3F5A
Redirect Chain
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USE...
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4549185882294245560&gdpr=0&gdpr_consent=
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4549185882294245560&gdpr=0&gdpr_consent=&dcc=t
43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4549185882294245560&gdpr=0&gdpr_consent=&dcc=t
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
209.54.180.3 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
M1E9GQA4VV1ZJJ82Z3FB
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
741RVN50CRQ6N7VNG3E7
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4549185882294245560&gdpr=0&gdpr_consent=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
smartadserver
cs.admanmedia.com/sync/ Frame 3F5A 		0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.admanmedia.com/sync/smartadserver?us_privacy=&coppa=&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
8.2.111.142 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 13:44:55 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Server
nginx
Connection
keep-alive
X-Frame-Options
DENY
Content-Type
text/plain
st
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/st?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
usync.js
eus.rubiconproject.com/ Frame 7908 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
12b33ad08e44ee4fad671f0cad85bfb97960973cfe5fd50b1cc2dbeeb6f47401

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 13:44:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 May 2022 17:55:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=58912
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9453
Expires
Wed, 01 Jun 2022 06:06:47 GMT
async_usersync
ib.adnxs.com/ Frame 1F54 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
X-Proxy-Origin
80.255.7.107; 80.255.7.107; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
d922f715-4fca-4dfe-9cda-9c676ccdc257
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame 7908 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L3U7OQ3Y-5-7WIE
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
78e3bdce5107450057bade54d54a0a7e
Content-Type
image/gif
crum
dsum-sec.casalemedia.com/ Frame 5411 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=361a5690-8119-4d1b-a74f-e9a280b6a698&expiration=1661953496
Requested by
Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://um2.eqads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 May 2022 13:44:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 31 May 2022 13:44:56 GMT
integrator.js
adservice.google.com/adsid/ Frame 8F62 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 31 May 2022 13:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 3A29 		156 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2C22677468627%2FCNX_VIDEO%2F1234-2&description_url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&tfcd=0&%5BNPA%5D&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2158451037794177&cust_params=domains%3Dthreatpost.com&ad_type=video&vad_type=linear&sdkv=h.3.517.2&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2165051207&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.517.2&sid=8A151DCD-D341-49D8-9F6F-9F1DD757233D&nel=0&eid=44736293%2C44760950%2C44761692%2C44762462&top=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&url=https%3A%2F%2Fthreatpost.com%2Fchromeloader-hijacker-threats%2F179761%2F&loc=about%3Ablank&dlt=1654004686824&idt=3055&dt=1654004696506&cookie=ID%3Ddc87f3db0a3d2a34-2246f97ca2cd00e6%3AT%3D1654004689%3AS%3DALNI_MahzWbNL2FD_QX18dYYbDXqKYQhuQ&scor=3106763898449358&ged=ve4_td9_tt7_pd9_la9000_er1007.1246.1166.1552_vi0.0.1200.1600_vp100_eb24171
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s13-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 13:44:56 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
abt
capi-tier-2-us-east-2.connatix.com/tr/ Frame 8F62 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=164495
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.70.240 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-70-240.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 31 May 2022 13:44:58 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20

Verdicts & Comments Add Verdict or Comment

420 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| gform string| gAMP_urlhost string| gAMP_urlpath string| gAMP_urlquery string| gAMP_contentid string| gAMP_category string| gAMP_contenttags number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug boolean| gTrackVisibility boolean| gLazyLoad boolean| gTrackPageVisibility number| k30SecondRefreshInterval number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| k999SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent object| gGDPR_NonTCFVendors string| gGDPR_publisherCountryCode string| gGDPR_logoURL string| gGDPR_privacyPolicyURL string| kAmazonPublisherID object| ad728x90ATF object| ad300x250ATF object| ad300x250ATF2 object| ad728x90ATFTAB object| ad728x90STICKY object| ad300x250ATFTAB object| ad300x250ATF2TAB object| ad320x50ATF object| ad300x250ATFM object| ad300x250ATF2M object| ad2x2skin object| adGoogleAdXInterstitial number| gBrowserWidth object| desktopAdUnits object| tabletAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount function| _0x2484c2 object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gIntersectionObserver object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gPrebidBidsBack object| googletag object| pbjs function| _0x47b6 boolean| gHasGDPRCMP object| gGDPRTCData function| amp_getBidsForAllChannels function| amp_dumpBids function| amp_dumpWins function| amp_dumpTable function| amp_getBestBids function| sendAdserverRequest function| _0x4815 function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| scheduleConsentUpdates function| sendBidRequests function| doSendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| attachCloseBoxSVG function| configureAdSlot function| getCookie object| apstag function| cnx function| $ function| jQuery function| _extends function| _typeof function| LazyLoad object| gdprDynamicStrings object| gdprStrings object| kss object| sNew object| s0 object| dataLayer boolean| jQueryMigrateHelperHasSentDowngrade object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| sdGzNU2 function| sdGzNU3 object| xop boolean| apstagLOADED object| ggeac object| google_tag_data object| google_js_reporting_queue function| __uspapi function| __uspOpenUI object| FontAwesomeConfig object| ___FONT_AWESOME___ function| __tcfapi object| __cmpAPI object| __GVL object| __cmpTCModel function| __cmpOpenUI object| pbjsChunk object| _pbjsGlobals object| ADAGIO object| mnet object| mnjs string| nobidVersion object| nobid object| google_tag_manager function| postscribe object| google_tag_manager_external object| cnx_usr_storage boolean| creativeVendorLibraryLoaded string| GoogleAnalyticsObject function| ga object| _qevents function| twq object| kasperskyDynamicaReCaptchaData object| jQuery112405137966595527035 object| kaspersky object| prmOm object| omPlatformsSettings function| trackKLReferrer function| trackTrialSubmit function| trackFraud function| getFilename function| trackFile function| trackTrial function| trackTrialKMS function| trackPU function| trackPU2 function| trackDoc function| trackBeta function| trackDBUpdate function| trackDRFile function| trackLink function| trackCountrySelector function| trackLRC function| trackIPP function| trackPage function| trackLRCFallback function| trackMaxymiser function| trackAuditories function| trackCroSegment function| trackCta function| trackDownload function| trackEvent function| trackExit function| trackForm function| trackGoToPayment function| trackChangePaymentMethod function| trackLena function| trackMarketLincGroup function| trackMarketLincVisitor function| trackPageView function| trackPageViewOnLoad function| trackPartnerLocatorSearchEvent function| trackProductView function| trackRegistration function| trackSaleButton function| trackSignin function| trackSignIn function| trackUpsellPage function| omSetContext function| omSetOmnitureParameters function| omChooseCookieDomain function| omGetAbsoluteUrl function| omGetBusinessType function| omGetGoogleAnalyticsClientId function| omGetHostName function| omGetOrigin function| omGetPageNameFromPath function| omGetQueryParam function| omReadCookie function| omRemoveAllUrlParameters function| omRemoveAllUrlParametersForDownloads function| omRemoveUrlParameter function| omRemoveCookie function| omSafeParseJson function| omSetCookie function| omSetInp function| removeHashFromString function| omPushEventToDataLayer function| omCreateEventParamsObj function| omPushTrackingObjectToDataLayer function| omPrepareProductsString function| omHandleClick function| omHandleMessage function| e object| sng object| s object| visitorConfigObj function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in object| _uxa number| s_objectID number| s_giq object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp function| sprintf function| vsprintf object| gform_i18n object| gf_global object| gf_legacy_multi object| gf_legacy object| MZ1D6o2 function| MZ1D6o3 function| xblocker object| mI0pKJ function| mI0pKA function| xblacklist function| announceAJAXValidationErrors function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile object| _gformPriceFields undefined| _anyProductSelected function| gformIsHidden function| gformCalculateTotalPrice function| gformUpdateTotalFieldPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRoundPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformToggleShowPassword function| gformToggleCheckboxes function| gformToggleRadioOther function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformAdjustRowAttributes function| gformToggleIcons function| gformAddRepeaterItem function| gformDeleteRepeaterItem function| gformResetRepeaterAttributes function| gformToggleRepeaterButtons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| GFMergeTag function| GFCalc undefined| __gf_keyup_timeout function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gformReInitTinymceInstance function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar function| HandleUnsavedChanges function| renderRecaptcha function| gformIsRecaptchaPending object| gfMultiFileUploader undefined| __gf_timeout_handle function| gf_apply_rules function| gf_check_field_rule function| gf_get_field_logic function| gf_apply_field_rule function| gf_get_field_action function| gf_is_match function| gf_is_match_checkable function| gf_is_checkable_empty function| gf_is_match_default function| gf_format_number function| gf_try_convert_float function| gf_matches_operation function| gf_get_value function| gf_do_field_action function| gf_do_next_button_action function| gf_do_action function| gf_reset_to_default function| gf_is_hidden_pricing_input object| Placeholders object| gf_form_conditional_logic string| gf_number_format function| do_callback object| recaptcha undefined| google_measure_js_timing function| gtag object| PublisherCommonId object| ID5 function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| twttr object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady object| player_instance_6c9c14a31a834dcb90dee0e05bc8d9ea object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins function| cnxProxyTask number| google_global_correlator object| sas object| apntag object| _ADAGIO object| closure_lm_424880 object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id string| main_loc object| in_domain object| locale_out undefined| url_path_start_latam undefined| locale_out_latam string| firstPart undefined| locale object| url_path_start undefined| domain_loc function| SetCookie string| newCookieValue string| _linkedin_data_partner_id object| GoogleGcLKhOms object| ONFOCUS object| s_i_kaspersky-single-suite function| lintrk boolean| _already_called_lintrk object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| google_image_requests function| cnxAddEventListener

105 Cookies

Domain/Path Name / Value
.threatpost.com/ Name: _cs_mk
Value: 0.30473382435300644_1654004687854
.demdex.net/ Name: demdex
Value: 52319406721665800283113615901368638181
.threatpost.com/ Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1
.threatpost.com/ Name: _gid
Value: GA1.2.1391796103.1654004688
.threatpost.com/ Name: _gat_UA-35676203-21
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YpYb0AAAALMmvwNe
.twitter.com/ Name: personalization_id
Value: "v1_YGXubbWLnp1uJEW4X8Hejg=="
.t.co/ Name: muc_ads
Value: dbcb3b76-347c-4be4-86dc-a472809205d7
threatpost.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.dpm.demdex.net/ Name: dpm
Value: 52319406721665800283113615901368638181
.threatpost.com/ Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19144%7CMCMID%7C50984837797410164222697423648120140991%7CMCAAMLH-1654609488%7C6%7CMCAAMB-1654609488%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1654011888s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19151%7CvVersion%7C4.4.0
.quantserve.com/ Name: mc
Value: 62961bd0-d1e36-45762-d0365
threatpost.com/ Name: usprivacy
Value: 1---
.threatpost.com/ Name: __qca
Value: P0-840825839-1654004688811
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/ Name: ljt_reader
Value: Eu5YuBZHYmFy4GW2SCy2Zgkk
.threatpost.com/ Name: _pubcid
Value: 0778c6a3-9d75-4d44-a8d5-1eed54d7af31
.rubiconproject.com/ Name: khaos
Value: L3U7OQ3Y-5-7WIE
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB2zFBEc4SSAowNb0fGVcfL/XWaA1sYWTLG0RTcz8e+19dqiN0N79pLcb05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.serverbid.com/ Name: CONSUMABLEID
Value: a0becc87753a4886becc87753af88655
.adnxs.com/ Name: icu
Value: ChgIzLJhEAoYASABKAEw0bfYlAY4AUABSAEQ0bfYlAYYAA..
.adnxs.com/ Name: uuid2
Value: 3934069753600962614
prebid.a-mo.net/ Name: __amc
Value: 1_1654004689_1654004689
.openx.net/ Name: i
Value: 0778c6a3-9d75-4d44-a8d5-1eed54d7af31|1654004689
.threatpost.com/ Name: _gat_UA-63997723-2
Value: 1
threatpost.com/ Name: CookieConsent
Value: {stamp:1676886699=='|Cnecessary:true|Cpreferences:true|Cstatistics:true|Cmarketing:true|Cver:1|Cutc:2115577773|Cregion:'not_gdpr'}
.threatpost.com/ Name: __gads
Value: ID=dc87f3db0a3d2a34-2246f97ca2cd00e6:T=1654004689:S=ALNI_MahzWbNL2FD_QX18dYYbDXqKYQhuQ
.doubleclick.net/ Name: IDE
Value: AHWqTUmdyL_g2txOfxlclZ_xEP5n3IIVWc_pLBMvJZY-zrbVpZYKJrtK2xEkxSEE5Og
.threatpost.com/ Name: s_cc
Value: true
.threatpost.com/ Name: _ga_YP1JLG57CH
Value: GS1.1.1654004691.1.0.1654004691.0
.threatpost.com/ Name: _ga
Value: GA1.1.1720830306.1654004688
.threatpost.com/ Name: _gcl_au
Value: 1.1.2069262511.1654004692
.linkedin.com/ Name: UserMatchHistory
Value: AQLbs_5qaHLJ1wAAAYEaXLO4nZ80hJI6Sx_E7R9xcjeQCv5d9uz0t1k49-Rt13-N8so_b-taRSmBaw
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJKdTCGJKJ6XQAAAYEaXLO4wvANP2TsEWYf6nLfVB3SEflOQQlE5SboVds7U48BOODNM8p2oLJw51szUVwotQ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&ef5128ff-b1ff-4f55-82b6-640e8e62ae8c"
.linkedin.com/ Name: lidc
Value: "b=TGST00:s=T:r=T:a=T:p=T:g=2897:u=1:x=1:i=1654004691:t=1654091091:v=2:sig=AQGUKZi-Sf4S5Og5IKOstqOkBNdhFO1Y"
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&202205311344527076536b-996b-4e48-8237-05dd9ad8a698AQEasSRk-Di5LKaUCpmNRwsCUCfotslY"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTQwMDQ2OTI7MjswMjHue6pxPVsFf1EVZ/ELvNF0CvkfG3dng18idxmjkYTxfw==
.doubleclick.net/ Name: DSID
Value: NO_DATA
.mathtag.com/ Name: uuid
Value: 02396296-1bd4-4100-9e85-ce18c18a0a66
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 5967721534380435587
.threatpost.com/ Name: cto_bundle
Value: umFMDF8lMkJCZmxLdjZKSlZXS0NMZzU2ZmglMkYwNkFDTCUyQmVob3loMFhZNDZLbDZGd0g4aEslMkZWQnZkY01oQ3NuS2N6anVoaHg4UkJWOUZxV1dxTFFQVllrU1RSSk5XY1JmUDQ4WnZLWjk4SUQ3ajZIdUtGVFhZOUpjQ01pVEtkeUxRMkthWHdN
.threatpost.com/ Name: cto_bidid
Value: Vddm1V8lMkZoeUx5R290TktPWXFrRFc2dzRCQnZFRkZ0JTJGY0RRUnhtSXNyZVU4RmQxSSUyRkk2Zm4lMkZVOTc1OHJhU2FFTGRpUDhGczN6R01VNEpnZ0dWcGRtNEplTk1RJTNEJTNE
.openx.net/ Name: pd
Value: v2|1654004692.2|kiiygevNgun0.gqsLommOnsgi
.w55c.net/ Name: wfivefivec
Value: DZmpr8f21NW2b55
.bidswitch.net/ Name: tuuid
Value: 13163ccf-fbea-4912-bc3b-5a82092a35a3
.bidswitch.net/ Name: c
Value: 1654004695
.bidswitch.net/ Name: tuuid_lu
Value: 1654004695
.servenobid.com/ Name: pid_312
Value: 3934069753600962614
.w55c.net/ Name: matchopenx
Value: 5
.casalemedia.com/ Name: CMPS
Value: 3266
.advertising.com/ Name: APID
Value: UPdab561bd-e0e7-11ec-8960-069eec745a7a
.a-mo.net/ Name: amuid2
Value: 4e79d528-00f8-4651-ad33-0dce82e91347
.prebid.a-mo.net/ Name: sd_amuid2
Value: 4e79d528-00f8-4651-ad33-0dce82e91347
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.yahoo.com/ Name: A3
Value: d=AQABBNcblmICED-4AUiuQv9-TmHagfkDBUMFEgEBAQFtl2KfYgAAAAAA_eMAAA&S=AQAAAuCgHFc-fSv_-lDpItSXd4Y
.gumgum.com/ Name: vst
Value: e_35299354-bb14-46d1-92f5-a1a09524f7bb
.casalemedia.com/ Name: CMID
Value: YpYb13U9rOlJvfko5CtADAAA
.casalemedia.com/ Name: CMPRO
Value: 1216
.servenobid.com/ Name: pid_310
Value: Eu5YuBZHYmFy4GW2SCy2Zgkk
.servenobid.com/ Name: pid_327
Value: 4e79d528-00f8-4651-ad33-0dce82e91347
.smartadserver.com/ Name: pid
Value: 4549185882294245560
.servenobid.com/ Name: pid_309
Value: e_35299354-bb14-46d1-92f5-a1a09524f7bb
.analytics.yahoo.com/ Name: IDSYNC
Value: "196n~2571:17ot~2571"
.quantserve.com/ Name: d
Value: EAMBEwGiJoqsMP3-kQA
.creative-serving.com/ Name: tuuid
Value: 63efe4aa-0fff-4702-8343-6fa5ed529f43
.creative-serving.com/ Name: c
Value: 1654004695
.creative-serving.com/ Name: tuuid_lu
Value: 1654004695
.servenobid.com/ Name: pid_337
Value: y-ZSUuocxE2uEU3K8rUF2FiXwY8W6Ixflteq5fuY8-~A
.servenobid.com/ Name: pid_333
Value: YpYb13U9rOlJvfko5CtADAAABMAAAAAB
.servenobid.com/ Name: pid_317
Value: 4549185882294245560
.emxdgt.com/ Name: euid
Value: 12611654004695570285f1
.servenobid.com/ Name: pid_321
Value: OPTOUT
.creativecdn.com/ Name: u
Value: NQhoKvUuTXfcVhZ07G0x
.creativecdn.com/ Name: ts
Value: 1654004695
.adfarm1.adition.com/ Name: UserID1
Value: 7103896072476817548
.360yield.com/ Name: tuuid
Value: 4c8e22a4-380c-4a92-ac4f-009145bd214a
.360yield.com/ Name: tuuid_lu
Value: 1654004695
.brand-display.com/ Name: _knxq_
Value: 25bd9a6a-d0e3-bd4e-31f67e71.1654004695.0.1654004695.1654004695
.smartadserver.com/ Name: csync
Value: 49:7103896072476817548
.yieldlift.com/ Name: xuids
Value: eyJ4dWlkIjoiYjI5NmMzZjMtZDU2OC00YWRlLTk2MGYtMTI3ZTAzM2MxOGRlIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0zMVQxMzo0NDo1NS43MTAwNzNaIn0=
.emxdgt.com/ Name: eapn_id
Value: 3934069753600962614
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 2e959c7cac778bfc
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.servenobid.com/ Name: pid_314
Value: eyJ4dWlkIjoiYjI5NmMzZjMtZDU2OC00YWRlLTk2MGYtMTI3ZTAzM2MxOGRlIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0zMVQxMzo0NDo1NS43MTAwNzNaIn0=
pool.admedo.com/ Name: tuuid
Value: a1497622-595f-45d9-ad81-90aab6a7585b
pool.admedo.com/ Name: c
Value: 1654004695
.eqads.com/ Name: EQUser
Value: UID=361a5690-8119-4d1b-a74f-e9a280b6a698
.outbrain.com/ Name: obuid
Value: dc4a42da-ae6e-46a3-b267-09d6ab4846ae
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-215e3216-897f-425a-5fc1-01ca01ea3112.RpVrf8t1ljBb4QShrhiOo23oH9vRNRJq%2BgeExxSWMRs
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AIV4yFol_QlpfwQHKAeoxElD_B2s.XvnzsNivfnrtJJ5ZBcTQ1OWBZLZQeSkjE%2BlmzGKoQAs
.ipredictive.com/ Name: cu
Value: db129cf7-e0e7-11ec-a2ea-8b2d7ab0be8f|1654004695914
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
pool.admedo.com/ Name: tuuid_lu
Value: 1654004696
.casalemedia.com/ Name: CMST
Value: YpYb12KWG9gA
.casalemedia.com/ Name: CMRUM3
Value: 2d62961bd72760CAESECvRnwiqoFuBctQdE9Wl_c0&2762961bd70b40&9c62961bd705a00&2862961bd82760361a5690-8119-4d1b-a74f-e9a280b6a698&e662961bd72760&bf62961bd705a0&1a62961bd705a0&f162961bd705a0
.zemanta.com/ Name: zuid
Value: POtTmpotioVp2LKUQDpl
.amazon-adsystem.com/ Name: ad-id
Value: A3MpTPSzF0tAjQU10wtSC-A
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1MjAxMjU1MzE1NhPiM9RNDffPcreIcDLXTUsHABW1jxglAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAOsS5zU0MzUxMDAxszQzMTQGAO0-3zMQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1MjAxMjU1MzE1NhPiM9RNDffPcreIcDLXTUsHABW1jxglAAAA
.servenobid.com/ Name: pid_324
Value: 5141210820682477444

14 Console Messages

Source Level URL
Text
other warning URL: https://cdn.ampproject.org/rtv/012205161914000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012205161914000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012205161914000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

44fc2dd08ed4c0881a23b30e5588ea71.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ads.creative-serving.com
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.ampproject.org
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
creativecdn.com
cs.admanmedia.com
cs.emxdgt.com
dmp.brand-display.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
g2.gumgum.com
geo.ipify.org
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id5-sync.com
imasdk.googleapis.com
img.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
pubads.g.doubleclick.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
snap.licdn.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.taboola.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um2.eqads.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
x.serverbid.com
x.yieldlift.com
104.244.42.195
104.244.42.69
13.107.43.14
141.226.228.48
141.95.98.69
142.250.184.198
142.251.37.98
143.204.95.188
143.204.98.64
143.204.98.66
145.40.89.200
15.236.176.210
151.101.130.137
151.101.130.49
151.101.2.137
151.101.65.108
159.89.246.130
169.197.150.8
172.217.18.98
178.162.133.149
178.250.0.157
18.156.0.31
18.158.156.180
18.195.12.34
18.195.155.181
18.220.70.240
185.184.8.90
185.29.134.248
185.64.189.112
185.85.15.31
185.86.137.107
185.86.139.106
192.132.33.46
193.0.160.128
193.122.128.135
198.148.27.139
199.232.136.157
202.241.208.57
209.54.180.3
213.19.147.43
213.19.147.45
216.52.2.30
23.205.235.133
23.206.210.112
23.32.59.34
23.35.236.201
23.35.236.247
23.75.240.210
2600:9000:2156:4000:6:44e3:f8c0:93a1
2600:9000:2156:5c00:0:5c46:4f40:93a1
2602:803:c004:200::143
2606:4700:20::ac43:4bf1
2606:4700:3030::ac43:cf70
2606:4700::6812:272
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2620:1ec:22::14
2620:1ec:49::45
2a00:1288:80:807::2
2a00:1450:4001:800::2002
2a00:1450:4001:803::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::200e
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2003
2a00:1450:4001:827::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c03::9b
2a02:2638::1c
2a02:26f0:3500:16::215:149b
2a05:d018:d29:3605:2e02:fe1c:9c40:529
3.122.214.173
34.111.151.213
34.196.247.148
34.205.3.24
34.233.85.84
34.247.233.198
34.98.64.218
35.157.154.128
35.157.246.2
35.173.160.135
35.210.53.219
35.227.252.103
35.244.159.8
37.157.6.241
37.252.172.38
37.252.173.38
46.105.202.126
51.89.9.254
52.210.150.207
52.210.200.111
52.212.178.2
52.223.40.198
52.28.203.152
52.57.64.227
52.95.119.178
54.154.144.208
54.226.216.14
54.229.131.207
54.75.147.219
63.32.228.167
64.140.160.2
66.155.71.25
67.202.105.24
69.173.144.165
69.192.160.219
70.42.32.127
70.42.32.95
72.251.249.9
76.223.111.18
8.2.111.142
85.114.159.118
0096dfd62961b8bf7ea2d8538fcc3bd5b38905c065c88b115e4e3c3b1e155f59
01fc90337df76cc5ef56b4ea8987d732dd4953716bbbf70d2875edcbcb4f6012
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06557c9472869e4d37c14ca11d6960f5f5780a22b6e82aecf1d2e8edb41b0ee0
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d922162404e556a1724b9ac48ad388fff7422c9eee115dc397ff9d873ccb4b0
0de5867fb96beb7a6df6147dea8d8f921d522b0822b0bdc46ac1af2277d3215c
0f31008022b246822e04eb8298441a26c4753ff53f3b4c439a26d4097319b31d
1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68
12b33ad08e44ee4fad671f0cad85bfb97960973cfe5fd50b1cc2dbeeb6f47401
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
1632299889539ec3c89ff14ed39f3a8ad49ab6b13eedf7bb78e0bd70b95d79a9
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
195fc406dbdbe81846387873a37f88b81514ddedd3877b59e1a4615e90b18173
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1b2ff274ffd965327df129d80049a64cbdf10066ce59067e2ae4c03032889d7d
1deb05609ea8dd3eb5c4a30b059ff80d8121b50d31ef592651bb15cda638a37d
1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
2601819d7387eaa39cdce9df2aac15559572e9974bfe2d83bfb89b5873cf638a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2ee737a1d1305fdaa71cb4c90438ab581c483eb17a912c0d491b54683690d027
3307268982e18bae27fb0691dea184c6a6ce845db0f6ce1f41ca63e948dde8a6
3427cca8a2e3789c0a04279acc2720b7f93b87932a915c850fe41a09924f0a8c
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3649b58dda08bf188b49c90b4418a26fb06c9a2d3cb9bdef8e8bddc8c4bd89dd
369c67a5afb2ffa25d4480b3781a938e7fe7c5633f89d36570e2c1cc23c49eff
37c2eed19554cb39bd8d9f3e8d5fbc93868e2eaf0dbb97f809df8228dbb31668
37e85cd0098d7309c5047bcd7b763e0ba49ba2e77e019c5291f64b570ab102fa
3829561261574eb202cc9a143047c1e83cb9ebc176875737f4576dcecf14ebdc
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
39b1523eb3a5dc6d32e8fd2e898488a5ba12009d964a4d6aed8bfef6427c462a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3f96371999c1dfb7168e065190cfab76d02bf7879632bc90605cd006edfba04d
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40a9878d60e4755ca74de21519d4bbdbe6fa2f8649ec4c63114f1d70ce4345b8
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
456d000a624748457921c095d7cd323ee51b7066ff936ed7ae0c490475742530
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4ab73646f8b8b9dd9f8eed36852f57c66ce9ea48c86bac89526b06a3c13f48b2
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
52ad644da868878b67f129a0857315706f2b683876f5ff18f0ffb5c546d44958
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
54faeff6570000222913413c38ed1c989249724eec3230f58904a190dbe78d86
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5b117368cb6a910f551c0bc0af44d85a9e71a6ee2ebdb990250a58161e1e66ec
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
6643b24981f158b1116fd8bde9a520b5e879613a8760baf0cc3b3313b8ab5c29
66f441c534db193f7fcf7ef4f4ae84f7ff673db73b453e9940c14560222b24ff
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b83bf19d7253ea798b27766ff68dede9abce5c884356f3b959e9aea870dbf38
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
6eb11d2dd84adc282bf7bf7f894b5c87729613879494ec1c719eb08755296cb3
6f5fb9a33903b58474befada385f51f313ffe4c372b2043efddea16982cf6c5d
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
749c658e38c36862b8232758824cd0c0588251f94c1f6c12b40d78818b07bf9a
757319a250590e2bd0a13b21c1541d2de6628e4f27fc53dbc09810a20eece701
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7f8e26c6e3747211b9e868590efacffe3e5fda8c33df14ea69aeb09b0270064c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
812c42db716d7d7efd093720bf70eaacfe57b5f1ffb15b907438ba250a667e20
81a9b6dc605b6ad9775a211228dcf062706786858df8984a3231474eb017bdb7
81dc88482cd115f4cc4f9d4dda784b2460f53c8756cc9394999553e985234365
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
851913072ba36e6383ee40856fa3dea9ed4c5f03b4e3effb6a3841aab3840d26
8580fef9bd2d3c7ae71a030999d9960df470e22488d02402c03cb698998168e8
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b383fe4b91292ffde97cf646c717ed08a73f51a34f6844fae7d3366febb3706
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d6c4e55e72824828b2ad972370a8fc256f33fec1b814357fba3adc802d60250
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
915871f22d9db001cdf8b82b00af9680b5706c2d8005c25242c6bc83599010ec
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
9504c2c3e1d5bd4c8d2d11daae27302678d09bfa0485eca856dde3a30455c277
950f9af6fd1cae52ec0206522e882305e19df453f6a610d4cf7cf977b625f75a
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
9a7e2f2daef118825ab8bb58bc3cd9dbb3c83cb84772a08f6c5758d706fef173
9bb25736b688dadcc5f06e73f319c5a49e44d23983df6a89e187533416ccc427
9f4a8deac92f47419a74c7f674637c92285a934958a39a82f5665da3fd32629d
9fa5f4494a80ecf219df87f5a3bedccc280a4a458e72a12732411ec531731bb4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8f0c924e8386e205637b5caa66e77291c73bac2707d2befcd822a3b8ac89215
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa1130d68d40b685406323e5756cc61e1ccf3bdefe7f4abbd842d467283534c8
abe4a6605fa810a4174bc0d7ed80a8d242b96e73509c35fd72e9e74bc56363e9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad85b6c517cb5c0b7ff1899ca12f4cdf912b4c8ec7f510af86070abe2eeb11bc
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
aed74ca5263f835a96dd0e79a8cb9ab61f5b52bbf136dfc51498771a8b6baef7
aff26c2f3864a04ba6f021451c4b4102bf7fc57a4b09e24d9d621112c2fa5230
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b2398e8fabf3dc2958a610d78546ed0463dea6f8c978529bde97d6310d75e964
b4c37dd6131692216350dc42b41f2c4fca394232498e32c003f62c6961827243
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6
b672cbe8455fa538b2100b83622e2ba10f92d93d86323bd87d448252f6acbbce
b7cb1f60a7904347f454c8f41e18206d48d636574c61719e53184f254deb1353
ba3203fc60f6b4c6cbae227c7c28e4f97ab080b5a3e8ca8bec8d4859a9c1116d
ba4104ca707204425da942d41ded59339a7925fa7986876ae2b2fde22a3ef7a2
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb3eef58b174e8ad811f952002750497754fe6159b9384770e1b6ea8c16303d6
bb79fb74d6258322e62522032aa870d6b08193d00356365ada57b7ec120c831f
bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f
c173110e5c6192a19a22dbb7793a370e802d640352df5c4901399d0b61f3458c
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2285a3d2a0b35cfa6805353f679fdbe88c07375be8956fba1e1b70a1a5dbc48
c2b0e43b79bc1fff431822d1d5b66c87eb6fe6d074c2303b1505e5e80e5af46f
c43dcf156cbf8999aad6ccc1e0d5b9b39a7675ccd02679daa1aca4503205773a
c66a064f7b0ceeb5266d38d48813ad7b30f6fccbf5a87fea1fd7b3e003c3d180
cb77a9712fa48b953860880d6f55b85fd9054fd13ebfe6a474e91f9d9c99c436
cc75178dfff53a4e60cfed34c212ae057fa82e22d6e64cf9238caf41f6e870ad
ce28d08e7476f822d388870ea134a9b76d7f0782496a0d8f8173ff4daa1a5d9c
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d92a11899a5768511f0431479d50a6fbabd9aa93099c062bc9f348fdb83be72b
d9b5e4abf4bec22e15faff29d2915a5d12714edd9696b60e2dd210d0487cd7db
daf028afc101da7201cb211f9786b6a36f6bf60ad836dfe991306140efca2432
dc8ae1c2826f713cc3dff20cde6078ba57bec99397f4d61dae38cd82b0f5b48c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df07021b354878680bddff47b8e851974cc6b736813ba4084685ad46b39f3508
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e19b99747685e65fc62274938b13343fc0fcb2b642196afdc9d0978d53550aa3
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e2dd5f9a6f76cf75bd9f6722f2b847ea61b585256f1960f6b9c7e4a4c73ee214
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e5221f9ad8724e68770726288be421f845a83eb7f2fcb9f60c775ec5146dabf8
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eb5c2def2c7cd9cb3b90f626b27ed95f264d69a092f1db46fa7eb05dc8e3e5f2
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd0c5d34e459e8199af5d95b25051222bff7c890303ae723653447aaedc07ea
f2826b62197ed6d7cc6a00df65e968c71df8e631df6c4c25feeb612166c4c3f7
f31877812ade3cbda659976d8597d3059465388c75dd9097c5c9b63ad7aaa7c4
f3efc45a01827f96b4e0297f07e8aa6c745465c5b1cc0d5c1f743e4cad76541b
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f8da60882295151000ecd85799a3ded8d9a1ad597653a20db7743be5728e5e85
fa22f4580a319c4112ffcbfedbddeae410012692ba1345cd7e4fd0a1fa0ffd66
fb8ea1c7f3602e85d19b79fe56b1b64796d458705ccf1a05b8e0b333c3aa61b2