securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Submission: On October 04 via api (October 4th 2021, 5:18:32 am UTC) from GB — Scanned from DE

Summary HTTP 526 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 115 IPs in 11 countries across 101 domains to perform 526 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2021. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:2600:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.22 13.32.99.22	16509 (AMAZON-02) (AMAZON-02)
30	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
16	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
8	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	18.198.109.212 18.198.109.212	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:be00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a03:2880:f01... 2a03:2880:f01c:20e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700:20:... 2606:4700:20::681a:b9c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	18.169.90.17 18.169.90.17	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	54.36.109.46 54.36.109.46	16276 (OVH) (OVH)
5 12	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
4 7	185.33.221.14 185.33.221.14	29990 (ASN-APPNEX) (ASN-APPNEX)
6	157.245.94.128 157.245.94.128	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
24	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4	2602:803:c004... 2602:803:c004:200::143	26667 (RUBICONPR...) (RUBICONPROJECT)
3	18.156.157.131 18.156.157.131	16509 (AMAZON-02) (AMAZON-02)
2	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
8	63.251.14.14 63.251.14.14	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
4 17	185.33.223.178 185.33.223.178	29990 (ASN-APPNEX) (ASN-APPNEX)
4	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
4	34.102.149.62 34.102.149.62	15169 (GOOGLE) (GOOGLE)
1 10	5.178.65.246 5.178.65.246	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1 1	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
4	5.178.65.252 5.178.65.252	50673 (SERVERIUS-AS) (SERVERIUS-AS)
3	35.201.123.184 35.201.123.184	15169 (GOOGLE) (GOOGLE)
1 1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1	3.213.248.174 3.213.248.174	14618 (AMAZON-AES) (AMAZON-AES)
1 3	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 3	168.119.146.39 168.119.146.39	24940 (HETZNER-AS) (HETZNER-AS)
3	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
5 6	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 1	88.214.206.247 88.214.206.247	46636 (NATCOWEB) (NATCOWEB)
1 1	2.19.35.65 2.19.35.65	16625 (AKAMAI-AS) (AKAMAI-AS)
4	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
10	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2 12	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 12	2606:4700:10:... 2606:4700:10::6816:118d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
19	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 5	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
21	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
15 25	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 5	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
2 3	2a04:4e42:200... 2a04:4e42:200::300	54113 (FASTLY) (FASTLY)
1	2600:1f18:659... 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2a05:d018:24:... 2a05:d018:24:b001:6cd5:9d52:6dd6:6c58	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.107.116 52.49.107.116	16509 (AMAZON-02) (AMAZON-02)
1	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1 1	151.1.205.165 151.1.205.165	3242 (ASN-ITNET) (ASN-ITNET)
2 2	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	89.163.159.109 89.163.159.109	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	54.194.226.253 54.194.226.253	16509 (AMAZON-02) (AMAZON-02)
1 2	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	54.229.245.122 54.229.245.122	16509 (AMAZON-02) (AMAZON-02)
5 7	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1 9	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	54.90.48.240 54.90.48.240	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.95.126.160 52.95.126.160	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	63.34.189.248 63.34.189.248	16509 (AMAZON-02) (AMAZON-02)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 4	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
8 16	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
7 8	37.157.4.40 37.157.4.40	198622 (ADFORM) (ADFORM)
2 2	213.155.156.180 213.155.156.180	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
7	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	52.49.238.187 52.49.238.187	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2 3	185.86.138.142 185.86.138.142	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	162.55.6.212 162.55.6.212	24940 (HETZNER-AS) (HETZNER-AS)
6 6	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
1	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	87.98.128.108 87.98.128.108	16276 (OVH) (OVH)
1	63.251.232.170 63.251.232.170	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 3	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
1	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
2	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	51.210.112.236 51.210.112.236	16276 (OVH) (OVH)
2 2	52.209.129.133 52.209.129.133	16509 (AMAZON-02) (AMAZON-02)
1 2	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
7 8	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
5 5	35.157.168.25 35.157.168.25	16509 (AMAZON-02) (AMAZON-02)
2 2	52.17.35.107 52.17.35.107	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 3	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	159.65.196.12 159.65.196.12	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	34.98.107.212 34.98.107.212	15169 (GOOGLE) (GOOGLE)
1	52.48.175.241 52.48.175.241	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::ac43:1cda	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	18.66.97.9 18.66.97.9	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:10:... 2606:4700:10::ac43:2ac6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	54.81.39.163 54.81.39.163	14618 (AMAZON-AES) (AMAZON-AES)
1	212.129.3.113 212.129.3.113	12876 (Online SAS) (Online SAS)
1 1	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.22.34.177 104.22.34.177	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	34.102.185.99 34.102.185.99	15169 (GOOGLE) (GOOGLE)
2 2	18.197.46.208 18.197.46.208	16509 (AMAZON-02) (AMAZON-02)
2 2	3.126.175.244 3.126.175.244	16509 (AMAZON-02) (AMAZON-02)
3 3	18.194.125.59 18.194.125.59	16509 (AMAZON-02) (AMAZON-02)
1 12	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1 1	209.140.129.82 209.140.129.82	11643 (EBAY) (EBAY)
1	104.84.57.51 104.84.57.51	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	135.125.160.160 135.125.160.160	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
4	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY)
1	208.100.17.175 208.100.17.175	32748 (STEADFAST) (STEADFAST)
4	185.29.132.242 185.29.132.242	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	138.201.63.149 138.201.63.149	24940 (HETZNER-AS) (HETZNER-AS)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 9	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
7	37.157.4.23 37.157.4.23	198622 (ADFORM) (ADFORM)
1	38.27.122.126 38.27.122.126	174 (COGENT-174) (COGENT-174)
1 1	54.209.16.83 54.209.16.83	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.159.94.231 54.159.94.231	14618 (AMAZON-AES) (AMAZON-AES)
32	37.157.6.236 37.157.6.236	198622 (ADFORM) (ADFORM)
1	88.99.70.21 88.99.70.21	24940 (HETZNER-AS) (HETZNER-AS)
526	115

46 2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:2600:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-22.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.109.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-109-212.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:be00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:20e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:b9c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.169.90.17 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.36.109.46 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: p01.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 76.223.111.131 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.33.221.14 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebidserver.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c004:200::143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.157.131 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-157-131.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 63.251.14.14 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 185.33.223.178 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 5.178.65.246 (Woerden, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u-ams02.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 5.178.65.252 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net

s.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.123.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.123.201.35.bc.googleusercontent.com

tags.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.248.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-248-174.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:fa8:8806:12::1370 (Singapore) 1 redirects

ASN41041 (VCLK-EU-SE, US)

prebid-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 168.119.146.39 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.39.146.119.168.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.206.247 (United Kingdom) 1 redirects

ASN46636 (NATCOWEB, US)
PTR: buycheapfags.com

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.35.65 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aktrack.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:10::6816:118d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

api.retargetly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.retargetly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.78 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 142.250.185.226 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.227.248.159 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:200::300 (United States) 2 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b001:6cd5:9d52:6dd6:6c58 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.107.116 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-107-116.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.1.205.165 (Bellagio, Italy) 1 redirects

ASN3242 (ASN-ITNET, IT)

bn01.er.bemail.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.81.244 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.163.159.109 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.194.226.253 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.245.122 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-245-122.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.66.49 (United States) 5 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.233.201 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.48.240 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-48-240.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.126.160 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.189.248 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-189-248.eu-west-1.compute.amazonaws.com

obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1288:110:c305::8000 (Dublin, Ireland) 2 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 185.29.132.241 (United Kingdom) 8 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.157.4.40 (Denmark) 7 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-180.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.49.238.187 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-238-187.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.138.142 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.212 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.212.6.55.162.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.19.147.44 (United Kingdom) 6 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.98.128.108 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip108.ip-87-98-128.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.232.170 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: ams-mon-1.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.210.112.236 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: pikafka-1.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.209.129.133 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-129-133.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 7 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.157.168.25 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.35.107 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-35-107.eu-west-1.compute.amazonaws.com

r.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.155.71.149 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.196.12 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 212.107.98.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.175.241 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-175-241.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:1cda (United States)

ASN13335 (CLOUDFLARENET, US)

resources-rt.idx.lat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.9 (United States)

ASN16509 (AMAZON-02, US)

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:10::ac43:2ac6 (United States)

ASN13335 (CLOUDFLARENET, US)

sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.81.39.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-39-163.compute-1.amazonaws.com

rt.idx.lat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.129.3.113 (Bry-sur-Marne, France)

ASN12876 (Online SAS, FR)
PTR: 212-129-3-113.rev.poneytelecom.eu

js.cookieless-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.34.177 (None, )

ASN13335 (CLOUDFLARENET, US)

ads01.groovinads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.102.185.99 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 99.185.102.34.bc.googleusercontent.com

b.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tt-10759-0.seg.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.46.208 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-46-208.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.175.244 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-175-244.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.125.59 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-125-59.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.140.129.82 (United States) 1 redirects

ASN11643 (EBAY, US)
PTR: rover-public-lvsaz01-1-1.ebay.com

www.ebayadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.84.57.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-84-57-51.deploy.static.akamaitechnologies.com

secureir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 135.125.160.160 (France)

ASN16276 (OVH, FR)
PTR: ns3198892.ip-135-125-160.eu

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.175 (United States)

ASN32748 (STEADFAST, US)
PTR: ip175.208-100-17.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.29.132.242 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.63.149 (Hockenheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 138.201.63.150 (Hockenheim, Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal90008.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.4.23 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.126 (Chestertown, United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.209.16.83 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-16-83.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.159.94.231 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-94-231.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 37.157.6.236 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.70.21 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.21.70.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	adform.net 7 redirects dmp.adform.net c1.adform.net track.adform.net s1.adform.net	323 KB
46	securityaffairs.co securityaffairs.co	1 MB
44	pubmatic.com 1 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com simage4.pubmatic.com aktrack.pubmatic.com	87 KB
34	media.net contextual.media.net lg3.media.net navvy.media.net	357 KB
33	googlesyndication.com pagead2.googlesyndication.com Failed tpc.googlesyndication.com	633 KB
29	mathtag.com 9 redirects pixel.mathtag.com sync.mathtag.com tags.mathtag.com	19 KB
28	doubleclick.net 17 redirects cm.g.doubleclick.net googleads.g.doubleclick.net	34 KB
28	adnxs.com 8 redirects secure.adnxs.com ib.adnxs.com acdn.adnxs.com	88 KB
25	openx.net 1 redirects pixfuture2-d.openx.net rtb.openx.net eu-u.openx.net us-u.openx.net	6 KB
24	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com prebidserver.pixfuture.com	505 KB
19	zeotap.com spl.zeotap.com mwzeom.zeotap.com	6 KB
18	rubiconproject.com 5 redirects fastlane.rubiconproject.com secure-assets.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	29 KB
15	yahoo.com 8 redirects c2shb.ssp.yahoo.com ups.analytics.yahoo.com cms.analytics.yahoo.com pr-bh.ybp.yahoo.com ads.yahoo.com	11 KB
14	e-planning.net 1 redirects ads.us.e-planning.net u-ams02.e-planning.net s.e-planning.net sync.e-planning.net	19 KB
12	retargetly.com 1 redirects api.retargetly.com app.retargetly.com	11 KB
12	casalemedia.com 2 redirects ssum.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com	15 KB
12	adsrvr.org 5 redirects match.adsrvr.org	5 KB
11	redintelligence.net 2 redirects hal9000.redintelligence.net hal90008.redintelligence.net	17 KB
11	wp.com i0.wp.com i1.wp.com stats.wp.com i2.wp.com pixel.wp.com	76 KB
8	quantserve.com 7 redirects pixel.quantserve.com cms.quantserve.com	4 KB
8	lijit.com ap.lijit.com	3 KB
7	quantumdex.io sync.quantumdex.io	2 KB
7	google.com adservice.google.com www.google.com	3 KB
7	everesttech.net 5 redirects sync-tm.everesttech.net	2 KB
7	tailtarget.com tags.t.tailtarget.com d.tailtarget.com b.t.tailtarget.com tt-10759-0.seg.t.tailtarget.com t.tailtarget.com	25 KB
7	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	4 KB
6	gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com	185 KB
6	crwdcntrl.net 4 redirects bcp.crwdcntrl.net sync.crwdcntrl.net tags.crwdcntrl.net	13 KB
5	bidswitch.net 5 redirects x.bidswitch.net	2 KB
5	tapad.com 3 redirects pixel.tapad.com	2 KB
5	33across.com ssc.33across.com ssc-cms.33across.com	773 B
5	sharethrough.com 2 redirects btlr.sharethrough.com match.sharethrough.com	857 B
5	criteo.com 1 redirects gum.criteo.com mug.criteo.com dis.criteo.com	2 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com l.sharethis.com buttons-config.sharethis.com	50 KB
4	1rx.io 4 redirects sync.1rx.io	2 KB
4	bidr.io 4 redirects match.prod.bidr.io	2 KB
4	amazon-adsystem.com 2 redirects aax-eu.amazon-adsystem.com s.amazon-adsystem.com	3 KB
4	taboola.com 2 redirects trc.taboola.com match.taboola.com	827 B
4	sitescout.com 3 redirects pixel.sitescout.com pixel-sync.sitescout.com	1 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	40 KB
3	w55c.net 3 redirects pm.w55c.net	2 KB
3	google.de adservice.google.de	1 KB
3	googleadservices.com partner.googleadservices.com	1 KB
3	idx.lat resources-rt.idx.lat rt.idx.lat	8 KB
3	onaudience.com 3 redirects pixel.onaudience.com	1 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
3	smartadserver.com 2 redirects rtb-csync.smartadserver.com sync.smartadserver.com	1 KB
3	krxd.net 1 redirects beacon.krxd.net usermatch.krxd.net	943 B
3	richaudience.com 1 redirects sync.richaudience.com	744 B
3	dotomi.com 1 redirects prebid-match.dotomi.com pubmatic-match.dotomi.com casale-match.dotomi.com	393 B
3	id5-sync.com 1 redirects id5-sync.com	3 KB
2	sportradarserving.com 2 redirects a.sportradarserving.com	1 KB
2	scoota.co 2 redirects r.scoota.co	1 KB
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	deepintent.com match.deepintent.com	83 B
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1016 B
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	bluekai.com 2 redirects tags.bluekai.com	657 B
2	weborama.fr 2 redirects idsync.frontend.weborama.fr	847 B
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	demdex.net 2 redirects dpm.demdex.net	2 KB
2	tidaltv.com 2 redirects sync.tidaltv.com	792 B
2	onetag-sys.com onetag-sys.com	2 KB
2	agkn.com 1 redirects aa.agkn.com	380 B
2	facebook.net connect.facebook.net	77 KB
1	contentspread.net cdn.contentspread.net	1 KB
1	ipredictive.com 1 redirects sync.ipredictive.com	522 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	650 B
1	bnmla.com match.bnmla.com	114 B
1	2mdn.net s0.2mdn.net	598 B
1	dyntrk.com c.eu1.dyntrk.com	215 B
1	ebaystatic.com secureir.ebaystatic.com	488 B
1	ebayadservices.com 1 redirects www.ebayadservices.com	570 B
1	googletagservices.com www.googletagservices.com	38 KB
1	groovinads.com ads01.groovinads.com	761 B
1	teads.tv 1 redirects sync.teads.tv	202 B
1	cookieless-data.com js.cookieless-data.com	535 B
1	gumgum.com rtb.gumgum.com	238 B
1	playground.xyz 1 redirects ads.playground.xyz	484 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	turn.com 1 redirects ad.turn.com	518 B
1	adgrx.com cm.adgrx.com	408 B
1	erne.co 1 redirects green.erne.co	327 B
1	ad4m.at ad4m.at	975 B
1	loopme.me 1 redirects csync.loopme.me	216 B
1	contextweb.com 1 redirects bh.contextweb.com	488 B
1	imrworldwide.com 1 redirects obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	215 B
1	mookie1.com odr.mookie1.com	324 B
1	theadex.com dmp.theadex.com	378 B
1	bemail.it 1 redirects bn01.er.bemail.it	659 B
1	exelator.com loadeu.exelator.com	324 B
1	fwmrm.net dmp.v.fwmrm.net	411 B
1	admanmedia.com 1 redirects cs.admanmedia.com	524 B
1	audrte.com a.audrte.com	2 KB
1	facebook.com graph.facebook.com	673 B
1	gravatar.com secure.gravatar.com	1 KB
1	googleapis.com fonts.googleapis.com Failed ajax.googleapis.com	90 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	googletagmanager.com www.googletagmanager.com	39 KB
0	brand-display.com Failed dmp.brand-display.com Failed
0	rlcdn.com Failed api.rlcdn.com Failed
526	101

	Domain	Requested by
46	securityaffairs.co	securityaffairs.co
32	s1.adform.net	track.adform.net s1.adform.net securityaffairs.co
25	cm.g.doubleclick.net	15 redirects ads.us.e-planning.net googleads.g.doubleclick.net eu-u.openx.net
21	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com googleads.g.doubleclick.net securityaffairs.co tpc.googlesyndication.com www.googletagservices.com
20	contextual.media.net	securityaffairs.co contextual.media.net
17	ib.adnxs.com	4 redirects cdn.pixfuture.com spl.zeotap.com acdn.adnxs.com
16	sync.mathtag.com	8 redirects tags.mathtag.com sync.mathtag.com securityaffairs.co
16	served-by.pixfuture.com	securityaffairs.co cdn.pixfuture.com pagead2.googlesyndication.com
15	mwzeom.zeotap.com	ads.us.e-planning.net spl.zeotap.com
14	simage2.pubmatic.com	ads.pubmatic.com
12	eu-u.openx.net	cdn.pixfuture.com eu-u.openx.net
12	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
12	match.adsrvr.org	5 redirects cdn.pixfuture.com ads.us.e-planning.net ssum.casalemedia.com eu-u.openx.net
10	lg3.media.net	securityaffairs.co contextual.media.net
9	hal90008.redintelligence.net	2 redirects securityaffairs.co hal90008.redintelligence.net
9	pixel.mathtag.com	1 redirects api.retargetly.com pixel.mathtag.com ads.us.e-planning.net tags.mathtag.com
8	us-u.openx.net	eu-u.openx.net
8	app.retargetly.com	api.retargetly.com ads.us.e-planning.net
8	c1.adform.net	7 redirects ads.pubmatic.com
8	ads.pubmatic.com	ads.us.e-planning.net ads.pubmatic.com cdn.pixfuture.com securityaffairs.co
8	ap.lijit.com	cdn.pixfuture.com
7	track.adform.net	hal90008.redintelligence.net s1.adform.net
7	sync.quantumdex.io	ads.us.e-planning.net sync.quantumdex.io ssum-sec.casalemedia.com
7	dsum-sec.casalemedia.com	1 redirects ssum.casalemedia.com ssum-sec.casalemedia.com
7	pixel.quantserve.com	7 redirects
7	image2.pubmatic.com	ads.pubmatic.com
7	sync-tm.everesttech.net	5 redirects ads.pubmatic.com ssum-sec.casalemedia.com
7	secure.adnxs.com	4 redirects securityaffairs.co ssum-sec.casalemedia.com
6	ups.analytics.yahoo.com	5 redirects ssum-sec.casalemedia.com
6	u-ams02.e-planning.net	ads.us.e-planning.net ads.pubmatic.com ssum.casalemedia.com
6	prebidserver.pixfuture.com	cdn.pixfuture.com ads.us.e-planning.net
5	x.bidswitch.net	5 redirects
5	pixel.tapad.com	3 redirects spl.zeotap.com api.retargetly.com
5	image6.pubmatic.com	1 redirects ads.pubmatic.com spl.zeotap.com
4	tags.mathtag.com	cdn.pixfuture.com tags.mathtag.com
4	acdn.adnxs.com	cdn.pixfuture.com
4	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
4	sync.1rx.io	4 redirects
4	match.prod.bidr.io	4 redirects
4	pixel.rubiconproject.com	ads.us.e-planning.net
4	pr-bh.ybp.yahoo.com	2 redirects ads.pubmatic.com ssum-sec.casalemedia.com
4	token.rubiconproject.com	4 redirects
4	spl.zeotap.com	ads.us.e-planning.net spl.zeotap.com ads.pubmatic.com
4	api.retargetly.com	1 redirects s.e-planning.net api.retargetly.com
4	eus.rubiconproject.com	ads.us.e-planning.net eus.rubiconproject.com cdn.pixfuture.com
4	s.e-planning.net	ads.us.e-planning.net
4	navvy.media.net	contextual.media.net
4	ssc.33across.com	cdn.pixfuture.com
4	apex.go.sonobi.com	cdn.pixfuture.com
4	hbopenbid.pubmatic.com	cdn.pixfuture.com
4	fastlane.rubiconproject.com	cdn.pixfuture.com
4	pixfuture2-d.openx.net	cdn.pixfuture.com
4	i1.wp.com	securityaffairs.co
3	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
3	pm.w55c.net	3 redirects
3	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	pixel-sync.sitescout.com	2 redirects api.retargetly.com
3	pixel.onaudience.com	3 redirects
3	bcp.crwdcntrl.net	2 redirects api.retargetly.com
3	trc.taboola.com	2 redirects spl.zeotap.com
3	sync.go.sonobi.com	ads.us.e-planning.net sync.quantumdex.io
3	sync.richaudience.com	1 redirects ads.us.e-planning.net spl.zeotap.com
3	btlr.sharethrough.com	cdn.pixfuture.com
3	id5-sync.com	1 redirects cdn.pixfuture.com sync.quantumdex.io
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	i0.wp.com	securityaffairs.co
2	aktrack.pubmatic.com	securityaffairs.co
2	simage4.pubmatic.com	ads.pubmatic.com
2	hal9000.redintelligence.net	securityaffairs.co
2	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
2	match.sharethrough.com	2 redirects
2	a.sportradarserving.com	2 redirects
2	b.t.tailtarget.com	d.tailtarget.com
2	sync.smartadserver.com	2 redirects
2	rt.idx.lat	resources-rt.idx.lat
2	d.tailtarget.com	securityaffairs.co d.tailtarget.com
2	ssum-sec.casalemedia.com	ssum.casalemedia.com sync.quantumdex.io
2	s.amazon-adsystem.com	1 redirects ssum.casalemedia.com
2	r.scoota.co	2 redirects
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	sync.crwdcntrl.net	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	match.deepintent.com	ads.pubmatic.com ssum-sec.casalemedia.com
2	a.tribalfusion.com	1 redirects googleads.g.doubleclick.net
2	sync.targeting.unrulymedia.com	2 redirects
2	d5p.de17a.com	2 redirects
2	tags.bluekai.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects ads.us.e-planning.net
2	beacon.krxd.net	spl.zeotap.com ads.us.e-planning.net
2	cms.analytics.yahoo.com	1 redirects api.retargetly.com
2	idsync.frontend.weborama.fr	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	dpm.demdex.net	2 redirects
2	sync.tidaltv.com	2 redirects
2	onetag-sys.com	ads.us.e-planning.net sync.quantumdex.io
2	ssum.casalemedia.com	1 redirects ads.us.e-planning.net
2	sync.e-planning.net	ads.us.e-planning.net sync.quantumdex.io
2	ads.us.e-planning.net	1 redirects cdn.pixfuture.com
2	c2shb.ssp.yahoo.com	cdn.pixfuture.com
2	mug.criteo.com	securityaffairs.co
2	gum.criteo.com	1 redirects
2	aa.agkn.com	1 redirects cdn.pixfuture.com
2	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com
2	pixel.wp.com	securityaffairs.co
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	cdn.contentspread.net	hal90008.redintelligence.net
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	match.bnmla.com	ads.pubmatic.com
1	ajax.googleapis.com	hal90008.redintelligence.net
1	t.tailtarget.com	ads.us.e-planning.net
1	ssc-cms.33across.com	cdn.pixfuture.com
1	s0.2mdn.net	googleads.g.doubleclick.net
1	c.eu1.dyntrk.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	tt-10759-0.seg.t.tailtarget.com	d.tailtarget.com
1	secureir.ebaystatic.com	securityaffairs.co
1	www.ebayadservices.com	1 redirects
1	www.gstatic.com	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	ads01.groovinads.com	api.retargetly.com
1	sync.teads.tv	1 redirects
1	js.cookieless-data.com	s.e-planning.net
1	tags.crwdcntrl.net	s.e-planning.net
1	resources-rt.idx.lat	api.retargetly.com
1	dsum.casalemedia.com	ssum.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	rtb.gumgum.com	ads.pubmatic.com
1	ads.playground.xyz	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	ad.turn.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	match.taboola.com	ads.pubmatic.com
1	s.tribalfusion.com	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	green.erne.co	1 redirects
1	ad4m.at	ads.pubmatic.com
1	csync.loopme.me	1 redirects
1	rtb-csync.smartadserver.com	ads.pubmatic.com
1	bh.contextweb.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	ads.yahoo.com	ads.us.e-planning.net
1	obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	odr.mookie1.com	spl.zeotap.com
1	dmp.theadex.com	spl.zeotap.com
1	bn01.er.bemail.it	1 redirects
1	loadeu.exelator.com	spl.zeotap.com
1	dmp.v.fwmrm.net	spl.zeotap.com
1	dmp.adform.net	spl.zeotap.com
1	pixel-eu.rubiconproject.com	eus.rubiconproject.com
1	secure-assets.rubiconproject.com	1 redirects
1	cs.admanmedia.com	1 redirects
1	prebid-match.dotomi.com	ads.us.e-planning.net
1	a.audrte.com	ads.us.e-planning.net
1	rtb.openx.net	1 redirects
1	tags.t.tailtarget.com	ads.us.e-planning.net
1	pixel.sitescout.com	1 redirects
1	graph.facebook.com	securityaffairs.co
1	i2.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
1	www.googletagmanager.com	securityaffairs.co
0	dmp.brand-display.com Failed	ssum.casalemedia.com
0	api.rlcdn.com Failed	cdn.pixfuture.com
0	fonts.googleapis.com Failed	securityaffairs.co
526	175

This site contains links to these domains. Also see Links.

Domain
www.pixfuture.com
www.proofpoint.com
i1.wp.com
twitter.com
yoroi.company
www.facebook.com
www.linkedin.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-24` - `2022-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-09` - `2021-12-08`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.id5-sync.com R3	`2021-07-13` - `2021-10-11`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-30` - `2022-02-23`	6 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-09-28` - `2021-12-27`	3 months	crt.sh
ads.us.e-planning.net R3	`2021-08-01` - `2021-10-30`	3 months	crt.sh
*.e-planning.net R3	`2021-08-13` - `2021-11-11`	3 months	crt.sh
*.tailtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-25`	a year	crt.sh
*.audrte.com Amazon	`2021-01-26` - `2022-02-24`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-17` - `2022-03-16`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.retargetly.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2021-12-22`	a year	crt.sh
onetag-sys.com R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.theadex.com GeoTrust RSA CA 2018	`2019-10-11` - `2021-10-10`	2 years	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-27` - `2021-11-17`	2 months	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.de GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
idx.lat Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
js.cookieless-data.com R3	`2021-09-30` - `2021-12-29`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
*.groovinads.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-01` - `2022-03-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-17` - `2022-02-09`	6 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.ebay.com DigiCert TLS RSA SHA256 2020 CA1	`2021-08-25` - `2022-08-25`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
c.eu1.dyntrk.com R3	`2021-08-09` - `2021-11-07`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
redintelligence.net R3	`2021-08-20` - `2021-11-18`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
contentspread.net R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh

This page contains 86 frames:

Primary Page: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Frame ID: 3A7505FCB0BFCFC0FA5C250ECE40336E
Requests: 149 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 4D5DDE856C570AA28277AEC99DE06674
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 9FDE40F73A71ECF5F44AF8EB3F7E481B
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: A9242F394A26F066EF3DE20810C49655
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 6F9E5F1C2977B38FE909988DEF416298
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 201D965401197B68854BBAC366D5B5F2
Requests: 7 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: E9815D0B762A95687D170961EF4FC160
Requests: 24 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 6A394FF5ED7F00BA04A3533D6ED990C7
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: 3420A9E848E610DC31500CCF7161EC2B
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Frame ID: 60632043F6AAFE00EF493EEA02457CD3
Requests: 24 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Frame ID: 65AD0AF4AC861B8741FAA46C6CA56A90
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: F5A73A9EA9785DD435AA13A6B4574E1E
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&cmp=0
Frame ID: 399C808DE3B14E4B6028BB59FBC27AE9
Requests: 31 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 1BB11FCE91FBB3363A6F9CD50844372B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: B819C283EEA4928B9CDF2CCB15C044B1
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 4C844BE4C5E8E44EEA1D2D3AE026B8A9
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 20096A78995EA8767DA1ABAA26654912
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: CBB611E4D486057198953CA513DFE632
Requests: 6 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9
Frame ID: E4A402D3B3526EB1B0A4C9B28305F754
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2946499760491409008
Frame ID: 69496F4EF2C48D5759F62666FA3E12D6
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 0833817BEF50F7510B37D56D1BD3891A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7015076196023859353
Frame ID: 4A78C93F7B60585BD87287505E5C054A
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAQuDU7CtR0AADIf2wQhiA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Frame ID: 30C448921CBE466C82C9E71B60D60E9C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: F6153E77B1E5BF8E127F59D53FAEFECA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
Frame ID: 0D9FEFE670C1A3E98E171E11677A6E9F
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: AAF7E1FA666F4E23DCECCA5EDFB6BF44
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rjaiPUFD7dLJKfpVBHkrXlr-
Frame ID: 19765CF2CF201C77F2230C654EE26C06
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 9C019D49B166DCDDA4813065D1E4B308
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 1C1925BF215EB5AC7107844DE15AEE87
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: CBB21BBE904A8B23E3B66A3A4E4DB991
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 887EE2DD99FB4CC2ABF11BAACDFB15D7
Requests: 1 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=1499e6f6da76f6d7&uid=45F6F188-76D0-4A54-A484-5B43058467E9
Frame ID: 23F662FF99FA9AC3C9089092355C9A15
Requests: 1 HTTP requests in this frame

Frame: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Frame ID: DE31E498F26C7F95F822ADF9D0B93EA7
Requests: 16 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 33212FBAB0E7AC8BBDCDFF960CBE5AFE
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234
Frame ID: 12801522588BC58CA874F99D42FF442B
Requests: 17 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 2C858853411E15835153978AD5BA9EAA
Requests: 1 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 7D10ED16E8A7E2ACF1C4CD6EF923BAD0
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: 1261C506CAD61EF401A461C451486B1D
Requests: 9 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AGqYWGPljfJO7od9
Frame ID: 5D258F8861593CF475EA190FE23B68F0
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: C465729860BDEFD8CD0A0D5A412B7334
Requests: 1 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Frame ID: CADC71B2271F2C5DE32578D078EC45AC
Requests: 5 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 667CD21949468A5013B8EEF0D284E26C
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 0D4FA9181FCDC17451D67FE676AF7B63
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: E03DB468ECDA33B817906792834ABBC0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 460FEBE289C95B5B455C53DF0897669B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: D638149F17DA7CE982B8814ABCC0D053
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FEBEFCC32C7D8E4CFB89D2318CBE4729
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: C0452D2268B81109126B7D9AF12A636A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 67CABD165E4AB9BC28DB2D90F7D4EE61
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: DFA789535FD95342210974CDD3C534EA
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 6F655EAAAC47DEDD8095A16FC31A116C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: B4AEDAAE6564F06174D3EE5CE9F2C59A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B107D2FD0F038FF7268F4738C3EE535E
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F50418A4E8456C9273CF3F52363E486F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 5EAF1C32E8FA78AA54570266722A305E
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Frame ID: ED5DAB4CA8D6479AB43FA20E3D0D9465
Requests: 7 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: F83A8D4FEC0DC3F610C88CCB671D0A29
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 23A9220615402D34AC2F218A48F58ABC
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B9420727B40D763EE25FC08EF8F493DC
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: DD09BA3DCCF2A5EC3EBD86B764B74911
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 78E1FB30E761E5957295D30D067BC699
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Frame ID: 63442E1D072B5B3CFB94C98A2F905535
Requests: 7 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Frame ID: 15D20F382ABA81A08897AE20913FCCB6
Requests: 7 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Frame ID: 0721E5A5284C616093C3D159CE6B3ECD
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D8A4F676C97641D9E3AF9FB891E86B61
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 592043873669BDA4900BE76CC382649D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 2CD8BC73C46D8AFFDB4E69F2AFF1F941
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js
Frame ID: 4EB4EAD653376B8367DCE6226A2F47F1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 1CBAA25FA5311EF01FB2F1538565DE86
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 960AFE59D345F5041079F390C3541833
Requests: 2 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ0MDYwMDI5MjE5NDE5MzIxNi85Mzk5NDkxLzkxMzMzNzkvMy96Z0phajh4ZDJqUnRvQ3FQX25VdmZMaVRfUDNPMmV1R1J3eVpIcnZvNXNBLzEvMy8wLzAvMTY2Njc3Mi8zMTE4OTk1MjAwLzIyNjU4OS85ODUyNzgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80NDA2MDAyOTIxOTQxOTMyMTYvenJoLzAvMzUwMS8zMC85OTkvMi8xODUuMjMyLjIzLjAvMC4wMDAvMTYzMzMyNDcwNS8xNjMzMzM3MzA1LzMvMTU4MTI3Lw/XNhQCaW7DtIdNL9N5_JVtTspwsk&nodeid=344&group=zrh&auctionid=440600292194193216&shardkey=440600292194193216&sid=9133379&cid=9399491&price=0.267088&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.144&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%3D%3D_url%3D
Frame ID: 8A2C687C48D77CD6FCCAF868A8210732
Requests: 7 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTEwNTA4MjQ0NDIxMjIwNzYvOTM5OTQ5Mi85MTMzMzc5LzMvemdKYWo4eGQyalJ0b0NxUF9uVXZmQjlCbEVhSEtwQXZRS2NlOUUwWVU4QS8xLzMvMC8wLzE2NjY3NzIvMzExODk5NTIwMC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODUxMTA1MDgyNDQ0MjEyMjA3Ni96cmgvMC8zNTAxLzMwLzk5OS8yLzE4NS4yMzIuMjMuMC8wLjAwMC8xNjMzMzI0NzA1LzE2MzMzMzczMDUvMy8xNTgxMjcv/lozZCxLAjy-Vfzk8x6cTl7dl9gw&nodeid=344&group=zrh&auctionid=8511050824442122076&shardkey=8511050824442122076&sid=9133379&cid=9399492&price=0.263501&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.98&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%3D
Frame ID: AF285E56E08F3C5299100C0EAC282CE0
Requests: 7 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe
Frame ID: 02293AF9ED72DD12B7EEB6FDA0EB11AF
Requests: 11 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Frame ID: 336793F5DC3E7435571A6084782DB0BD
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: DB33B18E6F17D8812B3E3BADABCA2BC5
Requests: 4 HTTP requests in this frame

Frame: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158127&siteId=559548&adId=2069654&adType=10&adServerId=243&kefact=0.350000&kaxefact=0.350000&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1633324705&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.263501&dcId=3&tldId=61569253&passback=0&svr=BID22499U&adsver=_381772906&adsabzcid=0&cls=BID&ekefact=oY5aYRPeCADMfCHGDEdL5gDPKCDo0P0RqeLh8b87mBUcX6w4&ekaxefact=oY5aYR3eCABrsNp1NyIzU-giQprLwQYuwaw3Lw-f9qIupfBl&ekpbmtpfact=oY5aYSXeCAAbMOA88Nt1ZKDZgls4l_0fecAwaIzxwiaMI2eZ&enpp=oY5aYS7eCAA1ytXh9bXYxkTcWIQnYPLeNYLVqJJva1GlG9SV&pfi=1&domId=13101694512103093599&dc=AMS&pubBuyId=19961&crID=9399492&lpu=johnreed.fitness&ucrid=3648738666865719074&campaignId=16735&creativeId=0&pctr=0.000000&wDSPByrId=101936&wDspId=27&wbId=1&wrId=2836648&wAdvID=1057136&wDspCampId=985278&isRTB=1&rtbId=70DED625-7A33-4639-A541-DB3C02A64340&imprId=6B759DB3-82FF-44A6-9D95-063412A0B75D&oid=6B759DB3-82FF-44A6-9D95-063412A0B75D&cntryId=58&domain=securityaffairs.co&pageURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&sec=1&pAuSt=2
Frame ID: E3BBE3244E040936BED4EC02ADDB9DA8
Requests: 1 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=52515000033097603168684011737008&a=b3898670
Frame ID: E11839D0B4FA615834F43A2866ED7B73
Requests: 9 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Frame ID: 78F1EC42F59E5E1DC05488184727B6CA
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C10ADA85CDA43DE5BC0EBE1560DC805A
Requests: 2 HTTP requests in this frame

Frame: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158127&siteId=559548&adId=2069654&adType=10&adServerId=243&kefact=0.350000&kaxefact=0.350000&kadNetFrequecy=0&kadwidth=300&kadheight=250&kadsizeid=9&kltstamp=1633324705&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.267088&dcId=3&tldId=61569253&passback=0&svr=BID22418U&adsver=_381772906&adsabzcid=0&cls=BID&ekefact=oY5aYa0qCQBDvG9plHFRw6gmYOjDMP3ZXjX6PVXAuN9qrqw6&ekaxefact=oY5aYcYqCQAUS8jVeJbPwUQ4HeCv6GyHqGs8g3rKiQQaYtTg&ekpbmtpfact=oY5aYQMrCQB9UKp0J8-FA-WLGDZVf1HcWE-6HEM_p55LqYwQ&enpp=oY5aYSIrCQA8ZdEAyXDwUFJJwOIoJ4JDcMdZY3WCotJcMK6n&pfi=1&domId=13101694512103093599&dc=AMS&pubBuyId=19961&crID=9399491&lpu=johnreed.fitness&ucrid=11199837658327742339&campaignId=16735&creativeId=0&pctr=0.000000&wDSPByrId=101936&wDspId=27&wbId=1&wrId=2836648&wAdvID=1057136&wDspCampId=985278&isRTB=1&rtbId=E1C42D8E-1902-4748-9EF8-C3D806622026&imprId=22A57EED-07B6-4FB2-90E9-5E7DB4B93E8E&oid=22A57EED-07B6-4FB2-90E9-5E7DB4B93E8E&cntryId=58&domain=securityaffairs.co&pageURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&sec=1&pAuSt=2
Frame ID: 82FEBEAC3FCDCC9D9A00399EC1A0C30F
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: 67D9927F15EB879584B1E730391EAF11
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:gPDRsrbz1MxgmS5&gdpr=0&gdpr_consent=
Frame ID: 30BE85FBAAA5649DA4C8BD8AD55DC493
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:8B7CD86430D54DCA94C333B4F5F8B338
Frame ID: 84DFC0DAC38951C2A335DD9E4C230558
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=BwpziBUFTvh5eDdgXBEoNbnoF7s
Frame ID: 9C2640482EBEAC351300A31D0FA29090
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/169192/10266106/10266106.js?ADFassetID=10266106&bv=514
Frame ID: 415E0241737FF8FFE3682AC425CC5FE6
Requests: 14 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/169192/10266103/10266103.js?ADFassetID=10266103&bv=514
Frame ID: 4F2C6DA3C50463B9A37EF663806FBD34
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TA544 group behind a spike in Ursnif malware campaigns targeting ItalySecurity Affairs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

twemoji(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
/([\d.]+)/jquery(?:\.min)?\.js

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

526
Requests

99 %
HTTPS

26 %
IPv6

101
Domains

175
Subdomains

115
IPs

11
Countries

4127 kB
Transfer

6815 kB
Size

154
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pixfuture.com/advertisers/?id0348293521d
Title: Powered by pixfuture

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Title: TA544

Search URL Search Domain Scan URL

URL: https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?ssl=1

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/security-briefs/ta544-targets-italian-organizations-ursnif-malware
Title: analysis

Search URL Search Domain Scan URL

URL: https://twitter.com/luigi_martire94
Title: Luigi Martire

Search URL Search Domain Scan URL

URL: https://yoroi.company/research/ursnif-long-live-the-steganography/
Title: more complex attack chain

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html&text=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 98

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=5jGPyXxLb094MEFGNnYrc0VvRGJoV2JCWGRwYTFHTHRzRkxvamJFaDNNVVY0QUpxR21TakZrZDJVTnAxRFVMOEtPczl2dnRkclBjVFdrTEMxb2hNVS9vYzJPU29vSHpkYzF5Wm5wWENNbWF1VU1CQUQ5NEFhSDg0MW16emdRa1BvdlRSVGtyMWNLU3FMYnhrZTBqSGFmQTZrKythZEZIaWI3QjhZck5uU3B6b2FuK0YxSVpEZ1NnTXZyZld0Q21aMEd6R3N3U3RLMVpMQ2RLeHdJci8zeENrREs5blZ2clI0NTNkcG9sd0ZOZnhrOThtd095WVBJWlFJNkRTNUJiUWUyN0dpfA&cppv=2

Request Chain 102

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Request Chain 103

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Request Chain 150

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Request Chain 156

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D1499e6f6da76f6d7 HTTP 302
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=1499e6f6da76f6d7

Request Chain 160

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D1499e6f6da76f6d7%26uid%3D%24%7BUID%7D HTTP 302
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=1499e6f6da76f6d7&uid=7fca7dca-69f5-4d0f-996d-416d9d482bb7

Request Chain 164

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D1499e6f6da76f6d7 HTTP 302
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

Request Chain 165

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D1499e6f6da76f6d7%26uid%3D%24UID HTTP 302
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1499e6f6da76f6d7&uid=7101365080612594597

Request Chain 167

https://ups.analytics.yahoo.com/ups/58414/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58414/occ?verify=true HTTP 302
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A

Request Chain 168

https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3D1499e6f6da76f6d7%26uid%3D%7B%24UID%7D HTTP 302
https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=1499e6f6da76f6d7&uid=5bb3c833b178c58539bd8e86c821d09d4ee71010

Request Chain 169

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

Request Chain 173

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEAlQsBMFZdBzR602NC_x7b4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 190

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=95aeeaf2-5205-42ae-b575-4a7bd4e38e02&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 192

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=61af09cb-dd21-4f9d-9184-bbdba37c3861&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 196

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=d2f53369-ea37-4e66-87b0-9f0a242fbc97&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 197

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=43376781923549376120860843583883158010&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 199

https://bn01.er.bemail.it/zeotap.php?_bid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021100407-49327-0.010154001633324705-62765b986f99c87be62fbcd070bf5de9&zdid=533&env=mWeb

Request Chain 200

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=7015076196022155412&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 201

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d

Request Chain 202

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361&bounce=1&random=1946367128 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=6GJXONT6zJcddnXGCMnxG.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 204

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=b949f7e4d7350faae4343e1e4eda5704&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 205

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-x9m8MIFE2opC3ZzPmhm2NzObnlVeM4.nKA--~A&zpartnerid=570&env=mWeb

Request Chain 206

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=UfcHTAS5kp3WG83tVxq%2BLBZiDLAytUlU%2BS41iYitP1U%3D

Request Chain 210

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361&_test=YVqOogAAAdGMFQAT HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YVqOogAAAdGMFQAT&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&_test=YVqOogAAAdGMFQAT

Request Chain 211

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 212

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 213

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&dcc=t

Request Chain 214

https://tags.bluekai.com/site/87734?id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 215

https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Request Chain 221

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VDN0NXTFEtOC01Q0ZX

Request Chain 222

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/R6RNNNM75wFELEvlm0GPzw?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1214158853110736051

Request Chain 224

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b680615a-8ea2-4f00-945d-71feb978de18

Request Chain 225

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAT8xCObdukiGU0kSwKvl6A&google_cver=1

Request Chain 226

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY3ZWYyYWM0MzM5YzJjNzJmOTdlZjUzYTkwOTRiNDhjMGUwY2YyNQ

Request Chain 227

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YVqOogAGdCGUvQA6 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YVqOogAGdCGUvQA6&_test=YVqOogAGdCGUvQA6

Request Chain 228

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUC7CWLQ-8-5CFW&sigv=1&esig=2~ee248cddc03efab4adaaaeaa68ed86fdf6f0692b

Request Chain 229

https://c1.adform.net/serving/cookie/match?party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9

Request Chain 230

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2946499760491409008

Request Chain 232

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7015076196023859353

Request Chain 233

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFRdURVN0N0UjBBQURJZjJ3UWhpQQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAQuDU7CtR0AADIf2wQhiA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAQuDU7CtR0AADIf2wQhiA&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAQuDU7CtR0AADIf2wQhiA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID

Request Chain 234

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 235

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=449581031 HTTP 302
https://sync.1rx.io/usersync/tradedesk/61af09cb-dd21-4f9d-9184-bbdba37c3861 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-efc3ff48-edad-484b-b7b5-b038c1c16661-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003

Request Chain 237

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rjaiPUFD7dLJKfpVBHkrXlr-

Request Chain 239

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 241

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 243

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RfbxiHbQSlSkhFtDBYRn6Q%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 244

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b27c615a-8ea2-4300-a94d-7dd13f529681

Request Chain 245

https://pixel.onaudience.com/?partner=214&mapped=45F6F188-76D0-4A54-A484-5B43058467E9 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=b949f7e4d7350faae4343e1e4eda5704 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=61af09cb-dd21-4f9d-9184-bbdba37c3861&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=fe3fa19725ad8b7a

Request Chain 246

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDVGNkYxODgtNzZEMC00QTU0LUE0ODQtNUI0MzA1ODQ2N0U5&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 247

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEj2fSSFWrUTYm-RZawbQLw&google_cver=1

Request Chain 249

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=0&gdpr_consent=

Request Chain 250

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8434512423503908270

Request Chain 251

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=61af09cb-dd21-4f9d-9184-bbdba37c3861

Request Chain 252

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7101365080612594597&gdpr=0&gdpr_consent=

Request Chain 253

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU

Request Chain 254

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=45F6F188-76D0-4A54-A484-5B43058467E9&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-bOG56zZE2uUKTsyAnrzkTlHbG8_KAqQ-~A&gdpr=0&gdpr_consent=

Request Chain 256

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=43085f65-9c54-44c0-b968-2e70d833898f&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=31ba348f-e282-4377-8dde-51ff007e8204&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 258

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YVqOogAGcOmLoQAT

Request Chain 259

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8098457199015951012&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 260

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

Request Chain 261

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a4778579-b97f-4882-827a-599cff13ad07&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 262

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7101365080612594597

Request Chain 265

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVqOomglqcq9MacdpjW8DAAABL8AAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&dcc=t

Request Chain 266

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGoKnQ2opimWT7YCHC299iY&google_cver=1

Request Chain 267

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YVqOomglqcq9MacdpjW8DAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMmWm5KYbMeF7H36PP3Rqrs&google_cver=1&gdpr=1

Request Chain 268

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635916706

Request Chain 269

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=a_TuHWWguk9w9ukYbqb2HW6j7URwpL1JOfcRizOW

Request Chain 270

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1633411106&gdpr=1

Request Chain 278

https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx= HTTP 302
https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90

Request Chain 295

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90-0.30&adk=1270502169&adf=1480696190&pi=t.ma~as.Internal_728x90-0.30&w=728&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706156&bpp=8&bdt=117&idt=247&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&rume=1&frm=21&ife=1&pv=1&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1918605597&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=532084351&scr_x=0&scr_y=0&eid=31062423%2C31062944%2C31061691%2C21067087%2C31061692&oid=2&pvsid=2115792893684881&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mkpe24edd1fv&fsb=1&xpc=EoRxXXD8nF&p=https%3A//securityaffairs.co&dtd=255 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php

Request Chain 304

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.30&adk=2056284528&adf=1480696129&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706167&bpp=6&bdt=145&idt=278&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=1&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1593510019&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&u_sd=1&adx=320&ady=3474&biw=1600&bih=1200&isw=300&ish=250&ifk=1357115830&scr_x=0&scr_y=0&eid=44750344%2C31062938&oid=2&pvsid=697645183541000&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.159ofvi83vix&btvi=1&fsb=1&xpc=BLemY1WESA&p=https%3A//securityaffairs.co&dtd=287 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php

Request Chain 308

https://cm.g.doubleclick.net/pixel?google_nid=retargetly_ddp&google_hm=MjYxYWM1NDMtMmFkYi00NmJmLTljNDEtOTk0MWIzZjk0ZDkw&google_cm HTTP 302
https://app.retargetly.com/sync?pid=11&google_gid=CAESEOgQI0mmP-v05nXz7AIrJCY&google_cver=1

Request Chain 311

https://tags.bluekai.com/site/28347?limit=0&id=261ac543-2adb-46bf-9c41-9941b3f94d90&redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%24_BK_UUID%26pid%3D9 HTTP 302
https://app.retargetly.com/sync?sid=$_BK_UUID&pid=9

Request Chain 312

https://match.adsrvr.org/track/cmf/generic?ttd_pid=83i98y4&ttd_tpi=1 HTTP 302
https://api.retargetly.com/sync?pid=13&sid=61af09cb-dd21-4f9d-9184-bbdba37c3861

Request Chain 315

https://secure.adnxs.com/getuid?https://app.retargetly.com/sync?sid=$UID&pid=2 HTTP 302
https://app.retargetly.com/sync?sid=7101365080612594597&pid=2

Request Chain 316

https://trc.taboola.com/sg/retargetly/1/cm HTTP 302
https://app.retargetly.com/sync?pid=39&sid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422

Request Chain 317

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID HTTP 302
https://app.retargetly.com/sync?pid=14&sid=45F6F188-76D0-4A54-A484-5B43058467E9

Request Chain 318

https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5Bsas_uid%5D%26pid%3D63 HTTP 302
https://sync.smartadserver.com/getuid?gdpr=0&url=https://app.retargetly.com/sync?sid=[sas_uid]&pid=63&cklb=1 HTTP 302
https://app.retargetly.com/sync?sid=6385152086188523229

Request Chain 319

https://sync.teads.tv/rt/sync?vid=261ac543-2adb-46bf-9c41-9941b3f94d90&gdpr=0&us_privacy=%221-N-%22 HTTP 302
https://app.retargetly.com/sync?pid=51&sid=261ac543-2adb-46bf-9c41-9941b3f94d90

Request Chain 328

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A

Request Chain 329

https://sync.1rx.io/usersync2/rmphb?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&rndcb=4564588868 HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=6898545c-24c1-4abe-baea-debb19a058d5&ssp=adconductor HTTP 302
https://sync.1rx.io/usersync/bidswitch/31ba348f-e282-4377-8dde-51ff007e8204?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3DRX-efc3ff48-edad-484b-b7b5-b038c1c16661-003 HTTP 302
https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003

Request Chain 330

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7101365080612594597

Request Chain 331

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=

Request Chain 332

https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=5a87adb4-72b5-4191-8de1-10d1bcdcbc71

Request Chain 333

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=7101365080612594597

Request Chain 342

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=1&gdpr_consent=

Request Chain 344

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=VlKqq1gG_vlNUK2uV1qyqwJRp6tNWq2sUFKFPHW9

Request Chain 345

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=gPDRsrbz1MxgmS5&gdpr=1

Request Chain 359

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=1940171175&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 HTTP 301
https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Request Chain 365

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD34sLimAEQgAkYgQkyCLhTVvxEnQYN HTTP 301
https://tpc.googlesyndication.com/simgad/2401371329490837093

Request Chain 375

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEF2j2HZSkfrohab5QHMpx6k&google_cver=1&google_push=AYg5qPIK6_NlcvWDeGeYBQHtptMbDs1TQfC0Td9eloaPCbilIWRYAn74IJ0zc_irgls3SBcYJ04pI7bQVRvZ4GHmBsrYD1oWgT8ftw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIK6_NlcvWDeGeYBQHtptMbDs1TQfC0Td9eloaPCbilIWRYAn74IJ0zc_irgls3SBcYJ04pI7bQVRvZ4GHmBsrYD1oWgT8ftw&google_hm=MTIxNDE1ODg1MzExMDczNjA1MQ%3D%3D

Request Chain 377

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIPk68HyHWFijdOx25kqD1w&google_cver=1&google_push=AYg5qPIsPuG2pwx2qjtvfyHdviaEir-US1lcRDBGD32kL0zZKMzzGByQQoyfGNASaSPw-YxDWmIaRxUVyonUQ1TnjJ5zm9Nk3_D16g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YNVE1SlpCRTJ1Rl9sazNMbmUwTjZDbkRfOHRGV1ZmVH5B&google_push=AYg5qPIsPuG2pwx2qjtvfyHdviaEir-US1lcRDBGD32kL0zZKMzzGByQQoyfGNASaSPw-YxDWmIaRxUVyonUQ1TnjJ5zm9Nk3_D16g

Request Chain 378

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEJNuo8C4Pn8fNgGrWVfEtOg&google_cver=1&google_push=AYg5qPKkvAFRCumPYL-r9dntpVRhLeqCLKHnDXJYqpM2qgP7ZVAfWo2mJ69x6OZKuNF8JHaF669jGT6Pb9wQJq-OpoIRhiUzkalZBCw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWE4N2FkYjQtNzJiNS00MTkxLThkZTEtMTBkMWJjZGNiYzcx&google_push=AYg5qPKkvAFRCumPYL-r9dntpVRhLeqCLKHnDXJYqpM2qgP7ZVAfWo2mJ69x6OZKuNF8JHaF669jGT6Pb9wQJq-OpoIRhiUzkalZBCw

Request Chain 407

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

Request Chain 408

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

Request Chain 409

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

Request Chain 412

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

Request Chain 413

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

Request Chain 414

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

Request Chain 415

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

Request Chain 418

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

Request Chain 419

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

Request Chain 420

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

Request Chain 421

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

Request Chain 424

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

Request Chain 425

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

Request Chain 426

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

Request Chain 427

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

Request Chain 430

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

Request Chain 463

https://hal90008.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D440600292194193216%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%253D%253D_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=1436369749422&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90008.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D440600292194193216%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%253D%253D_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=1436369749422&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 464

https://hal90008.redintelligence.net/request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8511050824442122076%26mt_id%3D9399492%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=4462620703245&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90008.redintelligence.net/request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8511050824442122076%26mt_id%3D9399492%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=4462620703245&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 488

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:gPDRsrbz1MxgmS5&gdpr=0&gdpr_consent=

Request Chain 489

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:8B7CD86430D54DCA94C333B4F5F8B338

Request Chain 490

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=BwpziBUFTvh5eDdgXBEoNbnoF7s

Request Chain 491

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=82665815-24d2-11ec-94f9-95e76888ac45&gdpr=0&gdpr_consent=

526 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ta544-ursnif-campaigns-italy.html Show response
securityaffairs.co/wordpress/122875/malware/ 93 KB
25 KB 1085ms
1005ms Document
text/html 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: af90e1420d540cacc9dbe6df01efcfd660b70cf1dbc3c3fda37755ab5eb1a56b

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 04 Oct 2021 05:18:22 GMT
server: Apache
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/122875>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=122875>; rel=shortlink
content-encoding: gzip

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
39 KB 75ms
29ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

70c7de95ea7b8177b26053832937670fa1e20ce098a9adbc302b7c8c59c880bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38983
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Oct 2021 05:18:23 GMT

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 91 KB
91 KB 56ms
52ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b

Request headers

:path: /wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Fri, 23 Jul 2021 22:11:52 GMT
server: Apache
accept-ranges: bytes
etag: "16cb1-5c7d1b0db415e"
content-length: 93361
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 95ms
92ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

:path: /wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "2bf8-5b61073af996a"
content-length: 11256
content-type: text/css

GET
H2 200 wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 5 KB
5 KB 91ms
86ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

:path: /wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
accept-ranges: bytes
etag: "1360-597430d7ee92b"
content-length: 4960
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 96ms
90ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5cd29ad8a380c"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 28 KB
28 KB 103ms
98ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "7045-5cd29ad8a380c"
content-length: 28741
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 84ms
23ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 2143208
cdn-cachedat: 2021-06-08 21:08:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 019b3f3436c4e4ae35a484ff3de6c5a7
cf-ray: 698bf305b9b0374b-MXP
cdn-requestcountrycode: EG
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 100ms
95ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 106ms
100ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 107ms
102ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 129ms
41ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 132ms
43ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 136ms
43ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 140ms
45ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 143ms
44ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 196ms
93ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

:path: /wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
content-type: text/css; charset: UTF-8;charset=UTF-8
server: Apache

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 162ms
57ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 19 KB
19 KB 153ms
48ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1b11f2c81cddaa0d12147ff5fbecdec023a921b64088411da37f81915b8b4b40

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Tue, 07 Sep 2021 22:53:04 GMT
server: Apache
accept-ranges: bytes
etag: "4cdc-5cb6fa0dbd05a"
content-length: 19676
content-type: text/css

GET
H2 200 social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 12 KB
12 KB 178ms
51ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

:path: /wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Tue, 07 Sep 2021 22:53:03 GMT
server: Apache
accept-ranges: bytes
etag: "312f-5cb6fa0cb8483"
content-length: 12591
content-type: text/css

GET
H2 200 frontend-gtag.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 28 KB
28 KB 180ms
49ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1633324703
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499

Request headers

:path: /wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1633324703
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 29 Sep 2021 22:16:15 GMT
server: Apache
accept-ranges: bytes
etag: "6ffc-5cd29adbd0faf"
content-length: 28668
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 282 KB
282 KB 183ms
47ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

:path: /wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "46758-5c7d1b0e12d00"
content-length: 288600
content-type: application/javascript

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 25 KB
25 KB 183ms
44ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

:path: /wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "62d4-5b61073af5aea"
content-length: 25300
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 34 KB
35 KB 198ms
46ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "8960-5cd29ad8a47ac"
content-length: 35168
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 562 B
716 B 195ms
42ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

:path: /wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Sat, 08 May 2021 23:27:41 GMT
server: Apache
accept-ranges: bytes
etag: "232-5c1d9e407bb22"
content-length: 562
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 25 KB
8 KB 51ms
10ms Script
application/javascript 2600:9000:225e:2600:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:2600:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 5c8bd0c2f891239145b9a187e6490a89c8af9f6b5224cea83884f6c5662d1b48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 22:09:01 GMT
content-encoding: gzip
age: 203440
x-edge-origin-shield-skipped: 0
x-cache: Hit from cloudfront
content-length: 7318
server: nginx/1.20.1
etag: W/"612ef1c2-63db"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA60-P4
x-robots-tag: noindex, nofollow
x-amz-cf-id: NFum6UwWosXKXWvbllUE9TUjYpup3HNGo0Sl7WMStMxj3z6Qciz38w==
expires: Mon, 04 Oct 2021 20:47:43 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 183 KB
41 KB 59ms
21ms Script
text/javascript 13.32.99.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-22.fra60.r.cloudfront.net
Software: /
Resource Hash: 0f6bbb7e286f1f3ad2aadaa4794d4f1ce8d2a1a262f1a9b8851533edbd41ae79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:17:43 GMT
content-encoding: gzip
age: 40
etag: W/"2dcf1-WwF+elP/xnuwOSlGKk64bx4O0JA"
vary: Accept-Encoding
x-edge-origin-shield-skipped: 0
content-type: text/javascript; charset=utf-8
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: 5EmY2wZdFV8XCfmTofhftMYO7SRyoZN8yE62FPIRAjtp-j4k92-EfQ==

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 158 KB
53 KB 152ms
89ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

01db2a041002b9966fb510e92121ae32cd82a292273e111526ec30aacc9b158a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-mnt-h: 8-10
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "e204ed4801a81cd139e6a8621cdf78ab"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Mon, 04 Oct 2021 05:18:24 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-7
expires: Mon, 04 Oct 2021 05:23:24 GMT

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 55ms
49ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

:path: /wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H2 200 headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 973 B
1 KB 309ms
100ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Tue, 02 Mar 2021 20:36:48 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "603ea1e0-3cd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 973
expires: Wed, 06 Oct 2021 05:18:24 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 38ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 33ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 34ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 39ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b5e437e858684489065e8c849c2f635fbbe77d45665b69985e9929a1746baab7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: DHgICVJQYusFIdKukJHjDQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: 3F+XMfah9fGYAYp+mTNWDhQxqunJVgg3N80JkI/PyAegpB9jVR2PGZw9QE9xNII9/7eG69tKOeusCIqWxgJQrA==
x-fb-trip-id: 686109401
x-fb-content-md5: b521ffb62a5554e08560d74f78db461a
x-frame-options: DENY
date: Mon, 04 Oct 2021 05:18:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "ffbc5fa710589cf00c74d46d5a3ccfed"
timing-allow-origin: *
priority: u=3,i
expires: Mon, 04 Oct 2021 05:35:20 GMT

GET
H2 200 newsletter.png
securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 50 KB
50 KB 56ms
51ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1267fc6c8805b7f508e04bc8da776509420413adb25e197f12c9f9405c74ac6d

Request headers

:path: /wordpress/wp-content/uploads/2015/03/newsletter.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 11:53:22 GMT
server: Apache
accept-ranges: bytes
etag: "c758-527028d901080"
content-length: 51032
content-type: image/png

GET
H2 200 default.png
securityaffairs.co/wordpress/wp-includes/images/media/ 168 B
312 B 58ms
55ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-includes/images/media/default.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 6dfe1e05661b087111ce1b280d4f082cbfd2b786a0941224da5af2ce1b29fb75

Request headers

:path: /wordpress/wp-includes/images/media/default.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:28:46 GMT
server: Apache
accept-ranges: bytes
etag: "a8-526fe04b3e380"
content-length: 168
content-type: image/png

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 156 KB
157 KB 45ms
44ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5b39d119e2737c930750bf45e40b764356f7752456f087dda02da295db4dbdcb

Request headers

:path: /wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 29 Sep 2021 22:16:39 GMT
server: Apache
accept-ranges: bytes
etag: "27189-5cd29af2903a3"
content-length: 160137
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 40ms
40ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Tue, 07 Sep 2021 22:53:03 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5cb6fa0d874fc"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 89ms
89ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

:path: /wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Sun, 05 Sep 2021 22:22:00 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5cb46f619b099"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 40ms
40ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

:path: /wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:23 GMT
last-modified: Wed, 29 Sep 2021 22:16:39 GMT
server: Apache
accept-ranges: bytes
etag: "792-5cd29af29af83"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 40ms
40ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 39ms
39ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 41ms
40ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 42ms
42ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 41ms
41ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 41ms
41ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 44ms
44ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 39ms
39ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 39ms
39ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 43ms
41ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 42ms
41ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 55ms
43ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

:path: /wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 sharing.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 23 KB
23 KB 41ms
40ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Tue, 07 Sep 2021 22:53:04 GMT
server: Apache
accept-ranges: bytes
etag: "5a9e-5cb6fa0dbd05a"
content-length: 23198
content-type: application/javascript

GET
H2 200 e-202140.js Show response
stats.wp.com/ 9 KB
3 KB 32ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202140.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 04 Oct 2021 05:18:24 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Wed, 21 Sep 2022 02:00:41 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 31 KB
31 KB 56ms
53ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

:path: /wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "7cdc-5c7d1b0e301c1"
content-length: 31964
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 57ms
54ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

:path: /wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 53ms
14ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 1887
date: Mon, 04 Oct 2021 04:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Mon, 04 Oct 2021 06:46:57 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 66ms
9ms XHR
text/plain 18.198.109.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1633324704543.22683&hostname=securityaffairs.co&location=%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&title=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20ItalySecurity%20Affairs&sop=false&description=Proofpoint%20researchers%20reported%20that%20TA544%20threat%20actors%20are%20behind%20a%20new%20Ursnif%20campaign%20that%20is%20targeting%20Italian%20organizations.%20Proofpoint%20researchers%20have%20discovered%20a%20new%20Ursnif%20baking%20Trojan%20campaign%20carried%20out%20by%20a%20group%20tracked%20as%20TA544%20that%20is%20targeting%20organizations%20in%20Italy.%20The%20experts%20observed%20nearly%2020%20notable%20campaigns%20distributing%20hundreds%20of%20thousands%20of%20malicious%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.109.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-109-212.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:24 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
397 B 51ms
11ms Script
text/javascript 2600:9000:223c:be00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:be00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
via: 1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-edge-origin-shield-skipped: 0
etag: "e6e1643313740711175f51662a65b42f"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 30
x-amz-cf-id: VheUFuaAH6twjZhavIso1d5S2Bt8z1ruRGj7d3tCXZjBMAgvYCCr1A==

GET
H2 200 analytics.js Show response
google-analytics.com/ 48 KB
20 KB 72ms
14ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5443
date: Mon, 04 Oct 2021 03:47:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Mon, 04 Oct 2021 05:47:41 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 55ms
55ms Font
application/font-woff 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

:path: /wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
pragma: no-cache
origin: https://securityaffairs.co
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 Ursnif-TA544.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 38 KB
39 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?w=646&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

80b47c89ad12957e2f936f5b0dcbb4590c359cbc89e5050da3493f24604f7632

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Oct 2021 19:46:32 GMT
server: nginx
etag: "790df15d0f8d8244"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png>; rel="canonical"
content-length: 39410
expires: Wed, 04 Oct 2023 07:46:32 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 124ms
40ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT mxp 1
date: Mon, 04 Oct 2021 05:18:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Mon, 04 Oct 2021 05:23:24 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "156244085faab7d3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 15ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 13ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 6 KB
6 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Dec 2020 07:29:12 GMT
server: nginx
etag: "a6fb49f7a00a0498"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 6336
expires: Thu, 15 Dec 2022 19:29:12 GMT

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 8ms
8ms Image
text/plain 18.198.109.212
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1633324704543.22683&hostname=securityaffairs.co&location=%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&title=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20ItalySecurity%20Affairs&sop=false&description=Proofpoint%20researchers%20reported%20that%20TA544%20threat%20actors%20are%20behind%20a%20new%20Ursnif%20campaign%20that%20is%20targeting%20Italian%20organizations.%20Proofpoint%20researchers%20have%20discovered%20a%20new%20Ursnif%20baking%20Trojan%20campaign%20carried%20out%20by%20a%20group%20tracked%20as%20TA544%20that%20is%20targeting%20organizations%20in%20Italy.%20The%20experts%20observed%20nearly%2020%20notable%20campaigns%20distributing%20hundreds%20of%20thousands%20of%20malicious%20%5B%E2%80%A6%5D&description=Proofpoint%20researchers%20reported%20that%20TA544%20threat%20actors%20are%20behind%20a%20new%20Ursnif%20campaign%20that%20is%20targeting%20Italian%20organizations.%20Proofpoint%20researchers%20have%20discovered%20a%20new%20Ursnif%20baking%20Trojan%20campaign%20carried%20out%20by%20a%20group%20tracked%20as%20TA544%20that%20is%20targeting%20organizations%20in%20Italy.%20The%20experts%20observed%20nearly%2020%20notable%20campaigns%20distributing%20hundreds%20of%20thousands%20of%20malicious%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.109.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-109-212.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:24 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 14ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.1&blog=29506073&post=122875&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2152&rand=0.4748276202113597
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 244 B
673 B 148ms
110ms Script
text/javascript 2a03:2880:f01c:20e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

56ee4779896a3cda87081643cd201b98e3902207b4593d5f2f7e31e83c927c98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004497192
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 181
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 3Pjf35hFyyIpnAVknXE4zITiX7arQkkTh/G6Lc470CpEsBe81+hWBaFVcvrID8o1Vu0LOWdGFCEn7VyIioUdmQ==
x-fb-trace-id: C2AVitoIQO7
date: Mon, 04 Oct 2021 05:18:24 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AhR3beh5cAy9pgwSVEBQAPu
cache-control: no-store
facebook-api-version: v4.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 10ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.38830309404025054
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 261 KB
75 KB 23ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=390e0070ca55e094fcfa7f22c95433fe

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f6577ee303658159e42e5066ce2d0d276a3b95a91f6eb7c1fed2eca4e753094f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: JKgUA26til2Qr3N8y2SrTw==
cross-origin-resource-policy: cross-origin
expires: Tue, 04 Oct 2022 05:15:20 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 75584
x-fb-rlafr: 0
x-fb-debug: wD0VnalkpePo+QAez6G8DbQPRFB9AD8LoftT6VbKyrOvGjPykZla9Xouvca61JBl70Gf8m9tf9O5diDts5ncQw==
x-fb-trip-id: 686109401
x-fb-content-md5: 98e8adca8dfc304da3eb54715d6e9e38
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 04 Oct 2021 05:18:24 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "ab01497b3ec8f37cb5f983a5fdf2e637"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
207 B 25ms
25ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1575588932&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ul=en-us&de=UTF-8&dt=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20ItalySecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1764106260&gjid=1626690216&cid=1226984708.1633324705&tid=UA-59069958-1&_gid=921298451.1633324705&_r=1&gtm=2ou9r0&did=dNDMyYj&z=353380016

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
69 B 23ms
23ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1575588932&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ul=en-us&de=UTF-8&dt=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20ItalySecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1571483906&gjid=1643353722&cid=1226984708.1633324705&tid=UA-59069958-1&_gid=921298451.1633324705&_r=1&_slc=1&z=1696871264

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 74 KB
24 KB 1242ms
1242ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&nse=5&vi=1633324704161581815&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f13fcfbc4f3ab557e9e4380a0bb2ba9418fb6ee25deb1582c3930ba11ff20de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-32
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 04 Oct 2021 05:18:26 GMT
x-mnt-w: 21-zxhv, 21-05d4
content-length: 23925
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 4D5D 15 KB
6 KB 102ms
102ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5edeeb03f8fbbdcedb1d584d010a24de5e77d2b9866613b77daebba8d292eaa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Thu, 07 Apr 2022 05:18:24 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=109091
expires: Tue, 05 Oct 2021 11:36:35 GMT
date: Mon, 04 Oct 2021 05:18:24 GMT
content-length: 5705

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 72 KB
24 KB 513ms
513ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

67b40a6657ee7dc5c1c6c173e5991098a4522f5af8ca1d67ed3c36bf81d1a60b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-32
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 04 Oct 2021 05:18:25 GMT
x-mnt-w: 10-6, 10-6
content-length: 23912
expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 9FDE 15 KB
6 KB 94ms
94ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5edeeb03f8fbbdcedb1d584d010a24de5e77d2b9866613b77daebba8d292eaa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Thu, 07 Apr 2022 05:18:24 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=109091
expires: Tue, 05 Oct 2021 11:36:35 GMT
date: Mon, 04 Oct 2021 05:18:24 GMT
content-length: 5705

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 74 KB
24 KB 1292ms
1292ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&nse=5&vi=1633324704786610529&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a2e2946f7c7250d2fcd49dc2e9f58c26fd64a837d358d21778888119857e7449

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-32
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 04 Oct 2021 05:18:26 GMT
x-mnt-w: 21-r4xm, 21-4bqr
content-length: 24093
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame A924 15 KB
6 KB 85ms
85ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5edeeb03f8fbbdcedb1d584d010a24de5e77d2b9866613b77daebba8d292eaa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Thu, 07 Apr 2022 05:18:24 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=109091
expires: Tue, 05 Oct 2021 11:36:35 GMT
date: Mon, 04 Oct 2021 05:18:24 GMT
content-length: 5705

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 58 KB
17 KB 923ms
923ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&nse=5&vi=1633324704468348248&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4bd1ca758f1edc2476ab9f6b5d1ee6122c4544931a0ca0ce2099fa4aa99b153

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-32
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 04 Oct 2021 05:18:25 GMT
x-mnt-w: 21-x378, 21-sswz
content-length: 17435
expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 6F9E 15 KB
6 KB 79ms
77ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5edeeb03f8fbbdcedb1d584d010a24de5e77d2b9866613b77daebba8d292eaa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Thu, 07 Apr 2022 05:18:24 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=109091
expires: Tue, 05 Oct 2021 11:36:35 GMT
date: Mon, 04 Oct 2021 05:18:24 GMT
content-length: 5705

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 77ms
69ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1633324704161581815&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781032&r=1633324704810&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02109659104t202110040518&vgd_pgids=1&vgd_uspa=0&hvsid=00001633324704802031189952001740&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:24 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 04 Oct 2021 05:18:24 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 75ms
67ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1633324704991453479&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781032&r=1633324704842&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02109659104t202110040518&vgd_pgids=2&vgd_uspa=0&hvsid=00001633324704802031189952001740&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:24 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 04 Oct 2021 05:18:24 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 77ms
69ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1633324704786610529&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781032&r=1633324704852&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02109659104t202110040518&vgd_pgids=2&vgd_uspa=0&hvsid=00001633324704851031189952005846&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:24 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 04 Oct 2021 05:18:24 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 71ms
63ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1633324704468348248&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781032&r=1633324704864&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02109659104t202110040518&vgd_pgids=2&vgd_uspa=0&hvsid=00001633324704862031189952009288&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:24 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 04 Oct 2021 05:18:24 GMT

GET
H2 200 hb_v2.js Show response
cdn.pixfuture.com/ 33 KB
34 KB 79ms
29ms Script
application/javascript 2606:4700:20::681a:b9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/hb_v2.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 15:09:43 GMT
server: cloudflare
age: 137286
etag: W/"61533037-84f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f54rSWbwlFQ0bSD6JvIfUEe5HpnM9ybpEohEvaGCpIj3n%2BPgdGx10anZSTJBVPpXLwdmzP2FPPLsO%2FjK1pXDXveNgs3r5CxBLFLLxdFR%2FvW9I8Zi43Xkk9Imx7aGnKzmUFLKDhWjFsLKs97%2Flneq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
expires: Mon, 04 Oct 2021 15:09:53 GMT
cache-control: public, max-age=2678400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf30dfd550f6a-MXP
cf-bgj: minify

GET
H2 200 pbix.js Show response
cdn.pixfuture.com/ 423 KB
424 KB 24ms
24ms Script
application/javascript 2606:4700:20::681a:b9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/pbix.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 142442
cf-polished: origSize=433266
cf-bgj: minify
last-modified: Mon, 23 Aug 2021 13:19:22 GMT
server: cloudflare
etag: W/"6123a05a-69c72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vT%2F%2FHA%2BsP%2BbNT7uFD980v%2BZCQjg9U%2BuQZ79NmzrHTvQUSuIxoRayVxma5t%2B1QjLHc%2FnAXOPXHqT2RlAPxGgTIFF%2Fz1fPBsU1MQT1%2BCKqq8BI0jEOaxtFeR2wg22IItFFNoXJGwvjWjQQvXaxY23s"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400, no-transform
cf-ray: 698bf30e3d960f6a-MXP
expires: Mon, 04 Oct 2021 13:44:05 GMT

GET
H2 400 r.js
aa.agkn.com/adscores/ 0
0 87ms
21ms Script
text/plain 18.169.90.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.90.17 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com
Software: AAWebServer /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
server: AAWebServer
content-type: text/plain
content-length: 22
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 403ms
205ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=ta544,group,behind,spike,ursnif,malware,campaigns,targeting,italysecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: f7267b4c4becc62e48231ebdb1007abfeffa9cd4f5f88771f2b25f15992dfe2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:25 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 8 KB
9 KB 309ms
111ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=ta544,group,behind,spike,ursnif,malware,campaigns,targeting,italysecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5ba942318965279bb4daa57e9eda9de03194c052701098a59d42329f177534ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:25 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 11 KB
11 KB 478ms
280ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=ta544,group,behind,spike,ursnif,malware,campaigns,targeting,italysecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 4e26b2bf49c3c05e12708aceeb4729cc737c841b853b97a22e46a14e51a0e1bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:25 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 8 KB
9 KB 404ms
207ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=ta544,group,behind,spike,ursnif,malware,campaigns,targeting,italysecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5ba942318965279bb4daa57e9eda9de03194c052701098a59d42329f177534ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:25 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 76ms
20ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1

Protocol

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1601
date: Mon, 04 Oct 2021 05:18:24 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=5jGPyXxLb094MEFGNnYrc0VvRGJoV2JCWGRwYTFHTHRzRkxvamJFaDNNVVY0QUpxR21TakZrZDJVTnAxRFVMOEtPczl2dnRkclBjVFdrTEMxb2hNVS9vYzJPU29vSHpkYzF5Wm5wWENNbWF1VU1CQUQ5NEFhSDg0MW16em...

350 B
607 B

44ms
17ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=5jGPyXxLb094MEFGNnYrc0VvRGJoV2JCWGRwYTFHTHRzRkxvamJFaDNNVVY0QUpxR21TakZrZDJVTnAxRFVMOEtPczl2dnRkclBjVFdrTEMxb2hNVS9vYzJPU29vSHpkYzF5Wm5wWENNbWF1VU1CQUQ5NEFhSDg0MW16emdRa1BvdlRSVGtyMWNLU3FMYnhrZTBqSGFmQTZrKythZEZIaWI3QjhZck5uU3B6b2FuK0YxSVpEZ1NnTXZyZld0Q21aMEd6R3N3U3RLMVpMQ2RLeHdJci8zeENrREs5blZ2clI0NTNkcG9sd0ZOZnhrOThtd095WVBJWlFJNkRTNUJiUWUyN0dpfA&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

86377b80827686f76d68e3cad5aa584040b8d69e0b17172e8f4c7b2eb5653cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Mon, 04 Oct 2021 05:18:25 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2780
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 04 Oct 2021 05:18:24 GMT
location: https://mug.criteo.com/sid?cpp=5jGPyXxLb094MEFGNnYrc0VvRGJoV2JCWGRwYTFHTHRzRkxvamJFaDNNVVY0QUpxR21TakZrZDJVTnAxRFVMOEtPczl2dnRkclBjVFdrTEMxb2hNVS9vYzJPU29vSHpkYzF5Wm5wWENNbWF1VU1CQUQ5NEFhSDg0MW16emdRa1BvdlRSVGtyMWNLU3FMYnhrZTBqSGFmQTZrKythZEZIaWI3QjhZck5uU3B6b2FuK0YxSVpEZ1NnTXZyZld0Q21aMEd6R3N3U3RLMVpMQ2RLeHdJci8zeENrREs5blZ2clI0NTNkcG9sd0ZOZnhrOThtd095WVBJWlFJNkRTNUJiUWUyN0dpfA&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1792
content-length: 509
expires: 0

POST
H/1.1 200 529.json Show response
id5-sync.com/g/v2/ 213 B
536 B 47ms
10ms XHR
application/json 54.36.109.46
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/529.json

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.46 , France, ASN16276 (OVH, FR),

Reverse DNS

p01.id5-sync.com

Software

Resource Hash

55d44ea6bf6d34d33f6f829b63b43e6689bce015ab6ce7eab7538c7a889c49c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://securityaffairs.co
Date: Mon, 04 Oct 2021 05:18:19 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
545 B 131ms
31ms XHR
application/json 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 71f33fbdf52cde5ccd310865b5272b92f95714750cd2b66062ca30b7c8e8b2d5

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Wed, 03 Nov 2021 05:18:25 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

0
1007 B

20ms
20ms

Script
application/javascript

185.33.221.14
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 97910134-0e4b-4386-b20b-0bd69fc9f127
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2383106c-14cd-408a-b0dc-ebfa6bebcea4
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

0
1007 B

16ms
16ms

Script
application/javascript

185.33.221.14
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: da9e3765-5401-4ea3-a04d-5672354d3318
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3980ed85-424a-4f99-baa5-b0af487d2497
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame 201D 91 KB
30 KB 52ms
52ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 04 Oct 2021 05:18:25 GMT
content-length: 30050
expires: Mon, 18 Oct 2021 05:18:25 GMT

GET
H2 200 1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame 201D 42 B
204 B 34ms
34ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800028474/1x1.gif

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
last-modified: Mon, 04 Jun 2018 10:04:19 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=509203
accept-ranges: bytes
content-length: 42
expires: Sun, 10 Oct 2021 02:45:08 GMT

GET
DATA 200
OK truncated
/ Frame 201D 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 201D 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet19.woff
contextual.media.net/__media__/fonts/bullet19/ Frame 201D 2 KB
2 KB 61ms
23ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet19/bullet19.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

93326772c35f1eb84dce912da5bf0934aee2d22abdd94c35786bf4cc7e472822

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1796
expires: Tue, 05 Oct 2021 05:18:25 GMT

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ 288 B
660 B 306ms
98ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 288
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 154 B
511 B 319ms
114ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 0503a4c7c694a6185935b181a6cb19bdc36889f0a312b5bb51819e3494f51b87

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 154
Expires: 0

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 172 B
359 B 51ms
26ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=36d6e531-6a24-4986-9930-1dcb8be8c588&nocache=1633324705469&id5id=0&pubcid=95b8cd5c-79ed-4111-a837-49907834dac7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPXRhNTQ0LGdyb3VwLGJlaGluZCxzcGlrZSx1cnNuaWYsbWFsd2FyZSxjYW1wYWlnbnMsdGFyZ2V0aW5nLGl0YWx5c2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD10YTU0NCxncm91cCxiZWhpbmQsc3Bpa2UsdXJzbmlmLG1hbHdhcmUsY2FtcGFpZ25zLHRhcmdldGluZyxpdGFseXNlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 3a88a3954683c0882744f7ab6f5942541102329a40e89ae8f350d52b7d25180d

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 163
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 161ms
97ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=36d6e531-6a24-4986-9930-1dcb8be8c588&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.18748152591602052
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: c494afaf6d0abca5aa11af1e415a27b09967b79cea7e8b5b9e92908fe673deeb

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 128ms
93ms XHR
text/plain 18.156.157.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.157.131 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-157-131.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 04 Oct 2021 05:18:25 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 3 KB
3 KB 195ms
145ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 80c5c6025695fa6899d1c7d0b4d7d9816da8c1d5d694d9714c6c196340602263

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2957

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
748 B 536ms
215ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 28557d00a82cd139b8e346448c20a6e0fc477113a22e9f81f3a0e5f4cd3b4bf1

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 4 KB
2 KB 131ms
73ms XHR
application/json 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 1022c493b64eeba14864943cd46e28c99a150fb23cba0010d5f11fde92ef2b95

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
content-encoding: gzip
x-openrtb-version: 2.3
content-type: application/json
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 2029

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
737 B 131ms
65ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221688392a8bf9fd9%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&s=daae1d37-562b-470f-ab18-77999990ea27&pv=9dd35018-3df3-44bd-a0cc-f9857870abe1&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=ta544%2Cgroup%2Cbehind%2Cspike%2Cursnif%2Cmalware%2Ccampaigns%2Ctargeting%2Citalysecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b6a6c5954b3ded44b34412778aa9112112fd05b51a643ba68e3a473c91b77870

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-128
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 201ms
159ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

cec1a8e1fd706debcbf04f84699a6ba787d9ac4c9c1e29d10f5b77c0efdfd8c4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 47530a4f-142a-4b03-b00d-1b032bb411e8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
299 B 148ms
97ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 92d27b7003b6713c05a135a723416d2676d213ff31a60af4f088b02556624633

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 153 B
510 B 305ms
108ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e7c043afd47d2ec49eeea5bac2de40d01df271069e33c1ebf590250c9f38f7c3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 153
Expires: 0

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 97ms
78ms XHR
text/plain 18.156.157.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.157.131 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-157-131.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 04 Oct 2021 05:18:25 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
733 B 98ms
42ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2227dced3808315ea%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&s=ac1bbe4b-4945-482a-acd3-e5103952d35a&pv=9dd35018-3df3-44bd-a0cc-f9857870abe1&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=ta544%2Cgroup%2Cbehind%2Cspike%2Cursnif%2Cmalware%2Ccampaigns%2Ctargeting%2Citalysecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

e71394d47d07efdf4b98d4300ba8be85f1b807907b4739f9b82cd1e8bb458d62

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 147ms
105ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: d2e1117e3dd8100eda4042bb9d2970303e6772f25611fb5b1b14eddb11ee83d4

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 237 B
1 KB 119ms
75ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=5e4e387b-ff62-4033-a879-2de08d6f5b7f&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.48945756229023374
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: f9405730533352ece60dc4c23d8cb6dd16158fdcdc419343bda3c55a7573ba65

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 237
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 172 B
558 B 26ms
24ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5e4e387b-ff62-4033-a879-2de08d6f5b7f&nocache=1633324705493&id5id=0&pubcid=95b8cd5c-79ed-4111-a837-49907834dac7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXRhNTQ0LGdyb3VwLGJlaGluZCxzcGlrZSx1cnNuaWYsbWFsd2FyZSxjYW1wYWlnbnMsdGFyZ2V0aW5nLGl0YWx5c2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD10YTU0NCxncm91cCxiZWhpbmQsc3Bpa2UsdXJzbmlmLG1hbHdhcmUsY2FtcGFpZ25zLHRhcmdldGluZyxpdGFseXNlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 3e08fe4af64033bcd0a528f726a205c87c3c7995bc25e5204468f76dd5cc0347

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
749 B 478ms
165ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 7044348fa5a2245fc25fdec5804f0201ff34001468141e4e5d59552d0f6042c8

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 124ms
88ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

61c670d66466b3cc1f2710f83bea12ed2dcd359b99dc3d3fca2cf89c851a3990

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4b9d0a6b-8413-46b8-97c8-e766340c7517
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 90ms
51ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 04 Oct 2021 05:18:23 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 153 B
510 B 324ms
108ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 201cce4a2f86cbab05172b1bb2c7c3594773d926104e745c7bd03ed43e666745

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 153
Expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 99ms
65ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=fe738827-d23a-4f15-8606-45f5fdb8a3d7&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6895706825296404
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 980e81c9c89ff9c2db93bcbe5411886b3cfeae0b4d24df3d443469b4ba829105

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
737 B 87ms
40ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22469bd34f01288f6%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&s=c58a3692-08f6-4864-b208-8a79174126b7&pv=9dd35018-3df3-44bd-a0cc-f9857870abe1&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=ta544%2Cgroup%2Cbehind%2Cspike%2Cursnif%2Cmalware%2Ccampaigns%2Ctargeting%2Citalysecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

903c143e96b69858fbbf1827094da475e5e5f36b2b6a005a665a944d45ebbdaf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-128
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
115 B 13ms
13ms XHR
text/plain 18.156.157.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.157.131 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-157-131.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 04 Oct 2021 05:18:25 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 123ms
98ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: a6ddc606a5f92ca03f0ba41bc12275db3d2854546069c7ea5cba3e825c47f484

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 153ms
121ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

332faa7b54a06c6a10c3247e5038c9d28b526c433eaee3e971f5af1b0c6ccd0c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bb63ad20-b027-4fe1-8016-3c92f537f46d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 172 B
354 B 21ms
21ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=fe738827-d23a-4f15-8606-45f5fdb8a3d7&nocache=1633324705511&id5id=0&pubcid=95b8cd5c-79ed-4111-a837-49907834dac7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXRhNTQ0LGdyb3VwLGJlaGluZCxzcGlrZSx1cnNuaWYsbWFsd2FyZSxjYW1wYWlnbnMsdGFyZ2V0aW5nLGl0YWx5c2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD10YTU0NCxncm91cCxiZWhpbmQsc3Bpa2UsdXJzbmlmLG1hbHdhcmUsY2FtcGFpZ25zLHRhcmdldGluZyxpdGFseXNlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 760d7525a654b1ac6b2da0bf30a513870bf2b1e39c93bc7802406685d0f9a3be

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
749 B 475ms
165ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: c81ec9ce98dd2562702657a24118bfbfbd4c18bbbc38dd84b0a9022155dc6fe8

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 81ms
58ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 04 Oct 2021 05:18:23 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 57ms
15ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1064
date: Mon, 04 Oct 2021 05:18:24 GMT
content-encoding: gzip
vary: Accept-Encoding

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 154 B
511 B 342ms
129ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3341d250a4897f99c4d130e59a6e91a3eec31c6bb1e404e965b417bb19251c21

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 154
Expires: 0

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 4 KB
2 KB 69ms
53ms XHR
application/json 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 34c65b37a9af0658e776fc7a70a2a9413d104389ead21b4862e92f29b4c11969

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
x-openrtb-version: 2.3
content-type: application/json
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 2022

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
748 B 516ms
213ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 1af78a755de343aa7a79d32b2de537efb743110b830775509ff2426ec22fde97

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 171 B
354 B 22ms
19ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8a4f8391-6e04-4c9b-908a-fa9f60ff69f8&nocache=1633324705520&id5id=0&ttduuid=61af09cb-dd21-4f9d-9184-bbdba37c3861&pubcid=95b8cd5c-79ed-4111-a837-49907834dac7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPXRhNTQ0LGdyb3VwLGJlaGluZCxzcGlrZSx1cnNuaWYsbWFsd2FyZSxjYW1wYWlnbnMsdGFyZ2V0aW5nLGl0YWx5c2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD10YTU0NCxncm91cCxiZWhpbmQsc3Bpa2UsdXJzbmlmLG1hbHdhcmUsY2FtcGFpZ25zLHRhcmdldGluZyxpdGFseXNlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 21fb6669831f4b29de40526b1fd433592bb04de5bb2553a2ba6377c428515dd0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 109ms
97ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 3c14962e90d8f2af3e337786fd6d4ea6b1681d7c14e55cf85f14686fe3c3f036

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 113ms
92ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&tpid_tdid=61af09cb-dd21-4f9d-9184-bbdba37c3861&eid_adserver.org=61af09cb-dd21-4f9d-9184-bbdba37c3861&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=8a4f8391-6e04-4c9b-908a-fa9f60ff69f8&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2647997315577024
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a41492dbca955d5303c86aab7e60af2af2bde50acb573d8492b600cf3a318e60

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 1630
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 418ms
390ms XHR
application/json 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

341fa05752a25195efd1210ffb0fb2b85c6d053898f5fcb27554e9e8b4214e8c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bb04ac5d-e56d-4ffa-bf02-a747f8327838
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
478 B 129ms
109ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&eidadserver.org=61af09cb-dd21-4f9d-9184-bbdba37c3861&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: bb31b904dbeee641950494649724a1883b489e2698318a41512319174d50fa6c

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
737 B 83ms
42ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22775894b518d26d4%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&s=8282c652-0432-4664-a714-4ea823d996c5&pv=9dd35018-3df3-44bd-a0cc-f9857870abe1&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22tdid%22%3A%2261af09cb-dd21-4f9d-9184-bbdba37c3861%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2261af09cb-dd21-4f9d-9184-bbdba37c3861%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&kw=ta544%2Cgroup%2Cbehind%2Cspike%2Cursnif%2Cmalware%2Ccampaigns%2Ctargeting%2Citalysecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

807d569a0269641cf846ccde02931d975c6d3172cdb9df78f436a325f14a5b98

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 201D 15 B
216 B 45ms
44ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633324704802031189952001740&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRMc6MBiOpUfjd6GjmFqdSlX8Cm0SfMMmJPQLWZSbEMkb8_chNrW_2j1rrRfKodR70O66YWpRClgy6-EGXYWvLYU%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SK6EICjJFr7UdgiYLSBlPk4DfvdjLKWuvsV2-gpbjmkoUi5SE7Xg9JxxIKQ58fTLldLAHBHQyLJ4MIJgLUB4D84839HeWRovJSbCcfnWCWVrnURI_PkZH0RkrMgQC6Rd53jJ8FqlSHDLAGNx8-psxVu058lMg4iCBIbzzteWkK1albLaDh3tCCeKjbu7t5DNz2n3jy9imFXaO4WaUaBssBF_utoAl1AcqE%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CBuAo4uYpv0ijUpJ8sMAAw-FglnbfpPwtTb08T_sSIxplvmegtWK5itdEonDVSQtJowwi4KPpF1NhIdbsuDFNc3jiTEwoTiosH7YGhFWbTdc%3D%7CN7fu2vKt8_s%3D%7CiMoiYkoeEi9rA89oS8E7VOySjcUH-mked5nuiosMGQE1z5jHwH0zLVoWMoS-E_kE4SGsjqrClSqJXD_3BF4Pa0m79HFX9sSAxDkJH44S5tHcrzZrCnHiIsmyPE9GoHt_IF373kFYMTUgk5A26EZRPUYwR4RIqdqrX6-A1LK9pZjkBRBtF0xKJaaGXnSOmaqYkqz8wIPcf3HcSwr7drwG1Q%3D%3D%7C&hint=&td=&cc=DE&wsip=2887305232&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=439&kwd[]=Top%20Anti%20Virus%20Softwares%20in%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=330164244&kbc2[]=ps%3D0.981%7C%7Crpc%3D0.13%7C%7Clvl%3D1.00&ktd[]=824650629376&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=329900794&kbc2[]=ps%3D0.981%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Anti%20Spyware%20Malware&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=1917616&kbc2[]=ps%3D0.981%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=824650629376&kwd[]=Ways%20to%20Detect%20Computer%20Malware&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329812251&kbc2[]=ps%3D0.981%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&rand=1633324705547&cid=8CU5BD6EW&vwid=1633324704991453479&vi=1633324704991453479&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_lhl=957&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633324704840&upk=1633324705.13938&hvsid=00001633324704802031189952001740&verid=3121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=3&vgd_pgid=p02109659104t202110040518&matm=1633324705554&vgd_ltime=718&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=807619827&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D3&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305232&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2860&vgd_ren_page_h=5068&vgd_cty=FRANKFURT&vgd_l1hcsd=A10%7C6515&vgd_sethcsd=A32%7C6517&vgd_cfud=200203&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=600_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633324704991453479%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f122875%252fmalware%252fta544-ursnif-campaigns-italy.html%26%26katid%3D807619827%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A600%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A4&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:25 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 04 Oct 2021 05:18:25 GMT

POST
H2 200 log
navvy.media.net/ Frame 201D 35 B
207 B 175ms
152ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2

200

/ Show response
ads.us.e-planning.net/uspd/1/ Frame E981
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

3 KB
1 KB

19ms
19ms

Document
text/html

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: bfefa9fdba5c9075a1c2ccb53a3a402d33a46a6f6b4145fb66224c16b4cbaa3c

Request headers

:method: GET
:authority: ads.us.e-planning.net
:scheme: https
:path: /uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: CT=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: openresty
date: Mon, 04 Oct 2021 05:18:25 GMT
content-type: text/html
cache-control: max-age=0, no-cache
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
set-cookie: E=AGqYWGPljfJO7od9; path=/; domain=e-planning.net; expires=Mon, 02-Oct-2028 05:18:25 GMT; SameSite=None; Secure
expires: Mon, 04 Oct 2021 05:18:25 GMT
x-sid: AMS-603
content-encoding: gzip

Redirect headers

server: openresty
date: Mon, 04 Oct 2021 05:18:25 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: CT=1; path=/; SameSite=None; Secure
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
x-sid: AMS-603

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame 6A39 91 KB
30 KB 46ms
46ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 04 Oct 2021 05:18:25 GMT
content-length: 30050
expires: Mon, 18 Oct 2021 05:18:25 GMT

GET
DATA 200
OK truncated
/ Frame 6A39 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6A39 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e9a9ba24042f2effe58a5d585f70a7bc4b917e60ddcb9a780ad03817a78381f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet12.woff
contextual.media.net/__media__/fonts/bullet12/ Frame 6A39 2 KB
2 KB 25ms
24ms Font
font/woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet12/bullet12.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1716
expires: Tue, 05 Oct 2021 05:18:25 GMT

GET
H2 200 OpenSans_Bold.woff
contextual.media.net/__media__/fonts/OpenSans_Bold/ Frame 6A39 25 KB
25 KB 22ms
21ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/OpenSans_Bold/OpenSans_Bold.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25720
expires: Tue, 05 Oct 2021 05:18:25 GMT

GET
H2

200

um
u-ams02.e-planning.net/ Frame E981
Redirect Chain

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D1499e6f6da76f6d7
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=1499e6f6da76f6d7

42 B
103 B

15ms
15ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=1499e6f6da76f6d7
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=1499e6f6da76f6d7
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dataxpand_28122020.js Show response
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame E981 39 KB
14 KB 58ms
17ms Script
application/x-javascript 5.178.65.252
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
last-modified: Mon, 28 Dec 2020 16:45:03 GMT
server: openresty
etag: W/"5fea0b8f-9a72"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 03 Oct 2026 05:18:25 GMT

GET
H2 200 retargetly_030920.js Show response
s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/ Frame E981 2 KB
1 KB 65ms
25ms Script
application/x-javascript 5.178.65.252
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 18:45:03 GMT
server: openresty
etag: W/"5f5139af-857"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 03 Oct 2026 05:18:25 GMT

GET
H2 200 t3m.js Show response
tags.t.tailtarget.com/ Frame E981 26 KB
9 KB 29ms
7ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.t.tailtarget.com/t3m.js?i=TT-10759-0/CT-1261
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: nginx/1.8.1 /
Resource Hash: 0dbd6403c5a3cd65b34063741db8d791fd9eb988159a990c75169b2c7f36f4ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 04:05:40 GMT
content-encoding: gzip
age: 4365
x-guploader-uploadid: ADPycdvCd0hjgbyY3JXGvx0kOQ2kbXYI-Ni2LrB7uT9UDMGiUdQynTsEc0RY5_grtI93aqfUxeHsaKyvrRueNPvuDgybF7jHxA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 8646
last-modified: Thu, 16 Sep 2021 18:47:23 GMT
server: nginx/1.8.1
etag: "7a0d51fa0e81c614d214772858a1315c"
vary: Accept-Encoding
x-goog-hash: md5=eg1R+g6BxhTSFHcoWKExXA==
x-goog-generation: 1631818043241112
via: 1.1 google
cache-control: max-age=7200,public
x-goog-stored-content-length: 8646
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 04 Oct 2021 06:05:40 GMT

GET
H2

200

um
u-ams02.e-planning.net/ Frame E981
Redirect Chain

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D1499e6f6da76f6d7%26uid%3D%24%7BUID%7D
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=1499e6f6da76f6d7&uid=7fca7dca-69f5-4d0f-996d-416d9d482bb7

42 B
103 B

34ms
15ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=1499e6f6da76f6d7&uid=7fca7dca-69f5-4d0f-996d-416d9d482bb7
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=1499e6f6da76f6d7&uid=7fca7dca-69f5-4d0f-996d-416d9d482bb7
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: goag40pit0ed8eplis5bjfn7pitjav88

GET
H/1.1 200 ptag Show response
a.audrte.com/ Frame E981 5 KB
2 KB 421ms
103ms Script
text/plain 3.213.248.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptag?p=M1353665098
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.213.248.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-248-174.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: a43679ef47d0fa04890f4af0765213fda6c4f40af1fb47b670839bf8493e8f6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-transform, public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1682

GET
H2 200 lotame.js Show response
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame E981 266 B
415 B 65ms
26ms Script
application/x-javascript 5.178.65.252
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-encoding: gzip
last-modified: Thu, 19 Nov 2020 16:18:03 GMT
server: openresty
etag: W/"5fb69abb-10a"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 03 Oct 2026 05:18:25 GMT

GET
H2 204 current
prebid-match.dotomi.com/match/bounce/ Frame E981 0
104 B 116ms
59ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-match.dotomi.com/match/bounce/current?networkId=72582&version=1&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3D1499e6f6da76f6d7%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame E981
Redirect Chain

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D1499e6f6da76f6d7
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

95 B
222 B

13ms
13ms

Image
image/png

168.119.146.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.146.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

Redirect headers

location: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date: Mon, 04 Oct 2021 05:18:25 GMT
server: nginx/1.14.2
content-type: text/html; charset=UTF-8

GET
H2

200

um
u-ams02.e-planning.net/ Frame E981
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D1499e6f6da76f6d7%26uid%3D%24UID
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1499e6f6da76f6d7&uid=7101365080612594597

42 B
104 B

56ms
14ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1499e6f6da76f6d7&uid=7101365080612594597
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 472ffba2-1c45-44ad-b6fb-c93770ac43cb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1499e6f6da76f6d7&uid=7101365080612594597
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame E981 0
474 B 72ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D1499e6f6da76f6d7%26uid%3D%5BUID%5D

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.e-planning.net/ Frame E981
Redirect Chain

https://ups.analytics.yahoo.com/ups/58414/occ
https://ups.analytics.yahoo.com/ups/58414/occ?verify=true
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A

42 B
103 B

23ms
15ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
server: openresty
content-type: image/gif

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

um
u-ams02.e-planning.net/ Frame E981
Redirect Chain

https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3D1499e6f6da76f6d7%26uid%3D%7B%24UID%7D
https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=1499e6f6da76f6d7&uid=5bb3c833b178c58539bd8e86c821d09d4ee71010

42 B
103 B

15ms
15ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=1499e6f6da76f6d7&uid=5bb3c833b178c58539bd8e86c821d09d4ee71010
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
server: openresty
content-type: image/gif

Redirect headers

Location: https://u-ams02.e-planning.net/um?dc=227acb3d18564968&fi=1499e6f6da76f6d7&uid=5bb3c833b178c58539bd8e86c821d09d4ee71010
Date: Mon, 04 Oct 2021 05:18:26 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 3420
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

281 B
554 B

36ms
8ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Cookie: rsid=1|AIfsdBUO++vuGxiryvY4NyLqsLINffPD0ndRTZPwOWBzr4eVPwTuL9+eZLvlgeCkRh3C4GjGYWrGRQSWDHOtFAT+ngdUyQJYykllPZjhEHJw9y7GDs9f; khaos=KUC7CWLQ-8-5CFW; audit=1|hLZGFuTafB0ctMvC8Udn4wlE2IyiwyordnwCfVF8zn4qxomP/o7qYhPx+QOC0BlCzYmEmZ/QEGXIxIvkAgQ2rTOZUHL6E73cMj20TaXysiPQD5U7tEfUTQ==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
ETag: "403b8-119-5cd3a8e7e6a80"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Oct 2021 05:18:25 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Date: Mon, 04 Oct 2021 05:18:25 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6063 14 KB
5 KB 84ms
18ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=58961
expires: Mon, 04 Oct 2021 21:41:06 GMT
date: Mon, 04 Oct 2021 05:18:25 GMT
vary: Accept-Encoding

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 6A39 15 B
216 B 28ms
27ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633324704862031189952009288&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRMc6MBiOpUfjd6GjmFqdSlX8Cm0SfMMmJPQLWZSbEMkb8_chNrW_2j33beMg_64-DBHunFfRR3qa&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SKGITfZHW_SL3PfgkCxEJpZr_0bwRiNPy6Pjm59LI70izkg6F9Bp_k5q1YjB957gMrBx6t6NWFqVFErmK7FoTv2cB74N4MZTAf9NfDO8E1cr7iVS-_Ym5Oovk8-nVgOuX8ITqiw7Hg_FictKtKkXxECra2VCT758NZ_vv4LLg7NB99fMkJ6X4s99Y15fdpemZuT8hZXl3a0oPUoAEzD2DJ9m1Gz3gX_A9M%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CBuAo4uYpv0ijUpJ8sMAAw-FglnbfpPwtTb08T_sSIxplvmegtWK5itdEonDVSQtJowwi4KPpF1NhIdbsuDFNc3jiTEwoTiosH7YGhFWbTdc%3D%7CN7fu2vKt8_s%3D%7CSugUF8l65Xc-wI3694bb1znppLZEiz2JM5dPglVHZqTVaCLumCbMfC5IQxni_L5h3JsyuVOlyc3NYdNojl3EBCP_1qQJ29mal8u9qfNQWluBEvKlW5yGi-wKDegFN5O21muliFadw_Csm7G7bsMUM6IWB9V3ToLOUXZ71hkFVvC7oPnnH5WWmL7qAsCFvoY2aXCxAEPHU4Hw9ok89N_py4dNhlQ7E-1W%7C&hint=&td=&cc=DE&wsip=170721376&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=439&kwd[]=Top%20Anti%20Virus%20Softwares%20in%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=330164244&kbc2[]=ps%3D1.014%7C%7Crpc%3D0.13%7C%7Clvl%3D1.00&ktd[]=824650629376&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=329900794&kbc2[]=ps%3D1.014%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Anti%20Spyware%20Malware&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=1917616&kbc2[]=ps%3D1.014%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=824650629376&kwd[]=Ways%20to%20Detect%20Computer%20Malware&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329812251&kbc2[]=ps%3D1.014%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Advance%20Malware%20Protection&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329807601&kbc2[]=ps%3D1.014%7C%7Crpc%3D0.03%7C%7Clvl%3D1.00&ktd[]=824650629376&rand=1633324705859&cid=8CU5BD6EW&vwid=1633324704468348248&vi=1633324704468348248&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_lhl=958&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633324704862&upk=1633324705.13938&hvsid=00001633324704862031189952009288&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=16&vgd_pgid=p02109659104t202110040518&matm=1633324705866&vgd_ltime=1029&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=807619810&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D16&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721615&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=466&vgd_ren_page_h=5068&vgd_cty=FRANKFURT&vgd_l1hcsd=A10%7C6515&vgd_sethcsd=A32%7C6517&vgd_cfud=200303&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633324704468348248%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f122875%252fmalware%252fta544-ursnif-campaigns-italy.html%26%26katid%3D807619810%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:25 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 04 Oct 2021 05:18:25 GMT

POST
H2 200 log
navvy.media.net/ Frame 6A39 35 B
97 B 152ms
152ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum.casalemedia.com/ Frame 65AD
Redirect Chain

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1

2 KB
3 KB

39ms
39ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b3c77bee344231abc64c92f5d453e1def424cd3eeefc7ca5bccfa0e4933e379e

Request headers

Host: ssum.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YVqOomglqcq9MacdpjW8DAAA; CMPS=5209
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|241|230|45|64|81|65|191
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1644
Expires: Mon, 04 Oct 2021 05:18:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Connection: keep-alive
Set-Cookie: CMID=YVqOomglqcq9MacdpjW8DAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 05:18:26 GMT CMPS=5209;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 05:18:26 GMT CMPRO=1215;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 05:18:26 GMT CMST=YVqOomFajqIA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 05 Oct 2021 05:18:26 GMT CMRUM3=f1615a8ea205a0&bf615a8ea205a0&27615a8ea20b40&51615a8ea205a0&40615a8ea205a0&2d615a8ea205a0&e6615a8ea22760&41615a8ea205a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 05:18:26 GMT

Redirect headers

Server: Apache
Content-Length: 345
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Mon, 04 Oct 2021 05:18:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Connection: keep-alive
Set-Cookie: CMID=YVqOomglqcq9MacdpjW8DAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 05:18:26 GMT CMPS=5209;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 05:18:26 GMT

GET
H2 200 loader Show response
api.retargetly.com/ Frame E981 11 KB
5 KB 178ms
131ms Script
application/javascript 2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.retargetly.com/loader?id=1473
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d22884064f4d7b34e4a0c7ef2767d21363923c795416100088d9d910a32a63c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf3147dd7f92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: public, max-age=604800
content-type: application/javascript
expires: Mon Oct 11 2021 05:18:26 GMT+0000 (UTC)

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame F5A7 2 KB
823 B 31ms
8ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5927d926323dc2c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=5927d926323dc2c
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
spl.zeotap.com/ Frame 399C 8 KB
2 KB 102ms
49ms Document
text/html 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 718c820f565e8ec3c9519b18a609223422cdcfa8d8de97294e762a7f81b12247

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://ads.us.e-planning.net
set-cookie: zc=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=H%D3%2A%12h%25S%F9m%01p%09%3D%A9%BB%D9%A1h%9D%11%C6%CFr%F4%26i%3B%10%E0-%94%96%E0%B2r~%28%A9sZ%9F%CAZ%D0%BAkD%90%2A2%2B%18%90%A8%11%A9%1D%D7%87%DC%7F+nz%DDyI%3A%606%83%08%E4+%89f%E5%3AI%A2Du%14%D8M%DB%A9%11%1D%E5y%25%D8%DAT.%D0%10%5D%85v%2C%99%7D%3EU%9D%0E%C6%99t%15%7F%1C%AE%AB%DEb%3E%3B%11%AEr%E5j%AF%E9%91%9D%0C%B3D%159%0F%B01%99CY%07Y%049%02%92%0C7mO%1C%0B%0D%CD%B1%F5W%DE%D8%B1j%A5%25%DC%5D4%9B%DA; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf3149e6c3760-MXP
content-encoding: br

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 3420 31 KB
9 KB 8ms
8ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=38067
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9275
Expires: Mon, 04 Oct 2021 15:52:52 GMT

GET show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 1BB1 0
0

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 99ms
99ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:26 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 3420 0
239 B 72ms
9ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=12186
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 6063 5 KB
6 KB 76ms
19ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=79152487&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: b61e33b27c79244c6121e22eb8887dd61d2d17833ae22d8a3524cce56f54fbd4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame B819 112 KB
40 KB 70ms
49ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73c6f67924440e537bf7df79a8a765e0d9c78a0c69a559d12b436fe8431341b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40456
x-xss-protection: 0
server: cafe
etag: 7416604641496635905
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:18:26 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 99ms
99ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:26 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 4C84 112 KB
40 KB 83ms
73ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73c6f67924440e537bf7df79a8a765e0d9c78a0c69a559d12b436fe8431341b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40456
x-xss-protection: 0
server: cafe
etag: 7416604641496635905
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:18:26 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 100ms
100ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:26 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 2009 112 KB
40 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73c6f67924440e537bf7df79a8a765e0d9c78a0c69a559d12b436fe8431341b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40456
x-xss-protection: 0
server: cafe
etag: 7416604641496635905
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:18:26 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 99ms
99ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:26 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 399C 0
0 20ms
20ms Image
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4a...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4...
https://mwzeom.zeotap.com/mw?google_gid=CAESEAlQsBMFZdBzR602NC_x7b4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d...

95 B
154 B

41ms
40ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEAlQsBMFZdBzR602NC_x7b4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf315dfda3760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEAlQsBMFZdBzR602NC_x7b4&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=95aeeaf2-5205-42ae-b575-4a7bd4e38e02&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d...

95 B
153 B

51ms
44ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=95aeeaf2-5205-42ae-b575-4a7bd4e38e02&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf315cfcb3760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?cid=95aeeaf2-5205-42ae-b575-4a7bd4e38e02&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame 399C 0
331 B 99ms
20ms Image
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db...
https://mwzeom.zeotap.com/mw?cid=61af09cb-dd21-4f9d-9184-bbdba37c3861&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d...

95 B
165 B

46ms
36ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=61af09cb-dd21-4f9d-9184-bbdba37c3861&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf3154f273760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=61af09cb-dd21-4f9d-9184-bbdba37c3861&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame 399C 0
161 B 41ms
15ms Image
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: nginx
x-timer: S1633324706.094054,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19145-FRA

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 399C 0
411 B 444ms
105ms Image
text/html 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Content-Type: text/html
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 399C 0
41 B 22ms
19ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d%26reqId%3Db67e3d70-5b0d-4f4d-4af7-d3f27be6185e%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=136...
https://mwzeom.zeotap.com/mw?cid=d2f53369-ea37-4e66-87b0-9f0a242fbc97&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
154 B

35ms
35ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=d2f53369-ea37-4e66-87b0-9f0a242fbc97&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf316f9d13760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=d2f53369-ea37-4e66-87b0-9f0a242fbc97&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=43376781923549376120860843583883158010&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-...

95 B
154 B

36ms
35ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=43376781923549376120860843583883158010&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf316e9b83760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

DCS: dcs-prod-irl1-2-v018-0976a801b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: EkS6bl9PRnE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=43376781923549376120860843583883158010&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 /
loadeu.exelator.com/load/ Frame 399C 0
324 B 137ms
29ms Image
text/plain 54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021100407-49327-0.010154001633324705-62765b986f99c87be62fbcd070bf5de9&zdid=533&env=mWeb

95 B
154 B

38ms
35ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021100407-49327-0.010154001633324705-62765b986f99c87be62fbcd070bf5de9&zdid=533&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf316283b3760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021100407-49327-0.010154001633324705-62765b986f99c87be62fbcd070bf5de9&zdid=533&env=mWeb
Date: Mon, 04 Oct 2021 05:18:25 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=7015076196022155412&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-...

95 B
153 B

41ms
34ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=7015076196022155412&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf315cfc83760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=7015076196022155412&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 399C
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d

95 B
425 B

22ms
15ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=6GJXONT6zJcddnXGCMnxG.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f...

95 B
154 B

37ms
36ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=6GJXONT6zJcddnXGCMnxG.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf316486b3760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
last-modified: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=6GJXONT6zJcddnXGCMnxG.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame 399C 36 B
378 B 72ms
10ms Image
image/gif 89.163.159.109
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 89.163.159.109 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
https://mwzeom.zeotap.com/mw?pid=b949f7e4d7350faae4343e1e4eda5704&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b...

95 B
154 B

42ms
39ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=b949f7e4d7350faae4343e1e4eda5704&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf3178a743760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=b949f7e4d7350faae4343e1e4eda5704&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
cache-control: no-cache
x-server: 10.45.10.167
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-x9m8MIFE2opC3ZzPmhm2NzObnlVeM4.nKA--~A&zpartnerid=570&env=mWeb

95 B
154 B

38ms
38ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-x9m8MIFE2opC3ZzPmhm2NzObnlVeM4.nKA--~A&zpartnerid=570&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf316f9d23760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

date: Mon, 04 Oct 2021 05:18:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-x9m8MIFE2opC3ZzPmhm2NzObnlVeM4.nKA--~A&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=UfcHTAS5kp3WG83tVxq%2BLBZiDLAytUlU%2BS41iYitP1U%3D

95 B
154 B

52ms
38ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=UfcHTAS5kp3WG83tVxq%2BLBZiDLAytUlU%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf3154f253760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=UfcHTAS5kp3WG83tVxq%2BLBZiDLAytUlU%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame 399C 43 B
324 B 43ms
16ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 399C 0
338 B 111ms
29ms Image
text/plain 54.229.245.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.245.122 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-245-122.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: private, no-cache, no-store
x-request-time: D=36 t=1633324706
x-served-by: beacon-n017-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 399C 95 B
360 B 17ms
16ms Image
image/png 168.119.146.39
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.39.146.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YVqOogAAAdGMFQAT&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f...

95 B
154 B

37ms
37ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YVqOogAAAdGMFQAT&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&_test=YVqOogAAAdGMFQAT
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf3177a563760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1633324706.396770,VS0,VE0
x-served-by: cache-cdg20745-CDG
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YVqOogAAAdGMFQAT&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&_test=YVqOogAAAdGMFQAT
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d7...

95 B
154 B

38ms
38ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf316f9cd3760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 399C
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6...

0
337 B

36ms
36ms

Image
text/plain

54.229.245.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.245.122 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-245-122.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: private, no-cache, no-store
x-request-time: D=44 t=1633324706
x-served-by: beacon-n020-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
date: Mon, 04 Oct 2021 05:18:26 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a011-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 399C
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4db...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4db...

43 B
645 B

33ms
33ms

Image
image/gif

52.95.126.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&dcc=t

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.95.126.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GQ48VQ4S92MPVTYWQ1A4
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KP2DRGRX2EXTW2JJC5VR
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://tags.bluekai.com/site/87734?id=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
153 B

35ms
35ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf317fae13760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Mon, 04 Oct 2021 05:18:26 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: fa57
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 399C
Redirect Chain

https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D986...
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361

95 B
153 B

37ms
36ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 698bf317cab23760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
date: Mon, 04 Oct 2021 05:18:26 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 399C 557 B
499 B 39ms
38ms Script
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5d5ec66284c16042a63fce69599d2bcb60e2fe187b3f608d00d7ba051eb22d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

cf-ray: 698bf314fed13760-MXP
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: MISS
last-modified: Mon, 04 Oct 2021 05:18:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame CBB6 91 KB
30 KB 72ms
71ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 30050
expires: Mon, 18 Oct 2021 05:18:26 GMT

GET
DATA 200
OK truncated
/ Frame CBB6 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame CBB6 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet3.woff
contextual.media.net/__media__/fonts/bullet3/ Frame CBB6 2 KB
2 KB 22ms
20ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet3/bullet3.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1688
expires: Tue, 05 Oct 2021 05:18:26 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3420
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VDN0NXTFEtOC01Q0ZX

170 B
188 B

22ms
20ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VDN0NXTFEtOC01Q0ZX

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VDN0NXTFEtOC01Q0ZX
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 3420
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/R6RNNNM75wFELEvlm0GPzw?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1214158853110736051

0
239 B

9ms
8ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1214158853110736051
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

date: Mon, 04 Oct 2021 05:18:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1214158853110736051
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 3420 70 B
264 B 33ms
31ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 3420
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b680615a-8ea2-4f00-945d-71feb978de18

0
239 B

45ms
9ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b680615a-8ea2-4f00-945d-71feb978de18
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b680615a-8ea2-4f00-945d-71feb978de18
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 3420
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAT8xCObdukiGU0kSwKvl6A&google_cver=1

0
239 B

36ms
9ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAT8xCObdukiGU0kSwKvl6A&google_cver=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAT8xCObdukiGU0kSwKvl6A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3420
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY3ZWYyYWM0MzM5YzJjNzJmOTdlZjUzYTkwOTRiNDhjMGUwY2YyNQ

170 B
188 B

23ms
21ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY3ZWYyYWM0MzM5YzJjNzJmOTdlZjUzYTkwOTRiNDhjMGUwY2YyNQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY3ZWYyYWM0MzM5YzJjNzJmOTdlZjUzYTkwOTRiNDhjMGUwY2YyNQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 3420
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YVqOogAGdCGUvQA6
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YVqOogAGdCGUvQA6&_test=YVqOogAGdCGUvQA6

0
239 B

7ms
7ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YVqOogAGdCGUvQA6&_test=YVqOogAGdCGUvQA6
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1633324706.325175,VS0,VE0
x-served-by: cache-cdg20745-CDG
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YVqOogAGdCGUvQA6&_test=YVqOogAGdCGUvQA6
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 3420
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUC7CWLQ-8-5CFW&sigv=1&esig=2~ee248cddc03efab4adaaaeaa68ed86fdf6f0692b

0
445 B

46ms
9ms

Image
text/plain

2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUC7CWLQ-8-5CFW&sigv=1&esig=2~ee248cddc03efab4adaaaeaa68ed86fdf6f0692b

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUC7CWLQ-8-5CFW&sigv=1&esig=2~ee248cddc03efab4adaaaeaa68ed86fdf6f0692b
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame E4A4
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9

35 B
467 B

21ms
21ms

Document
image/gif

37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?CC=1&party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=8434512423503908270; expires=Fri, 03 Dec 2021 05:18:26 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=45F6F188-76D0-4A54-A484-5B43058467E9
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Thu, 04 Nov 2021 05:18:26 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 6949
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2946499760491409008

42 B
210 B

23ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2946499760491409008
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2946499760491409008
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PugT=1633324705; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:25 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-2946499760491409008; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:25 GMT; path=/ PugT=1633324705; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:25 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:25 GMT; path=/
x-lat: amspug018:0:326
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2946499760491409008
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 0833 43 B
334 B 81ms
17ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 04 Oct 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 248816

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4A78
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7015076196023859353

42 B
211 B

19ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7015076196023859353
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7015076196023859353
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; SPugT=1633324705; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; PugT=1633324705
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-7015076196023859353; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:26 GMT; path=/ PugT=1633324706; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:26 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:26 GMT; path=/
x-lat: lhrpug020:0:396
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Mon, 04 Oct 2021 05:18:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=7015076196023859353; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7015076196023859353

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame 30C4
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFRdURVN0N0UjBBQURJZjJ3UWhpQQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAQuDU7CtR0AADIf2wQhiA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAQuDU7CtR0AADIf2wQhiA&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAQuDU7CtR0AADIf2wQhiA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...

43 B
163 B

68ms
23ms

Document
image/gif

185.86.138.142
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAQuDU7CtR0AADIf2wQhiA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.142 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Cookie: TestIfCookieP=ok; pbw=%24b%3d16930%3b%24o%3d11100
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAQuDU7CtR0AADIf2wQhiA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame F615
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
243 B

83ms
17ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html; charset=utf-8
x-lat: lhrpug005:2:400
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=ee66b9a6-dedc-4a13-8410-e320e602def5; path=/; domain=csync.loopme.me; Expires=Thu, 04-Nov-2021 05:18:26 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Mon, 04 Oct 2021 05:18:26 GMT
server: _

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0D9F
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=449581031
https://sync.1rx.io/usersync/tradedesk/61af09cb-dd21-4f9d-9184-bbdba37c3861
https://sync.targeting.unrulymedia.com/csync/RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003

42 B
271 B

19ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; SPugT=1633324705; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; PugT=1633324706; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:26 GMT; path=/ PugT=1633324706; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:26 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:26 GMT; path=/
x-lat: lhrpug009:0:467
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003%22%7D; path=/; expires=Tue, 04 Oct 2022 05:18:26 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
etag: RXefc3ff48edad484bb7b5b038c1c16661003

GET
H2 200 dpe Show response
ad4m.at/ad/ Frame AAF7 42 B
975 B 93ms
37ms Document
image/gif 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif
content-length: 42
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7b12
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf315ac9659f5-MXP

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 1976
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rjaiPUFD7dLJKfpVBHkrXlr-

42 B
526 B

46ms
12ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rjaiPUFD7dLJKfpVBHkrXlr-
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rjaiPUFD7dLJKfpVBHkrXlr-
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:25 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:25 GMT; path=/ PugT=1633324705; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:25 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:25 GMT; path=/
x-lat: amspug010:0:399
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=rjaiPUFD7dLJKfpVBHkrXlr-; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rjaiPUFD7dLJKfpVBHkrXlr-
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 9C01 43 B
408 B 77ms
18ms Document
image/gif 63.251.232.170
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.251.232.170 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS: ams-mon-1.sys.adgear.com
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-2
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 1C19
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
417 B

200ms
190ms

Document
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: ANON_ID=aFnoeUrZcAQoBqErd4lNCuXZccTV4qyyVbNVvwAyP4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aRnseFPME7fQmKvCiHhdAAYkjpsOsu7C90VbZaGZbds7CqQhXbjDJp4Zcw29FaZa6sq9cGsnfZa04XDRdvkAhV5v4; path=/; domain=.tribalfusion.com; expires=Sun, 02-Jan-2022 05:18:26 GMT; SameSite=None; Secure; ANON_ID_old=aRnseFPME7fQmKvCiHhdAAYkjpsOsu7C90VbZaGZbds7CqQhXbjDJp4Zcw29FaZa6sq9cGsnfZa04XDRdvkAhV5v4; path=/; domain=.tribalfusion.com; expires=Sun, 02-Jan-2022 05:18:26 GMT;
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf316ea925a43-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 307
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aFnoeUrZcAQoBqErd4lNCuXZccTV4qyyVbNVvwAyP4; path=/; domain=.tribalfusion.com; expires=Sun, 02-Jan-2022 05:18:26 GMT; SameSite=None; Secure; ANON_ID_old=aFnoeUrZcAQoBqErd4lNCuXZccTV4qyyVbNVvwAyP4; path=/; domain=.tribalfusion.com; expires=Sun, 02-Jan-2022 05:18:26 GMT;
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf315a8a35a43-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame CBB2 0
44 B 293ms
94ms Document
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.deepintent.com
:scheme: https
:path: /usersync/141?gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-length: 0
date: Mon, 04 Oct 2021 05:18:25 GMT
server: b

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 887E
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
147 B

51ms
15ms

Document
text/plain

151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: t_gid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
x-served-by: cache-hhn4052-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1633324706.201608,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422;Version=1;Path=/;Domain=.taboola.com;Expires=Tue, 04-Oct-2022 05:18:26 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
x-served-by: cache-fra19145-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1633324706.137145,VS0,VE9
x-vcl-time-ms: 9
content-length: 0

GET
H2 200 um Show response
u-ams02.e-planning.net/ Frame 23F6 42 B
103 B 23ms
13ms Document
image/gif 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=1499e6f6da76f6d7&uid=45F6F188-76D0-4A54-A484-5B43058467E9
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:method: GET
:authority: u-ams02.e-planning.net
:scheme: https
:path: /um?dc=a208d9366469aa64&fi=1499e6f6da76f6d7&uid=45F6F188-76D0-4A54-A484-5B43058467E9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: E=AGqYWGPljfJO7od9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: openresty
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6063
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RfbxiHbQSlSkhFtDBYRn6Q%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

26ms
18ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=58960
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Mon, 04 Oct 2021 21:41:06 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b27c615a-8ea2-4300-a94d-7dd13f529681

0
128 B

48ms
19ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b27c615a-8ea2-4300-a94d-7dd13f529681
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b27c615a-8ea2-4300-a94d-7dd13f529681
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2

200

/
spl.zeotap.com/ Frame 6063
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=45F6F188-76D0-4A54-A484-5B43058467E9
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=b949f7e4d7350faae4343e1e4eda5704
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=61af09cb-dd21-4f9d-9184-bbdba37c3861&icm
https://spl.zeotap.com/?zdid=1332&zcluid=fe3fa19725ad8b7a

95 B
558 B

38ms
38ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spl.zeotap.com/?zdid=1332&zcluid=fe3fa19725ad8b7a
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 698bf3181b153760-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://spl.zeotap.com?zdid=1332&zcluid=fe3fa19725ad8b7a
content-length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDVGNkYxODgtNzZEMC00QTU0LUE0ODQtNUI0MzA1ODQ2N0U5&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
187 B

54ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:24 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:326
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEj2fSSFWrUTYm-RZawbQLw&google_cver=1

42 B
284 B

54ms
13ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEj2fSSFWrUTYm-RZawbQLw&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:280
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEj2fSSFWrUTYm-RZawbQLw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 6063 43 B
612 B 84ms
17ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 03 Oct 2021 05:18:26 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=0&gdpr_consent=

42 B
512 B

65ms
17ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug003:0:519
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x8 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8434512423503908270

42 B
234 B

19ms
19ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8434512423503908270
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug019:0:553
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8434512423503908270
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=61af09cb-dd21-4f9d-9184-bbdba37c3861

42 B
294 B

69ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=61af09cb-dd21-4f9d-9184-bbdba37c3861
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:526
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=61af09cb-dd21-4f9d-9184-bbdba37c3861
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7101365080612594597&gdpr=0&gdpr_consent=

42 B
227 B

78ms
13ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7101365080612594597&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
cache-control: no-store, no-cache, private
x-lat: amspug012:0:405
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2d5f2f1e-9697-4591-9cd5-90b9483f0c06
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7101365080612594597&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU

42 B
429 B

18ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:380
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=45F6F188-76D0-4A54-A484-5B43058467E9&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-bOG56zZE2uUKTsyAnrzkTlHbG8_KAqQ-~A&gdpr=0&gdpr_consent=

0
260 B

86ms
19ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-bOG56zZE2uUKTsyAnrzkTlHbG8_KAqQ-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-bOG56zZE2uUKTsyAnrzkTlHbG8_KAqQ-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 45F6F188-76D0-4A54-A484-5B43058467E9
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6063 43 B
925 B 105ms
31ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/45F6F188-76D0-4A54-A484-5B43058467E9?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=43085f65-9c54-44c0-b968-2e70d833898f&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=31ba348f-e282-4377-8dde-51ff007e8204&gdpr=&gdpr_consent=&gdpr_pd=

1 B
181 B

19ms
18ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=31ba348f-e282-4377-8dde-51ff007e8204&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:348
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=31ba348f-e282-4377-8dde-51ff007e8204&gdpr=&gdpr_consent=&gdpr_pd=
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 6063 0
103 B 37ms
13ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=45F6F188-76D0-4A54-A484-5B43058467E9&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame 6063
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...

85 B
160 B

16ms
15ms

Image
image/png

151.101.66.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YVqOogAGcOmLoQAT
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
age: 1219
x-served-by: cache-cdg20745-CDG
x-cache: HIT
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-timer: S1633324706.387632,VS0,VE0
content-length: 85
x-cache-hits: 2570

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1633324706.231746,VS0,VE80
x-served-by: cache-cdg20745-CDG
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YVqOogAGcOmLoQAT
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8098457199015951012&gdpr=0&gdpr_consent=&us_privacy=

1 B
167 B

19ms
19ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8098457199015951012&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug017:0:580
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8098457199015951012&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
203 B

15ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:25 GMT
cache-control: no-store, no-cache, private
x-lat: amspug011:0:408
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a4778579-b97f-4882-827a-599cff13ad07&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
110 B

19ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a4778579-b97f-4882-827a-599cff13ad07&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:390
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a4778579-b97f-4882-827a-599cff13ad07&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6063
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7101365080612594597

42 B
110 B

19ms
19ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7101365080612594597
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:381
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 40ef84ab-2f58-4778-abe0-832f2fa74c6f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7101365080612594597
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame 6063 35 B
238 B 108ms
28ms Image
image/gif 52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-175-241.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 65AD 70 B
264 B 38ms
29ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 65AD
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVqOomglqcq9MacdpjW8DAAABL8AAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&dcc=t

43 B
645 B

106ms
106ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&dcc=t

Requested by

Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 630YPV06ZTC1P1SSDF91
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: QX66GP6SJQGKP9AGKDD8
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 65AD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGoKnQ2opimWT7YCHC299iY&google_cver=1

43 B
315 B

80ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGoKnQ2opimWT7YCHC299iY&google_cver=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGoKnQ2opimWT7YCHC299iY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 65AD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YVqOomglqcq9MacdpjW8DAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMmWm5KYbMeF7H36PP3Rqrs&google_cver=1&gdpr=1

43 B
1009 B

30ms
29ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMmWm5KYbMeF7H36PP3Rqrs&google_cver=1&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMmWm5KYbMeF7H36PP3Rqrs&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 65AD
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635916706

43 B
982 B

34ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635916706
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:25 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635916706
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 65AD
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=a_TuHWWguk9w9ukYbqb2HW6j7URwpL1JOfcRizOW

43 B
1 KB

35ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=a_TuHWWguk9w9ukYbqb2HW6j7URwpL1JOfcRizOW
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=a_TuHWWguk9w9ukYbqb2HW6j7URwpL1JOfcRizOW
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 65AD
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1633411106&gdpr=1

43 B
315 B

83ms
25ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1633411106&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1633411106&gdpr=1
pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET index
dmp.brand-display.com/cm/api/ Frame 65AD 0
0

GET
H2 200 um
u-ams02.e-planning.net/ Frame 65AD 42 B
103 B 22ms
15ms Image
image/gif 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=1499e6f6da76f6d7&uid=YVqOomglqcq9MacdpjW8DAAA%261215
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1499e6f6da76f6d7%26uid%3D&s=190243&C=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
server: openresty
content-type: image/gif

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/ Frame B819 257 KB
95 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ece2f1e49029966317aca28a7ef0c89f3149eb3a5aad1b279d84f14002511cff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97133
x-xss-protection: 0
server: cafe
etag: 9661851892806363187
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 204 cmp
spl.zeotap.com/ Frame 399C 0
0 44ms
34ms Document
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding: gzip, deflate, br
cookie: zc=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d; zsc=H%D3%2A%12h%25S%F9m%01p%09%3D%A9%BB%D9%A1h%9D%11%C6%CFr%F4%26i%3B%10%E0-%94%96%E0%B2r~%28%A9sZ%9F%CAZ%D0%BAkD%90%2A2%2B%18%90%A8%11%A9%1D%D7%87%DC%7F+nz%DDyI%3A%606%83%08%E4+%89f%E5%3AI%A2Du%14%D8M%DB%A9%11%1D%E5y%25%D8%DAT.%D0%10%5D%85v%2C%99%7D%3EU%9D%0E%C6%99t%15%7F%1C%AE%AB%DEb%3E%3B%11%AEr%E5j%AF%E9%91%9D%0C%B3D%159%0F%B01%99CY%07Y%049%02%92%0C7mO%1C%0B%0D%CD%B1%F5W%DE%D8%B1j%A5%25%DC%5D4%9B%DA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf3159f983760-MXP

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/ Frame 2009 257 KB
95 KB 44ms
37ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ece2f1e49029966317aca28a7ef0c89f3149eb3a5aad1b279d84f14002511cff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97133
x-xss-protection: 0
server: cafe
etag: 9661851892806363187
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/ Frame 4C84 257 KB
95 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ece2f1e49029966317aca28a7ef0c89f3149eb3a5aad1b279d84f14002511cff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97133
x-xss-protection: 0
server: cafe
etag: 9661851892806363187
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 T2.min.js Show response
resources-rt.idx.lat/ Frame E981 18 KB
7 KB 99ms
23ms Script
application/javascript 2606:4700:10::ac43:1cda
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources-rt.idx.lat/T2.min.js
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/loader?id=1473
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1cda , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1326c88d831faec75944c75ab8fb61c5e5c18ade4c6a3fa2de16baafdc64ec97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 b0fb64973ef509b9c9508897337515c3.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 6688
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Tue, 14 Sep 2021 17:49:35 GMT
server: cloudflare
etag: W/"0e27aee1b6a9fa35cb3b3bbcfd005aaf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-pop: MXP64-C3
cf-ray: 698bf3162d793756-MXP
x-amz-cf-id: QCknl0Y1e-uiGNkT9jYtfKLEmKgGR8Bf3ppWoCmV6WzjZ0SKLv7nfA==

GET
H2

200

api Show response
api.retargetly.com/ Frame DE31
Redirect Chain

https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pi...
https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pi...

2 KB
1 KB

131ms
131ms

Document
text/html

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/loader?id=1473
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b58849a9a49aac3edc65a710bfa7efbea1b997fb97e20474d3c174b212733ee0

Request headers

:method: GET
:authority: api.retargetly.com
:scheme: https
:path: /api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
accept-encoding: gzip, deflate, br
cookie: _rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html
set-cookie: _rlid=261ac543-2adb-46bf-9c41-9941b3f94d90; domain=.retargetly.com; path=/; expires=Sat, 02 Apr 2022 05:18:26 GMT; SameSite=None; Secure _rlsnc=0; domain=.retargetly.com; path=/; expires=Mon, 04 Oct 2021 05:18:26 GMT; SameSite=None; Secure _rlmp1=2||1633324706&&9||1633324706&&10||1633324706&&11||1633324706&&13||1633324706&&14||1633324706&&15||1633324706&&22||1633324706&&23||1633324706&&24||1633324706&&27||1633324706&&39||1633324706&&51||1633324706&&63||1633324706; domain=.retargetly.com; path=/; expires=Sat, 02 Apr 2022 05:18:26 GMT; SameSite=None; Secure
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf3167f16f92f-MXP
content-encoding: gzip

Redirect headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: application/javascript
set-cookie: _rlid=261ac543-2adb-46bf-9c41-9941b3f94d90; domain=.retargetly.com; path=/; expires=Sat, 02 Apr 2022 05:18:26 GMT; SameSite=None; Secure _rlsnc=0; domain=.retargetly.com; path=/; expires=Mon, 04 Oct 2021 05:18:26 GMT; SameSite=None; Secure
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
pragma: no-cache
expires: 0
location: /api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf315aea1f92f-MXP

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame 3321 91 KB
30 KB 44ms
43ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 30050
expires: Mon, 18 Oct 2021 05:18:26 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame CBB6 15 B
216 B 34ms
27ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633324704802031189952001740&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRMc6MBiOpUfjd6GjmFqdSlX8Cm0SfMMmJPQLWZSbEMkb8_chNrW_2j1rrRfKodR70O66YWpRClgy6-EGXYWvLYU%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=RSBTMsOkPqyZPnp5XOM_9UKYRrAHngyGJtoEzamHNRgPs6EHLNY7zirqvFcNbm-uwKdLhtzU3oI9zoZSRgYVV4nMIsid6rAP7GhzuOfW8gzjQlqKIGWRgiyNb0_qm1R9OVadkfQGaRxYh2NtaQIg5oplqLQ1db5vsI3HRYyKNgo7SJEzkRsvi5VKD6dSmDfxn3b6GS5RnKAoSVVzld-71of7Bn0bsyFled4PWlRwWCs%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CBuAo4uYpv0ijUpJ8sMAAw-FglnbfpPwtTb08T_sSIxplvmegtWK5itdEonDVSQtJowwi4KPpF1NhIdbsuDFNc3jiTEwoTiosH7YGhFWbTdc%3D%7CN7fu2vKt8_s%3D%7C4PqDVPdbVolcSYcksAYGT0qKOFRzS7EXZxudMw-Wa4Ya9fMBDO4YeDnLKZacy4RLAs10WG8BiW4QPgN6GiMGi6ZFCYy6hmvOHYzG2MDbECHDMbYVR6JlmfQVcj6Csx_BOuqUb8vX1FTjk0_gwQoT_CNNmEKOY_X9LXmveBnaGD-169XedHw9H-ezsp99HZG3p8ZzUapE8bouUYxhnhrytw%3D%3D%7C&hint=&td=&cc=DE&wsip=170721603&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=330153303&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D1%7C%7Crpc%3D0.40%7C%7Clvl%3D1.00&ktd[]=288232850069716992&kwd[]=Malware%20Free%20Download&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=210330434&kbc2[]=clust%3D-1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D5%7C%7Crpc%3D0.04%7C%7Clvl%3D1.00&ktd[]=1441154354676563968&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=329809631&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D1%7C%7Crpc%3D0.75%7C%7Clvl%3D1.17&ktd[]=288232850069716992&kwd[]=Practical%20Malware%20Analysis&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329811000&kbc2[]=clust%3D-1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D1%7C%7Crpc%3D0.31%7C%7Clvl%3D1.00&ktd[]=288233399825530880&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329649619&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D1%7C%7Crpc%3D0.37%7C%7Clvl%3D1.00&ktd[]=288232850069716992&rand=1633324706237&cid=8CU5BD6EW&vwid=1633324704161581815&vi=1633324704161581815&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_lhl=951&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633324704802&upk=1633324705.13938&hvsid=00001633324704802031189952001740&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&pid=8PO9OT5EW&katen=1&pc=23&vgd_pgid=p02109659104t202110040518&matm=1633324706243&vgd_ltime=1453&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=807619797&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D23&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721394&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=3117&vgd_ren_page_h=5325&vgd_cty=FRANKFURT&vgd_l1hcsd=A10%7C6515&vgd_sethcsd=A32%7C6517&vgd_cfud=200313&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633324704161581815%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f122875%252fmalware%252fta544-ursnif-campaigns-italy.html%26%26katid%3D807619797%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:26 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 04 Oct 2021 05:18:26 GMT

POST
H2 200 log
navvy.media.net/ Frame CBB6 35 B
120 B 152ms
149ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
DATA 200
OK truncated
/ Frame 3321 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3321 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Lato-Regular.woff
contextual.media.net/__media__/fonts/Lato-Regular/ Frame 3321 37 KB
38 KB 22ms
21ms Font
font/woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/Lato-Regular/Lato-Regular.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b7c2309c6e08de495b618ca1d7325a767ce1f1921447efad9eb29fb42824d611

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 38240
expires: Tue, 05 Oct 2021 05:18:26 GMT

GET
H2 200 bullet16.woff
contextual.media.net/__media__/fonts/bullet16/ Frame 3321 2 KB
2 KB 28ms
28ms Font
font/woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet16/bullet16.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 2000
expires: Tue, 05 Oct 2021 05:18:26 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame B819 208 B
662 B 67ms
15ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

cce39de614a5c43a7f42c2e59c3572f68beff1a3d98fae5cc5f28cf9c9e0027a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame B819 107 B
853 B 93ms
25ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame B819 107 B
570 B 90ms
22ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1280 99 KB
29 KB 486ms
431ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6bbe603756885c9620ae02a349548044dc9170f0c47227f83ebfed9f4388a0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUky6wmsUS8yhBPd4GBD4HO9Jb94KY75ddE03TDl0SGcb1OotS2Ln0yJCPUllAo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 04 Oct 2021 05:18:26 GMT
server: cafe
content-length: 30094
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 3321 15 B
216 B 28ms
27ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633324704851031189952005846&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRMc6MBiOpUfjd6GjmFqdSlX8Cm0SfMMmJPQLWZSbEMkb8_chNrW_2j0-yP6KNGj9m_rbzBekjBajCYUfnO1OUzA%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=W-WrbjnUWoSgKupIroACYfmquVQJeUvq_m-2COgRU-ZnwHV1AKAOO54MTT4aMPMVQtjQNc7PkkgXOLYpsF-Y4MIHVyNrYNh2puoeIkGq4cUyPuKTq0J9U5D8wDpJ0rFxofwNCz3325YL-xZVz4sHNnX_d9OUSZkjQk9JKLIske551fMhs6r5LnFN0IW_1J1EnpVGQY0Hr_RH1cElPWjEv-6WlU-dnLJ40Z0eN64cjog%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CBuAo4uYpv0ijUpJ8sMAAw-FglnbfpPwtTb08T_sSIxplvmegtWK5itdEonDVSQtJowwi4KPpF1NhIdbsuDFNc3jiTEwoTiosH7YGhFWbTdc%3D%7CN7fu2vKt8_s%3D%7C0s1O5RtgMNJgjLTYviphzKhf0XSadbrJ-i3jT0fa0eUSs3asi9bOn8RMR3sYsqoWXnDzO86k8J09_rrUcFJrg_LzZVOoPCBAKR__IsV8Ixq93o41h2eGDQhEkwkeVkmlzXjyyCTKesHcFAuuX0muZmudCDfhv6L24HgZEIb-0OUkHr-wHpxalkrkLUvdjCV-aItjwB8i81rdTqAjBxPopEyFBTOU-6wn%7C&hint=&td=&cc=DE&wsip=170721355&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=439&kwd[]=Top%20Anti%20Virus%20Softwares%20in%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=330164244&kbc2[]=rps%3D0.19%7C%7Cps%3D1.014%7C%7Crpc%3D0.13%7C%7Clvl%3D1.00&ktd[]=824650629376&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=329900794&kbc2[]=rps%3D0.26%7C%7Cps%3D1.014%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Ways%20to%20Detect%20Computer%20Malware&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=329812251&kbc2[]=rps%3D0.27%7C%7Cps%3D1.014%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Anti%20Spyware%20Malware&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=1917616&kbc2[]=rps%3D0.27%7C%7Cps%3D1.014%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=824650629376&kwd[]=Advance%20Malware%20Protection&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329807601&kbc2[]=rps%3D0.28%7C%7Cps%3D1.014%7C%7Crpc%3D0.03%7C%7Clvl%3D1.00&ktd[]=824650629376&rand=1633324706394&cid=8CU5BD6EW&vwid=1633324704786610529&vi=1633324704786610529&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633324704178306170&vgd_l1rhst=contextual.media.net&vgd_lhl=956&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633324704851&upk=1633324705.13938&hvsid=00001633324704851031189952005846&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=2&vgd_pgid=p02109659104t202110040518&matm=1633324706397&vgd_ltime=1549&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=801338178&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D2&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721401&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=5325&vgd_cty=FRANKFURT&vgd_l1hcsd=A10%7C6515&vgd_sethcsd=A32%7C6517&vgd_cfud=200309&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633324704786610529%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f122875%252fmalware%252fta544-ursnif-campaigns-italy.html%26%26katid%3D801338178%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:26 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 04 Oct 2021 05:18:26 GMT

POST
H2 200 log
navvy.media.net/ Frame 3321 35 B
97 B 149ms
149ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 2009 208 B
261 B 19ms
19ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4c22ce63c1d32630eecac6a1662273f02e3447d9c6d4a7b8f1e7914d60735910

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2009 107 B
165 B 45ms
32ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2009 107 B
165 B 44ms
32ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

afr.php Show response
served-by.pixfuture.com/www/delivery/ Frame 2C85
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90-0.30&adk=1270502169&adf=1480696190&pi=t.ma~as.Internal_728x90-0.30&w=728&lmt=...
https://served-by.pixfuture.com/www/delivery/afr.php

1 KB
1 KB

99ms
99ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

:method: GET
:authority: served-by.pixfuture.com
:scheme: https
:path: /www/delivery/afr.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: nginx/1.10.3 (Ubuntu)
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=172800 public, no-transform
pragma: no-cache
expires: Wed, 06 Oct 2021 05:18:26 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://served-by.pixfuture.com/www/delivery/afr.php
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 04 Oct 2021 05:18:26 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cc.js Show response
tags.crwdcntrl.net/c/15238/ Frame E981 38 KB
11 KB 41ms
8ms Script
application/json 18.66.97.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 04 Oct 2021 04:48:00 GMT
content-encoding: gzip
last-modified: Thu, 02 Jul 2020 15:35:12 GMT
server: AmazonS3
age: 1827
etag: W/"2b2f816f40499d384e118ce88a266e02"
vary: Accept-Encoding
x-edge-origin-shield-skipped: 0
content-type: application/json
via: 1.1 367a4718be97a49df7ac0500a986437b.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: KX9zHFdrKmqyyZxMDsQbmgt21JabsoTFBN9yHITrTtP6WzflV3welg==

GET
H2 200 sirdata_03022021.html Show response
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 7D10 636 B
577 B 17ms
15ms Document
text/html 5.178.65.252
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

:method: GET
:authority: s.e-planning.net
:scheme: https
:path: /esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
cookie: E=AGqYWGPljfJO7od9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

server: openresty
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html
last-modified: Wed, 03 Feb 2021 21:18:20 GMT
etag: W/"601b131c-27c"
expires: Sat, 03 Oct 2026 05:18:26 GMT
cache-control: max-age=157680000
access-control-allow-origin: *
content-encoding: gzip

GET
H2 200 e-planning Show response
sync.quantumdex.io/usersync/ Frame 1261 2 KB
955 B 221ms
165ms Document
text/html 2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/e-planning
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04d082f9878466f1bc9482a4d668c9f74f8c83d192eb0173116e66704c085946

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/e-planning
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.us.e-planning.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html
set-cookie: uid=b72d222b-8bd9-4151-95f1-5330b07b5ed7; expires=Sun, 24 Oct 2021 05:18:26 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698bf3179faf3758-MXP
content-encoding: gzip

GET
H/1.1 200
OK Cookie set setuid Show response
prebidserver.pixfuture.com/ Frame 5D25 0
524 B 298ms
99ms Document
text/html 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AGqYWGPljfJO7od9
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: prebidserver.pixfuture.com:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.us.e-planning.net/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 04 Oct 2021 05:18:26 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: uids=eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQUdxWVdHUGxqZkpPN29kOSIsImV4cGlyZXMiOiIyMDIxLTEwLTE4VDA1OjE4OjI2LjY3NDY0MDAxNloifX0sImJkYXkiOiIyMDIxLTEwLTA0VDA1OjE4OjI2LjY3NDYwNzg1OFoifQ==; Path=/; Expires=Sun, 02 Jan 2022 05:18:26 GMT; Secure; SameSite=None
Vary: Origin

GET
H2 200 conversion.js Show response
d.tailtarget.com/ Frame E981 15 KB
6 KB 16ms
9ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.tailtarget.com/conversion.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f3d70165d1438b13b94b2aebf55f853777b6f44c8ca0b3473728bfefa90b115f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 11:56:48 GMT
content-encoding: gzip
age: 62498
x-guploader-uploadid: ADPycdsdXT5-mBK0OoalqkB6tIzHPrHRKCH1esLYyxG3A8Rsgen6iUenYzDMCtuGXXHIP56QpQGKDbqGYwtyGV2JrYrjgDcayg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 6114
last-modified: Thu, 23 Sep 2021 17:37:36 GMT
server: UploadServer
etag: "c011d7eff3edda011a5511fb703d925a"
x-goog-hash: crc32c=I6Sd4w==, md5=wBHX7/Pt2gEaVRH7cD2SWg==
content-language: en
x-goog-generation: 1632418656103247
cache-control: public, max-age=86400,no-transform
x-goog-stored-content-length: 6114
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 04 Oct 2021 11:56:48 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 4C84 208 B
219 B 30ms
16ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

b7a5e3e39b58a244eeafae673509c534d45231161f91dfd367f13d5dc24806f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4C84 107 B
165 B 24ms
23ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4C84 107 B
165 B 23ms
22ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

afr.php Show response
served-by.pixfuture.com/www/delivery/ Frame C465
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.30&adk=2056284528&adf=1480696129&pi=t.ma~as.Internal_300x250_0._&w=300&lm...
https://served-by.pixfuture.com/www/delivery/afr.php

1 KB
1 KB

100ms
100ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

:method: GET
:authority: served-by.pixfuture.com
:scheme: https
:path: /www/delivery/afr.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: nginx/1.10.3 (Ubuntu)
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=172800 public, no-transform
pragma: no-cache
expires: Wed, 06 Oct 2021 05:18:26 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://served-by.pixfuture.com/www/delivery/afr.php
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 04 Oct 2021 05:18:26 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 / Show response
rt.idx.lat/idx/ Frame E981 890 B
1 KB 365ms
160ms Fetch
application/json 54.81.39.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rt.idx.lat/idx/
Requested by: Host: resources-rt.idx.lat
URL: https://resources-rt.idx.lat/T2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.81.39.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-39-163.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 8abd8abb88a920036a92c78b5f15e775365e4b59b43268a95b74eb3e0b5be725

Request headers

Referer: https://ads.us.e-planning.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
server: awselb/2.0
access-control-allow-methods: OPTIONS,POST
content-type: application/json
access-control-allow-origin: https://ads.us.e-planning.net
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-length: 890

OPTIONS
H2 200 /
rt.idx.lat/idx/ Frame 0
0 338ms
115ms Preflight
application/json 54.81.39.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rt.idx.lat/idx/
Protocol: H2
Server: 54.81.39.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-39-163.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://ads.us.e-planning.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: awselb/2.0
date: Mon, 04 Oct 2021 05:18:26 GMT
content-type: application/json
content-length: 0
access-control-allow-origin: https://ads.us.e-planning.net
access-control-allow-methods: OPTIONS,POST
access-control-allow-headers: content-type
access-control-allow-credentials: true

GET
H/1.1 200
OK GS.d Show response
js.cookieless-data.com/ Frame 7D10 0
535 B 67ms
19ms Script
text/plain 212.129.3.113
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1633324706523

Requested by

Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.129.3.113 Bry-sur-Marne, France, ASN12876 (Online SAS, FR),

Reverse DNS

212-129-3-113.rev.poneytelecom.eu

Software

nginx/1.11.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: nginx/1.11.3
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
Expires: Tue, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=retargetly_ddp&google_hm=MjYxYWM1NDMtMmFkYi00NmJmLTljNDEtOTk0MWIzZjk0ZDkw&google_cm
https://app.retargetly.com/sync?pid=11&google_gid=CAESEOgQI0mmP-v05nXz7AIrJCY&google_cver=1

68 B
436 B

141ms
132ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?pid=11&google_gid=CAESEOgQI0mmP-v05nXz7AIrJCY&google_cver=1
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf317ffe9f92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://app.retargetly.com/sync?pid=11&google_gid=CAESEOgQI0mmP-v05nXz7AIrJCY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/sync/ Frame DE31 1 KB
2 KB 32ms
32ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/js?mt_lim=12&sync=auto&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x27 config:1.0.0 /
Resource Hash: 5b673007be173eee0f493d1cf85fc6d6bec9415abc1ebfddadd9dac27b601edb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 1486
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame DE31 95 B
414 B 18ms
14ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=3012&partner_device_id=261ac543-2adb-46bf-9c41-9941b3f94d90&_rand=1633324706382

Requested by

Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://tags.bluekai.com/site/28347?limit=0&id=261ac543-2adb-46bf-9c41-9941b3f94d90&redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%24_BK_UUID%26pid%3D9
https://app.retargetly.com/sync?sid=$_BK_UUID&pid=9

68 B
521 B

125ms
125ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?sid=$_BK_UUID&pid=9
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf3190864f92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

Location: https://app.retargetly.com/sync?sid=$_BK_UUID&pid=9
Date: Mon, 04 Oct 2021 05:18:26 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 9ab9
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

200

sync
api.retargetly.com/ Frame DE31
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=83i98y4&ttd_tpi=1
https://api.retargetly.com/sync?pid=13&sid=61af09cb-dd21-4f9d-9184-bbdba37c3861

68 B
748 B

137ms
136ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.retargetly.com/sync?pid=13&sid=61af09cb-dd21-4f9d-9184-bbdba37c3861
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf3180ff5f92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://api.retargetly.com/sync?pid=13&sid=61af09cb-dd21-4f9d-9184-bbdba37c3861
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 189

GET
H2 204 usersync
pixel-sync.sitescout.com/connectors/retargetly/ Frame DE31 0
191 B 28ms
24ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/connectors/retargetly/usersync?redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%7BuserId%7D%26pid%3D23
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 cms
cms.analytics.yahoo.com/ Frame DE31 0
0 34ms
31ms Image
text/html 212.82.100.182
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms.analytics.yahoo.com/cms?partner_id=RTGLY
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.82.100.182 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS: spcms.pbp.vip.ir2.yahoo.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://secure.adnxs.com/getuid?https://app.retargetly.com/sync?sid=$UID&pid=2
https://app.retargetly.com/sync?sid=7101365080612594597&pid=2

68 B
460 B

142ms
133ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?sid=7101365080612594597&pid=2
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf317ffecf92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 55425cc6-ee60-4fd2-b418-b41a6af96f36
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://app.retargetly.com/sync?sid=7101365080612594597&pid=2
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://trc.taboola.com/sg/retargetly/1/cm
https://app.retargetly.com/sync?pid=39&sid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422

68 B
448 B

137ms
131ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?pid=39&sid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf317ffedf92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

x-vcl-time-ms: 8
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: nginx
x-timer: S1633324707.533306,VS0,VE8
x-cache: MISS
location: https://app.retargetly.com/sync?pid=39&sid=1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19145-FRA

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID
https://app.retargetly.com/sync?pid=14&sid=45F6F188-76D0-4A54-A484-5B43058467E9

68 B
421 B

132ms
129ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?pid=14&sid=45F6F188-76D0-4A54-A484-5B43058467E9
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf317ffeaf92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

location: https://app.retargetly.com/sync?pid=14&sid=45F6F188-76D0-4A54-A484-5B43058467E9
date: Mon, 04 Oct 2021 05:18:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5Bsas_uid%5D%26pid%3D63
https://sync.smartadserver.com/getuid?gdpr=0&url=https://app.retargetly.com/sync?sid=[sas_uid]&pid=63&cklb=1
https://app.retargetly.com/sync?sid=6385152086188523229

68 B
133 B

125ms
125ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?sid=6385152086188523229
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf3190866f92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

location: https://app.retargetly.com/sync?sid=6385152086188523229
pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2

200

sync
app.retargetly.com/ Frame DE31
Redirect Chain

https://sync.teads.tv/rt/sync?vid=261ac543-2adb-46bf-9c41-9941b3f94d90&gdpr=0&us_privacy=%221-N-%22
https://app.retargetly.com/sync?pid=51&sid=261ac543-2adb-46bf-9c41-9941b3f94d90

68 B
652 B

137ms
137ms

Image
image/png

2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?pid=51&sid=261ac543-2adb-46bf-9c41-9941b3f94d90
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf318a83cf92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: akka-http/10.2.6
content-type: text/html; charset=UTF-8
location: https://app.retargetly.com/sync?pid=51&sid=261ac543-2adb-46bf-9c41-9941b3f94d90
cache-control: max-age=0, no-cache, no-store
content-length: 152
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 tpid=261ac543-2adb-46bf-9c41-9941b3f94d90
bcp.crwdcntrl.net/map/c=11530/tp=RTRG/ Frame DE31 49 B
265 B 35ms
33ms Image
image/gif 54.194.226.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=11530/tp=RTRG/tpid=261ac543-2adb-46bf-9c41-9941b3f94d90
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.18.114
content-type: image/gif
content-length: 49
expires: 0

GET
H2 200 cm.os
ads01.groovinads.com/grv/track/ Frame DE31 43 B
761 B 287ms
236ms Image
image/gif 104.22.34.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads01.groovinads.com/grv/track/cm.os?p=RT&u=261ac543-2adb-46bf-9c41-9941b3f94d90
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.34.177 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
x-server-origin: app06.groovinads.com
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
x-server: app01
access-control-allow-credentials: true
cf-ray: 698bf3182b13047e-CDG
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: 0

GET
H2 200 base.js Show response
d.tailtarget.com/ Frame E981 20 KB
8 KB 7ms
6ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.tailtarget.com/base.js
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/conversion.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 54930f8d5930ea73a5643b6e7cd4f3e5142609ed371fd9d1969ad38dba591ab4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 09:50:31 GMT
content-encoding: gzip
age: 70075
x-guploader-uploadid: ADPycdum13ZDF0wBPo5WVLHf-MwQxf5PUOs73Bbtplko9JRj4Iw7pH81kChevH434uBwWK50laCmpGRhr6zPusMkEmhj7xOrPQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 8332
last-modified: Thu, 23 Sep 2021 17:37:36 GMT
server: UploadServer
etag: "3bd196ed5cd9e1a21cd3f4a34c4baf1b"
x-goog-hash: crc32c=QnHpIw==, md5=O9GW7VzZ4aIc0/SjTEuvGw==
content-language: en
x-goog-generation: 1632418656026668
cache-control: public, max-age=86400,no-transform
x-goog-stored-content-length: 8332
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 04 Oct 2021 09:50:31 GMT

GET
H2 200 u Show response
b.t.tailtarget.com/ Frame E981 54 B
464 B 125ms
103ms Script
application/x-javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b.t.tailtarget.com/u?
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: f13151645b6849a2f885f9bc857a491071a0fba0b965aa46fa510ee5620aa5bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vary: Accept-Encoding, Accept-Encoding
content-type: application/x-javascript
cache-control: private, proxy-revalidate
content-encoding: gzip
alt-svc: clear

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame CADC 3 KB
1 KB 65ms
31ms Document
text/html 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/js?mt_lim=12&sync=auto&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x16 config:1.0.0 /
Resource Hash: 63edd531da6839d9bbc5a196b56e04299407dfdb7245a30f3b89b0d2ed802f6b

Request headers

Host: pixel.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://api.retargetly.com/
Accept-Encoding: gzip, deflate, br
Cookie: uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/

Response headers

Content-Type: text/html
Server: MT3 3984 0e3af3b master cdg-pixel-x16 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Mon, 04 Oct 2021 05:18:25 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 900
Date: Mon, 04 Oct 2021 05:18:26 GMT
Connection: keep-alive

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame DE31 43 B
493 B 34ms
32ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=261ac543-2adb-46bf-9c41-9941b3f94d90&idx=&_rlid=261ac543-2adb-46bf-9c41-9941b3f94d90
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.retargetly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame CADC 43 B
485 B 32ms
32ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mop_seq=0:1&mt_cb=568028&mop_top=
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x12 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x12 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame CADC 43 B
492 B 57ms
57ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4033 f73cd20 master cdg-pixel-x1 config:1.0.1 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 4033 f73cd20 master cdg-pixel-x1 config:1.0.1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1261
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A

43 B
107 B

152ms
150ms

Image
image/gif

2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 698bf318e9183758-MXP
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-ecUi2qlE2uE5rols5afGDGoLx13YtGhhSA191as-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1261
Redirect Chain

https://sync.1rx.io/usersync2/rmphb?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&rndcb=4564588868
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=6898545c-24c1-4abe-baea-debb19a058d5&ssp=adconductor
https://sync.1rx.io/usersync/bidswitch/31ba348f-e282-4377-8dde-51ff007e8204?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3DRX-efc3ff48-edad-484b-b7b5-b038c1c...
https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003

43 B
118 B

150ms
150ms

Image
image/gif

2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 698bf31a0a723758-MXP
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
date: Mon, 04 Oct 2021 05:18:26 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXefc3ff48edad484bb7b5b038c1c16661003
content-type: text/html

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1261
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7101365080612594597

43 B
95 B

151ms
150ms

Image
image/gif

2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7101365080612594597
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 698bf318e91a3758-MXP
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fd1b4d3f-1eda-4e9b-a42e-6cd999156f66
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7101365080612594597
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200

1.gif
id5-sync.com/c/495/0/0/ Frame 1261
Redirect Chain

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=

43 B
1 KB

9ms
9ms

Image
image/gif

54.36.109.46
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.46 , France, ASN16276 (OVH, FR),

Reverse DNS

p01.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:20 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

Location: https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=
Date: Mon, 04 Oct 2021 05:18:20 GMT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1261
Redirect Chain

https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=5a87adb4-72b5-4191-8de1-10d1bcdcbc71

43 B
96 B

160ms
160ms

Image
image/gif

2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=5a87adb4-72b5-4191-8de1-10d1bcdcbc71
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 698bf31909483758-MXP
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=5a87adb4-72b5-4191-8de1-10d1bcdcbc71
date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 1261
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=7101365080612594597

43 B
96 B

152ms
150ms

Image
image/gif

2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=7101365080612594597
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 698bf318e9193758-MXP
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d9c671db-20f3-4f95-bb7a-0b8217a1985c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=7101365080612594597
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 1261 0
478 B 15ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 um
sync.e-planning.net/ Frame 1261 42 B
103 B 15ms
14ms Image
image/gif 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=b72d222b-8bd9-4151-95f1-5330b07b5ed7
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
server: openresty
content-type: image/gif

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 667C 2 KB
3 KB 27ms
27ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e50aedab618d4ce833383a2840f2941634b34220858847eef5ff5ba8871aa471

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YVqOomglqcq9MacdpjW8DAAA; CMPS=5209; CMPRO=1215; CMST=YVqOomFajqIA; CMRUM3=bf615a8ea205a0&27615a8ea20b40&51615a8ea205a0&40615a8ea22760no-consent&2d615a8ea22760CAESEMmWm5KYbMeF7H36PP3Rqrs&f1615a8ea205a0&41615a8ea205a0&e6615a8ea22760
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 46|73|206|3|176|81|47|88
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1721
Expires: Mon, 04 Oct 2021 05:18:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Connection: keep-alive
Set-Cookie: CMID=YVqOomglqcq9MacdpjW8DAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 05:18:26 GMT CMPS=5209;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 05:18:26 GMT CMPRO=1215;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 05:18:26 GMT CMRUM3=58615a8ea205a0&41615a8ea205a0&e6615a8ea22760&2e615a8ea205a0&49615a8ea205a0&ce615a8ea205a0&bf615a8ea205a0&b0615a8ea205a00&03615a8ea205a0&27615a8ea20b40&40615a8ea22760no-consent&2d615a8ea22760CAESEMmWm5KYbMeF7H36PP3Rqrs&51615a8ea205a0&f1615a8ea205a0&2f615a8ea205a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 05:18:26 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0D4F 2 KB
823 B 8ms
8ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame E03D 43 B
551 B 28ms
15ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Cookie: HAPLB5A=s56129|YVqOp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Content-Encoding: gzip
Server: sonobi-go
Set-Cookie: HAPLB5S=s579|YVqOp; path=/; domain=.go.sonobi.com

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 667C 0
0 14ms
14ms Image
text/html 185.33.221.14
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 YVqOomglqcq9MacdpjW8DAAABL8AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 667C 43 B
88 B 29ms
29ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YVqOomglqcq9MacdpjW8DAAABL8AAAAB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content sync
ups.analytics.yahoo.com/ups/55940/ Frame 667C 0
234 B 12ms
11ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YVqOomglqcq9MacdpjW8DAAABL8AAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 667C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=1&gdpr_consent=

43 B
1 KB

30ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x28 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:25 GMT

GET
H2 200 113
match.deepintent.com/usersync/ Frame 667C 0
39 B 95ms
93ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/113
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 0
server: b

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 667C
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=VlKqq1gG_vlNUK2uV1qyqwJRp6tNWq2sUFKFPHW9

43 B
1 KB

35ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=VlKqq1gG_vlNUK2uV1qyqwJRp6tNWq2sUFKFPHW9
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=VlKqq1gG_vlNUK2uV1qyqwJRp6tNWq2sUFKFPHW9
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 667C
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=gPDRsrbz1MxgmS5&gdpr=1

43 B
1 KB

30ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=gPDRsrbz1MxgmS5&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: PingMatch/8a430fa#rel-ec2-master i-0066ec59cc187b8a7@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=gPDRsrbz1MxgmS5&gdpr=1
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame 667C 85 B
228 B 97ms
96ms Image
image/png 151.101.66.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1633324707.729369,VS0,VE80
x-served-by: cache-cdg20745-CDG
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/png
content-length: 85
x-cache-hits: 0

GET
H2 200 setuid
sync.quantumdex.io/ Frame 667C 43 B
96 B 150ms
149ms Image
image/gif 2606:4700:10::ac43:2ac6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=ix&uid=YVqOomglqcq9MacdpjW8DAAABL8AAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 698bf31919513758-MXP
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

GET
H2 200 b Show response
b.t.tailtarget.com/ Frame E981 114 B
581 B 104ms
104ms Script
application/javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b.t.tailtarget.com/b?tA=TT-10759-0&tY=1&tS=1&tU=0100007FA28E5A61B306928E0214BB43&tX=b.52&tZ=722101779
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: 5efc09ad5a48e758ae377628d00834f95b7e66a96f25a47538014ad6c0b78e01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private, proxy-revalidate
content-encoding: gzip
alt-svc: clear

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 27ms
26ms Image
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=807619810&kals=ttype%3D10002%7C%7Cpc%3D16&katen=1&pc=16&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=-qkzMpzS_SKGITfZHW_SL3PfgkCxEJpZr_0bwRiNPy6Pjm59LI70izkg6F9Bp_k5q1YjB957gMrBx6t6NWFqVFErmK7FoTv2cB74N4MZTAf9NfDO8E1cr7iVS-_Ym5Oovk8-nVgOuX8ITqiw7Hg_FictKtKkXxECra2VCT758NZ_vv4LLg7NB99fMkJ6X4s99Y15fdpemZuT8hZXl3a0oPUoAEzD2DJ9m1Gz3gX_A9M=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|BuAo4uYpv0ijUpJ8sMAAw-FglnbfpPwtTb08T_sSIxplvmegtWK5itdEonDVSQtJowwi4KPpF1NhIdbsuDFNc3jiTEwoTiosH7YGhFWbTdc=|N7fu2vKt8_s=|SugUF8l65Xc-wI3694bb1znppLZEiz2JM5dPglVHZqTVaCLumCbMfC5IQxni_L5h3JsyuVOlyc3NYdNojl3EBCP_1qQJ29mal8u9qfNQWluBEvKlW5yGi-wKDegFN5O21muliFadw_Csm7G7bsMUM6IWB9V3ToLOUXZ71hkFVvC7oPnnH5WWmL7qAsCFvoY2aXCxAEPHU4Hw9ok89N_py4dNhlQ7E-1W|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&vi=1633324704468348248&ugd=4&cc=DE&sc=HE&startTime=1633324704861&l2type=setting&vgd_l1rakh=1633324704178306170&l1ch=1&sttm=1633324704862&upk=1633324705.13938&hvsid=00001633324704862031189952009288&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A10|6515&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=170721615&sethcsd=set!A32%7C6517&vgd_pgid=p02109659104t202110040518&vgd_pgids=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:26 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4C84 11 KB
8 KB 64ms
29ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210928&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ce4f4e6fadd6c2dd61dc08e11163c6dba3e41bf01e636d53fae87e3ed42cc77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8422
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2009 11 KB
9 KB 50ms
28ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210928&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73e343266a31228959d5c096229f1582db31af8c51ff04e624ec4bf3c598416e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8548
x-xss-protection: 0

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 1280 1 KB
959 B 53ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852
x-xss-protection: 0
server: cafe
etag: 14170629819630813772
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Oct 2021 05:09:02 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame 1280 18 KB
8 KB 47ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 04:50:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1697
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7607
x-xss-protection: 0
server: cafe
etag: 5036643633216217121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Oct 2021 04:50:09 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 1280 3 KB
1 KB 52ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 04:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Oct 2021 04:42:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1280 122 KB
38 KB 83ms
27ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
server: sffe
etag: "1633087504575570"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 1280 14 KB
6 KB 48ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6194
x-xss-protection: 0
server: cafe
etag: 2541472377268313288
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Oct 2021 05:08:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1280 0
0 61ms
22ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQmyfImL8lSRSbzbkX9l56GkmSaxbp3sVzGGpIjiIQ1_tSjmFEcUA1YFd_PxbyaQRt-Y_ZgqEQTwhro069zFNXVZYHnaw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 8400539943eb1c96fa551c508d61e34e.js Show response
www.gstatic.com/mysidia/ Frame 1280 26 KB
12 KB 54ms
15ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8400539943eb1c96fa551c508d61e34e.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd1aa1b17ad107887c38eedf2e24ab209a184dfd3abdae3484d36e10d74cbbb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 19:09:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 382114
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11136
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 18:59:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Tue, 28 Dec 2021 19:09:52 GMT

GET
H2

200

view_pixel_1x1.gif Show response
secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/ Frame 1280
Redirect Chain

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=1940171175&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704
https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

43 B
488 B

40ms
8ms

Fetch
image/gif

104.84.57.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.57.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-84-57-51.deploy.static.akamaitechnologies.com

Software

ebay server /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

suppress-x-frame-options: true
content-encoding: gzip
x-content-type-options: nosniff
x-cache-lookup: HIT from include-cache-3:80
akamai-grn: 0.16d854b8.1633324707.64759a5f
content-length: 57
x-xss-protection: 1; mode=block
server: ebay server
date: Mon, 04 Oct 2021 05:18:27 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9iptq%60uebwh*g3mo%3A%28rbpv6762-17bae0e1d87-0xdc
access-control-allow-headers: *
expires: Tue, 04 Oct 2022 05:18:27 GMT

Redirect headers

date: Mon, 04 Oct 2021 05:18:27 GMT
server: ebay-proxy-server
strict-transport-security: max-age=31536000
location: https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif
cache-control: private,no-cache,no-store
x-envoy-upstream-service-time: 16
rlogid: t6baubqsodf%3F%3Ckuvgcp%60tqjfc*dc%3E%3E%3A%28rbpv670%3D-17c49bd2dc6-0x2359
content-length: 0

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 1280 40 KB
40 KB 50ms
7ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQBigAwAhjkR5Efo2F6CXT9nVjh2dUbNXVmXc4XVcCGi06LJyewfU4XjfKxEQ&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bb4febc533f6089d5dcf591746ac95a803d56895b17601256ce5ff3d7094f1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 11:43:42 GMT
x-content-type-options: nosniff
age: 149684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40773
x-xss-protection: 0
last-modified: Thu, 06 May 2021 01:15:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 02 Oct 2022 11:43:42 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 1280 28 KB
28 KB 51ms
8ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQb_DXCTpOFyGRpzc5DqDyW00VGQrP8_27D-VuR2IKE5oifq3Dk5Tg3QSo04Q&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5921d6b67ac6410ec8d7f6e5e62dea2337aa88ac17cfdfb6c16690dc93b39b28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 05:04:44 GMT
x-content-type-options: nosniff
last-modified: Sat, 24 Jul 2021 02:41:47 GMT
server: sffe
age: 260022
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28329
x-xss-protection: 0
expires: Sat, 01 Oct 2022 05:04:44 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 1280 30 KB
31 KB 63ms
22ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRiGML1QfMa7hKqmTys-tdsz7uEN-3_4HzyaS6xqN424nl9xu6vmzeVswSbqb4&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08b9e6b8e9aa6fff0bb7a49e808dbdcee0fad27f535ccb6b0f426ca71f4dc221

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 14:16:16 GMT
x-content-type-options: nosniff
age: 486130
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31122
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 10:26:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 28 Sep 2022 14:16:16 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 1280 45 KB
45 KB 56ms
16ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRiqFFe9EF7F_jQVEyPZZTm6hKzfRe62f_iOqr9NqnI8llQ-eHKRawBLoUhig&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64d0337238234ac7c0e7cc719c85ec7cc304664e479ac4aaedcc155c4e75e43c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 13:54:59 GMT
x-content-type-options: nosniff
age: 141807
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45583
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 08:12:54 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 02 Oct 2022 13:54:59 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 1280 29 KB
29 KB 57ms
16ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTXVTbGXsYPA3jScykgS0d3PoYloeD37fHvgCX2FIyl-Td6QBgbbCib6Tp84lw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d01ec96f06c6e44d9ff438de7f550e0f79ebe844bd137dd419d21127f312b76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 05:58:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 28 Jul 2021 02:13:39 GMT
server: sffe
age: 170418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29806
x-xss-protection: 0
expires: Sun, 02 Oct 2022 05:58:08 GMT

GET
H2

200

2401371329490837093
tpc.googlesyndication.com/simgad/ Frame 1280
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD34sLimAEQgAkYgQkyCLhTVvxEnQYN
https://tpc.googlesyndication.com/simgad/2401371329490837093

98 KB
98 KB

314ms
9ms

Image
image/jpeg

2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2401371329490837093

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270be58b040d0b59d87a4deea0ca09e1b49916b84858005cd3e3e1f2d302ba32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 10:51:08 GMT
x-content-type-options: nosniff
age: 584839
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100649
x-xss-protection: 0
last-modified: Wed, 05 May 2021 19:23:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:51:08 GMT

Redirect headers

timing-allow-origin: *
date: Sun, 03 Oct 2021 07:29:50 GMT
x-content-type-options: nosniff
server: cafe
age: 78516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/2401371329490837093
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 02 Nov 2021 07:29:50 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2009 17 KB
6 KB 73ms
53ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4C84 17 KB
7 KB 48ms
31ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 200 ca Show response
tt-10759-0.seg.t.tailtarget.com/ Frame E981 61 B
324 B 119ms
103ms Script
application/javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tt-10759-0.seg.t.tailtarget.com/ca?tZ=106528127
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: 2afdb318f6136bd11db38bfb6c17b62b397de340f660c090f5d165a517c5bb82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
via: 1.1 google
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private, proxy-revalidate
content-encoding: gzip
alt-svc: clear

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 460F 1 KB
868 B 15ms
13ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 03 Oct 2021 08:58:57 GMT
expires: Mon, 04 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 73169
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame D638 12 KB
5 KB 280ms
8ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 03 Oct 2021 22:50:31 GMT
expires: Mon, 03 Oct 2022 22:50:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 23276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FEBE 783 B
1 KB 26ms
25ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4c76d4e8981d7f5c3cc0a34a16e4ecac8bf0103b815753e9856ca9c274f0e526

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FGzT4wy7EjHJtB7cpOvPiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 04 Oct 2021 05:18:26 GMT
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-FGzT4wy7EjHJtB7cpOvPiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 460F 35 B
463 B 36ms
9ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJ_ggHH62Dekja_v1Izk8Zc&google_cver=1&google_push=AYg5qPIXYI-QvXUlTGxL7rb9kxqaTzFbX9-rON8F-Xudesayr4vW0tT9Q6bDVg8TC8iDjqmxPbSxmyBEQu9ifOQxwihg7dNEE9lk

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame 460F 43 B
465 B 486ms
180ms Image
image/gif 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEHa84jXHPq7Z5EvyMcR_qHM&google_cver=1&google_push=AYg5qPKIHm-UZYgZpfI6IwNjSiS2IsuIglEd2r5gm38dhKDI4WWYAQmOKSIU_DpyZLuhA9XkJjEFd_PSInUDxJiy4LCEniGR7N6B8w&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKIHm-UZYgZpfI6IwNjSiS2IsuIglEd2r5gm38dhKDI4WWYAQmOKSIU_DpyZLuhA9XkJjEFd_PSInUDxJiy4LCEniGR7N6B8w%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf31c8ad95a43-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK us.php
c.eu1.dyntrk.com/adx/ga/ Frame 460F 0
215 B 40ms
7ms Image
text/plain 135.125.160.160
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEIgCsN8Yb-GD-rbQLIzlHwI&google_cver=1&google_push=AYg5qPJ14-n5KqlzBm4AzCDWUsW46mzj6K1e-l3grSjZMx6RmkZIKsiCsg21BhhD6A2ra6PEcrVmRspHLxM8ZcxxnBottGiNeV1aQA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696128&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633324706&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633324706129&bpp=15&bdt=122&idt=211&shv=r20210928&mjsv=m202109270101&ptt=5&saldr=sa&correlator=3313353004274&frm=21&ife=1&pv=2&ga_vid=1226984708.1633324705&ga_sid=1633324706&ga_hid=1240571017&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=300117876&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=1831648667825851&pem=437&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.km927gownztq&fsb=1&xpc=BVogcnptaI&p=https%3A//securityaffairs.co&dtd=234
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.160.160 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3198892.ip-135-125-160.eu
Software: proxy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
x-rc: 10
server: proxy
content-length: 0
content-type: text/plain

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 460F
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEF2j2HZSkfrohab5QHMpx6k&google_cver=1&google_push=AYg5qPIK6_NlcvWDeGeYBQHtptMbDs1TQfC0Td9eloaPCbilIWRYAn74IJ0zc_irgls3SBcYJ04pI7bQVRvZ4GHmBsrYD1o...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIK6_NlcvWDeGeYBQHtptMbDs1TQfC0Td9eloaPCbilIWRYAn74IJ0zc_irgls3SBcYJ04pI7bQVRvZ4GHmBsrYD1oWgT8ftw&google_hm=MTIxNDE1ODg1MzExMDcz...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIK6_NlcvWDeGeYBQHtptMbDs1TQfC0Td9eloaPCbilIWRYAn74IJ0zc_irgls3SBcYJ04pI7bQVRvZ4GHmBsrYD1oWgT8ftw&google_hm=MTIxNDE1ODg1MzExMDczNjA1MQ%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 04 Oct 2021 05:18:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIK6_NlcvWDeGeYBQHtptMbDs1TQfC0Td9eloaPCbilIWRYAn74IJ0zc_irgls3SBcYJ04pI7bQVRvZ4GHmBsrYD1oWgT8ftw&google_hm=MTIxNDE1ODg1MzExMDczNjA1MQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 460F 43 B
598 B 88ms
22ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEEFSEVEFrI9iaDbispZmVyk&google_cver=1&google_push=AYg5qPKt391pCr-TBHz6ISDyDQxzukVbLqyBkQ6Q50N2u1Vu8xbQfgsCHybmxS5_5mBLL0XqHl76Fy2McT1OHULAOvwBO9zOHPsV

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Oct 2021 05:18:27 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 460F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIPk68HyHWFijdOx25kqD1w&google_cver=1&google_push=AYg5qPIsPuG2pwx2qjtvfyHdviaEir-US1lcRDBGD32kL0zZKMzzGByQQoyfGNASaSPw-YxDWm...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YNVE1SlpCRTJ1Rl9sazNMbmUwTjZDbkRfOHRGV1ZmVH5B&google_push=AYg5qPIsPuG2pwx2qjtvfyHdviaEir-US1lcRDBGD32kL0zZKMzzGByQQ...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YNVE1SlpCRTJ1Rl9sazNMbmUwTjZDbkRfOHRGV1ZmVH5B&google_push=AYg5qPIsPuG2pwx2qjtvfyHdviaEir-US1lcRDBGD32kL0zZKMzzGByQQoyfGNASaSPw-YxDWmIaRxUVyonUQ1TnjJ5zm9Nk3_D16g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 04 Oct 2021 05:18:26 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YNVE1SlpCRTJ1Rl9sazNMbmUwTjZDbkRfOHRGV1ZmVH5B&google_push=AYg5qPIsPuG2pwx2qjtvfyHdviaEir-US1lcRDBGD32kL0zZKMzzGByQQoyfGNASaSPw-YxDWmIaRxUVyonUQ1TnjJ5zm9Nk3_D16g
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 460F
Redirect Chain

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEJNuo8C4Pn8fNgGrWVfEtOg&google_cver=1&google_push=AYg5qPKkvAFRCumPYL-r9dntpVRhLeqCLKHnDXJYqpM2qgP7ZVAfWo2mJ69x6OZKuNF8JHaF669jGT6Pb9wQJq-Op...
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWE4N2FkYjQtNzJiNS00MTkxLThkZTEtMTBkMWJjZGNiYzcx&google_push=AYg5qPKkvAFRCumPYL-r9dntpVRhLeqCLKHnDXJYqpM2qgP7ZVAfWo2mJ69x6OZK...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWE4N2FkYjQtNzJiNS00MTkxLThkZTEtMTBkMWJjZGNiYzcx&google_push=AYg5qPKkvAFRCumPYL-r9dntpVRhLeqCLKHnDXJYqpM2qgP7ZVAfWo2mJ69x6OZKuNF8JHaF669jGT6Pb9wQJq-OpoIRhiUzkalZBCw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWE4N2FkYjQtNzJiNS00MTkxLThkZTEtMTBkMWJjZGNiYzcx&google_push=AYg5qPKkvAFRCumPYL-r9dntpVRhLeqCLKHnDXJYqpM2qgP7ZVAfWo2mJ69x6OZKuNF8JHaF669jGT6Pb9wQJq-OpoIRhiUzkalZBCw
date: Mon, 04 Oct 2021 05:18:26 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 460F 0
12 B 18ms
15ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J9Lr-LGv3jeDtPuuUs-5z62lm1h16gFNed2mlVB845Cw76WNpYNeWpPCI1sIf-Pzf4gRWY448

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame C045 12 KB
5 KB 267ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 03 Oct 2021 22:50:31 GMT
expires: Mon, 03 Oct 2022 22:50:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 23276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 67CA 783 B
738 B 24ms
24ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55728c56d7f3a28396cc2c32b96e3e266e5ddc21697ed3dc6aa4b4f734b2148d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X3N4NSFjYcybX2sTF2hHng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 04 Oct 2021 05:18:26 GMT
date: Mon, 04 Oct 2021 05:18:26 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-X3N4NSFjYcybX2sTF2hHng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1280 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77cd617eb529280c3449c3d436b19146ca9e7b2a376e6750f5282a5548f0e017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame DFA7 0
0 152ms
152ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 04 Oct 2021 05:18:27 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 6F65 0
0 155ms
154ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 04 Oct 2021 05:18:27 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B4AE 14 KB
5 KB 19ms
18ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KCCH=YES; KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; SPugT=1633324705; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=58959
expires: Mon, 04 Oct 2021 21:41:06 GMT
date: Mon, 04 Oct 2021 05:18:27 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B107 52 KB
17 KB 43ms
6ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: uuid2=7101365080612594597; anj=dTM7k!M4/8CxrEQF']wIg2E>8k=R@y!]tbP6j2F-XstGt!@DW($f/2k; icu=ChgI3sJXEAoYASABKAEwoZ3qigY4AUABSAEQoZ3qigYYAA..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 04 Oct 2021 05:18:27 GMT
Age: 574
X-Served-By: cache-lga21972-LGA, cache-hhn4076-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 10893
X-Timer: S1633324707.090771,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F504 14 KB
5 KB 19ms
18ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KCCH=YES; KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; SPugT=1633324705; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=58959
expires: Mon, 04 Oct 2021 21:41:06 GMT
date: Mon, 04 Oct 2021 05:18:27 GMT
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5EAF 14 KB
5 KB 19ms
19ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KCCH=YES; KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; SPugT=1633324705; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=58959
expires: Mon, 04 Oct 2021 21:41:06 GMT
date: Mon, 04 Oct 2021 05:18:27 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame ED5D 668 B
732 B 25ms
18ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: b123414eeb90d7b0ab2f16c13adc7358e6472e873d15f6709c4cd7f2075f7c00

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705; Version=1; Expires=Tue, 04-Oct-2022 05:18:27 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633324707|gekin0vNiygu; Version=1; Expires=Tue, 19-Oct-2021 05:18:27 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 04 Oct 2021 05:18:27 GMT
content-type: text/html
content-length: 421
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame F83A 0
0 154ms
154ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 04 Oct 2021 05:18:27 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 23A9 0
0 339ms
107ms Document
text/plain 208.100.17.175
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.175 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip175.208-100-17.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

x-33x-status: 2000208
server: 33XP004
date: Mon, 04 Oct 2021 05:18:26 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B942 52 KB
17 KB 35ms
7ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: uuid2=7101365080612594597; anj=dTM7k!M4/8CxrEQF']wIg2E>8k=R@y!]tbP6j2F-XstGt!@DW($f/2k; icu=ChgI3sJXEAoYASABKAEwoZ3qigY4AUABSAEQoZ3qigYYAA..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 04 Oct 2021 05:18:27 GMT
Age: 574
X-Served-By: cache-lga21972-LGA, cache-hhn4033-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 11594
X-Timer: S1633324707.091182,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame DD09 0
0 153ms
152ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 04 Oct 2021 05:18:27 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 78E1 52 KB
17 KB 34ms
8ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: uuid2=7101365080612594597; anj=dTM7k!M4/8CxrEQF']wIg2E>8k=R@y!]tbP6j2F-XstGt!@DW($f/2k; icu=ChgI3sJXEAoYASABKAEwoZ3qigY4AUABSAEQoZ3qigYYAA..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 04 Oct 2021 05:18:27 GMT
Age: 574
X-Served-By: cache-lga21972-LGA, cache-hhn4073-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 11126
X-Timer: S1633324707.092496,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 6344 668 B
721 B 20ms
19ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: b123414eeb90d7b0ab2f16c13adc7358e6472e873d15f6709c4cd7f2075f7c00

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705; Version=1; Expires=Tue, 04-Oct-2022 05:18:27 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633324707|gekin0vNiygu; Version=1; Expires=Tue, 19-Oct-2021 05:18:27 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 04 Oct 2021 05:18:27 GMT
content-type: text/html
content-length: 421
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 15D2 668 B
721 B 17ms
17ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: b123414eeb90d7b0ab2f16c13adc7358e6472e873d15f6709c4cd7f2075f7c00

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705; Version=1; Expires=Tue, 04-Oct-2022 05:18:27 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633324707|gekin0vNiygu; Version=1; Expires=Tue, 19-Oct-2021 05:18:27 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 04 Oct 2021 05:18:27 GMT
content-type: text/html
content-length: 421
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 0721 668 B
721 B 17ms
17ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: b123414eeb90d7b0ab2f16c13adc7358e6472e873d15f6709c4cd7f2075f7c00

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=95b8cd5c-79ed-4111-a837-49907834dac7|1633324705; Version=1; Expires=Tue, 04-Oct-2022 05:18:27 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633324707|gekin0vNiygu; Version=1; Expires=Tue, 19-Oct-2021 05:18:27 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 04 Oct 2021 05:18:27 GMT
content-type: text/html
content-length: 421
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame D8A4 52 KB
17 KB 29ms
7ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: uuid2=7101365080612594597; anj=dTM7k!M4/8CxrEQF']wIg2E>8k=R@y!]tbP6j2F-XstGt!@DW($f/2k; icu=ChgI3sJXEAoYASABKAEwoZ3qigY4AUABSAEQoZ3qigYYAA..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 04 Oct 2021 05:18:27 GMT
Age: 573
X-Served-By: cache-lga21972-LGA, cache-hhn4024-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 12183
X-Timer: S1633324707.091405,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5920 14 KB
5 KB 20ms
19ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KCCH=YES; KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; SPugT=1633324705; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=58959
expires: Mon, 04 Oct 2021 21:41:06 GMT
date: Mon, 04 Oct 2021 05:18:27 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2CD8 281 B
554 B 7ms
7ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: rsid=1|AIfsdBUO++vuGxiryvY4NyLqsLINffPD0ndRTZPwOWBzr4eVPwTuL9+eZLvlgeCkRh3C4GjGYWrGRQSWDHOtFAT+ngdUyQJYykllPZjhEHJw9y7GDs9f; khaos=KUC7CWLQ-8-5CFW; audit=1|hLZGFuTafB0ctMvC8Udn4wlE2IyiwyordnwCfVF8zn4qxomP/o7qYhPx+QOC0BlCzYmEmZ/QEGXIxIvkAgQ2rTOZUHL6E73cMj20TaXysiPQD5U7tEfUTQ==; pux=1512%3D103061%262249%3D103061%262307%3D103061%262974%3D103061%263778%3D103061%26goog%3D103061%262249-DV360-Hosted%3D103061%26brx%3D103061%26
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
ETag: "403b8-119-5cd3a8e7e6a80"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Oct 2021 05:18:27 GMT
Connection: keep-alive
Vary: Accept-Encoding

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 99ms
98ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:27 GMT

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 100ms
99ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:27 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FEBE 0
0 68ms
67ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210928&jk=697645183541000&rc=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 67CA 0
0 66ms
66ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210928&jk=2115792893684881&rc=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 __tt.gif
t.tailtarget.com/ Frame E981 43 B
299 B 110ms
103ms Image
image/gif 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.tailtarget.com/__tt.gif?tA=TT-10759-0&tE=0&tF=&tI=_frankfurt%20am%20main_hesse_de_1633324706845_3118995387&tJ=&tU=0100007FA28E5A61B306928E0214BB43&tX=b.52&tY=1&tZ=677550680
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, private, proxy-revalidate
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2CD8 31 KB
9 KB 9ms
9ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=38065
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9275
Expires: Mon, 04 Oct 2021 15:52:52 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame ED5D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

43 B
106 B

28ms
20ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame ED5D
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

43 B
106 B

31ms
20ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame ED5D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

43 B
106 B

19ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame ED5D 70 B
264 B 35ms
31ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=4614f205-d06a-7ee6-f2e1-81781c13e93a&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame ED5D 170 B
188 B 20ms
18ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmE3YjIxY2YtMTkxZC0yMDQyLWU3MDEtZGJjMWQ2ZjEyNzVh

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame ED5D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

43 B
106 B

22ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 15D2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

43 B
122 B

23ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 15D2
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

43 B
106 B

32ms
22ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 15D2
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

43 B
106 B

19ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 15D2 70 B
264 B 35ms
31ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=4614f205-d06a-7ee6-f2e1-81781c13e93a&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 15D2 170 B
188 B 22ms
20ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmE3YjIxY2YtMTkxZC0yMDQyLWU3MDEtZGJjMWQ2ZjEyNzVh

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 15D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

43 B
106 B

26ms
21ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 0721
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

43 B
106 B

19ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0721
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

43 B
106 B

30ms
20ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 0721
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

43 B
106 B

23ms
19ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 0721 70 B
264 B 35ms
31ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=4614f205-d06a-7ee6-f2e1-81781c13e93a&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0721 170 B
188 B 22ms
20ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmE3YjIxY2YtMTkxZC0yMDQyLWU3MDEtZGJjMWQ2ZjEyNzVh

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0721
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

43 B
106 B

28ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 6344
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f

43 B
106 B

20ms
20ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x13 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=adfb615a-8ea1-4e00-8abc-ca40c5b9609f
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6344
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ

43 B
106 B

31ms
20ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=6xca_eVDTq7wQBz67B8C-OtFGq7wHhv66BSzWvmZ
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 6344
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270

43 B
106 B

22ms
18ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8434512423503908270
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 6344 70 B
264 B 34ms
31ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=4614f205-d06a-7ee6-f2e1-81781c13e93a&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 6344 170 B
188 B 20ms
18ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmE3YjIxY2YtMTkxZC0yMDQyLWU3MDEtZGJjMWQ2ZjEyNzVh

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6344
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1

43 B
106 B

19ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJvEbf1bTvR1PSWfL4TBSuE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B107 0
733 B 263ms
262ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:27 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 46d9b0b7-3fbe-48bd-9ec8-80dc36b23a66
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B942 0
733 B 17ms
14ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:27 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 02bce734-4514-4c32-b862-6c2ff4687fc4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 78E1 0
733 B 15ms
14ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:27 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b9fbcf1c-4d57-4e73-951e-9a7bf725db82
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D8A4 0
733 B 38ms
24ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:27 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fe2a6667-ad28-4bfa-be87-5dbbc87c6cf7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B819 11 KB
8 KB 27ms
27ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210928&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a913544a3a6e1174f8c6771047b6ea6eb5c14615b4b5ddec3a6c13ca5c7447fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 05:18:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8448
x-xss-protection: 0

GET
H2 200 y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js Show response
pagead2.googlesyndication.com/bg/ Frame 4EB4 35 KB
13 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbf1a9489083789521cb679dc2a8aa50b5e385e320455234f497e90f83bc1f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 20:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13365
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 03 Oct 2022 20:27:26 GMT

GET
H2 200 y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js Show response
pagead2.googlesyndication.com/bg/ Frame C045 35 KB
13 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbf1a9489083789521cb679dc2a8aa50b5e385e320455234f497e90f83bc1f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 20:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13365
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 03 Oct 2022 20:27:26 GMT

GET
H2 200 y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js Show response
pagead2.googlesyndication.com/bg/ Frame D638 35 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbf1a9489083789521cb679dc2a8aa50b5e385e320455234f497e90f83bc1f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 20:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13365
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 03 Oct 2022 20:27:26 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B819 17 KB
6 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 32ms
32ms Image
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=801338178&kals=ttype%3D10002%7C%7Cpc%3D2&katen=1&pc=2&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=W-WrbjnUWoSgKupIroACYfmquVQJeUvq_m-2COgRU-ZnwHV1AKAOO54MTT4aMPMVQtjQNc7PkkgXOLYpsF-Y4MIHVyNrYNh2puoeIkGq4cUyPuKTq0J9U5D8wDpJ0rFxofwNCz3325YL-xZVz4sHNnX_d9OUSZkjQk9JKLIske551fMhs6r5LnFN0IW_1J1EnpVGQY0Hr_RH1cElPWjEv-6WlU-dnLJ40Z0eN64cjog=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|BuAo4uYpv0ijUpJ8sMAAw-FglnbfpPwtTb08T_sSIxplvmegtWK5itdEonDVSQtJowwi4KPpF1NhIdbsuDFNc3jiTEwoTiosH7YGhFWbTdc=|N7fu2vKt8_s=|0s1O5RtgMNJgjLTYviphzKhf0XSadbrJ-i3jT0fa0eUSs3asi9bOn8RMR3sYsqoWXnDzO86k8J09_rrUcFJrg_LzZVOoPCBAKR__IsV8Ixq93o41h2eGDQhEkwkeVkmlzXjyyCTKesHcFAuuX0muZmudCDfhv6L24HgZEIb-0OUkHr-wHpxalkrkLUvdjCV-aItjwB8i81rdTqAjBxPopEyFBTOU-6wn|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&vi=1633324704786610529&ugd=4&cc=DE&sc=HE&startTime=1633324704849&l2type=setting&vgd_l1rakh=1633324704178306170&l1ch=1&sttm=1633324704851&upk=1633324705.13938&hvsid=00001633324704851031189952005846&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A10|6515&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=170721401&sethcsd=set!A32%7C6517&vgd_pgid=p02109659104t202110040518&vgd_pgids=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 04 Oct 2021 05:18:27 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 1CBA 12 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 03 Oct 2021 22:50:31 GMT
expires: Mon, 03 Oct 2022 22:50:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 23276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 960A 783 B
762 B 24ms
24ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d8718c22fb7db0cd1fba4e724360f1c0ce2daa683c4ca0e67eb3d6c4f2a9f37b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3v5ep/cMhdcBOIJG3a2W5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 04 Oct 2021 05:18:27 GMT
date: Mon, 04 Oct 2021 05:18:27 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-3v5ep/cMhdcBOIJG3a2W5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 960A 0
0 66ms
65ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210928&jk=1831648667825851&rc=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js Show response
pagead2.googlesyndication.com/bg/ Frame 1CBA 35 KB
13 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y_GpSJCDeJUhy2edwqiqULXjheMgRVI09JfpD4O8H0g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbf1a9489083789521cb679dc2a8aa50b5e385e320455234f497e90f83bc1f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 20:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13365
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 03 Oct 2022 20:27:26 GMT

GET
H2 200 sync
app.retargetly.com/ Frame CADC 68 B
744 B 142ms
142ms Image
image/png 2606:4700:10::6816:118d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.retargetly.com/sync?sid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&pid=10
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:27 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 698bf31eebb0f92f-MXP
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control: no-cache
content-type: image/png
expires: 0

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame CADC 43 B
484 B 37ms
36ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mop_seq=1:1&mt_cb=977835&check=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&mop_top=
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x9 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:27 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x9 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:26 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4C84 0
0 69ms
69ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210928&jk=697645183541000&bg=!r6ylrOjNAAZE-GIIRPg7ACkAdvg8Wq5uGB0tHQGLJEOXG3JGkeE23L9Xm0eqaoHjX_Xz4FLrOUJTNAIAAAElUgAAABZoAQeZAtRt_ZFk_cJvBO3mrgHm0rJSeqJ9AkeowSRGbr1ycD3OW2Jqz7WSc_Nsl2Z7o-m8IYJ18XHdE5rGbWuERA2FK7SRTw3jD2w-ly7azHB_qcw8fNUavQOHsqd_l63gvmzo-K96oOpdRFkYpyd0QEiZtdkQAxiCAVgw4tzsOo-nXa-7UKnzAEQDau-0v1IJnOWb48Ibbnm5N_hddnSxMTz6ecJirCW3UWl0I2cXUeR0YI_g-yAH-0DiueDCwYYzvovavPVgdE5RJ8hf29hKDWzrCIWJH73qGEJixTXSyX-peWnyoR1TZjssk5m26fAF-B29PtPHynDTjZzJhDrDKj4KJ7qd3OLP5d54bzdsR9UbvsRHVCRIRh5fyf85yG7VYkcnUKpejKeVmrqU2NiPjLB6KsJzsFxTNDb_ECxxqGtBRDs0kobXBylMwcS-fFiRzwjzKYeOVH3Z-_DrUsW7NEHRY1cjNQ91UM_UJJ94bJ5EcExQXiV-EYYIlhIX8SBYsimfDaSZZ9HVuEUS8qWWZ9o2hFw5M9N29YIpFo5_2Gye29xZVb88jR4ggyr-SX9wrZyjj9tp-DfIslhkoOH0Mwc-Rf4bDw49iAC8rPKReL1KXti5NgzHSPW9DlZ46cHYqhhPstkh-QkOTaJml0sEedprm6Rh4xUEordNPlR71vEGEr56n9m_C518Uedmf-J0R0R8xhGo-UazeFEQSLjTyekdYWIeeIg3fZZiMijMYOxjxfAko36eI-sVMkwwk14yEO8wZ-bJ7AAfIW8f86VQiJlgZGua44n-EEe1jnk-4GZNnBduaguJJbAv1Pnz8bXHgh1Oz4A9DJdHbIGnR4fgSP9Al4IKZLEfb2dceaZxVSVpekpgVLdwr9C6KFhe-kJYu0gtSdHCQuEx9wBCtWIkfRboela8kSJD4E-DHbXLcTEUGG09OMOtFNsE5nMzk3D0RjijX7uUuIQM
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2009 0
0 68ms
68ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210928&jk=2115792893684881&bg=!oqGloeXNAAZE-GIIRPg7ACkAdvg8WseqBpmP1MdzaDl3lmGVmOrXh3nEJZUum8jg_wQHtsjIbqqhjgIAAAE_UgAAABZoAQeZAsxyIUGtJ2Xc8-tSYogdo5ftnGEDbtXvJnA3RegSt47HiRXXvyB-c02wRIZknWgOOulPVDAdmZZdsBaV6EwHPEHDiH4J81Z3gp-W5hKCdXgG0H8x9PuvnyoT-6nH_YlSkN587Tl1HP6UFWk0IFL7SaKrEkw6facHc4a65nQ8krP_220m0LN6neZ8zzzTRA89wOU8h_sObV63PyhntjuuVdY79L0k9UcSKbkHdUIHrqz1ELOcBgwyT3kUmQBduLORrZm2_-plskz6IF32S_IYdb8SxqsoIEsmcujx9uVIpphaKw5g-xCD_GDwNWscMsuttrCZ-ismIClVlmG775gCA9VTpGhwghlXesJ7_povdFuOa3GYklmcbt4div96rZoqUdx2gP8l0JMEqo7xAk9fxqynA01-lk88rr_LFxYMfjumHbp1_rLA9Fkz4y7IyuVJFPhi3rMP1ZuXssZeZmlORdGDKl18EtXOznBO8BBY96Gdg8qyoKHX26aoXzYx-iUyky-EqmcGJZpOWaBl9Y1aMtT00dM6-lyyjspjAaw9FTWPzxp4aSmKnjKsgfBBwLidxJIyAigBOiQTKq9a2OdEOFM41y-IcWxnZcEVI2O4q-uh5o4P1Dy-oBsoaWL3ZwcZJYoSOXNF9HNWwXgDKfvuLgomRt8iZ7Mt8waGgT6mU2nRcERAoXa9gwRNjhx22Zjpdttc-Lo5-z8oAEjFw6iseqGE5xpej2Z2ebqYu4eIoR9_C2YyhhnmPQxU7NR9wx7TsvCzme68OctQ80jGlhYjtfzLmyvZWInC7XxHYEkueoEiBskdnWsNloCcNrrJ7J7YoBU-TcofSJIUz3Ve4dtC16MhSuyhUyvc2Iw5n7ayBCyQe8MB7HnPtBrkgzztEpY0ITvP8pjCNCLfFW_tEjsWw2Zmdu9igoAm9uoxkMPw7qtzAEQnsqdhlEj3afv52g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B819 0
0 68ms
68ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210928&jk=1831648667825851&bg=!MzClMHTNAAZE-GIIRPg7ACkAdvg8Wm2KYZbBbNxJKretdcOFDDGEh1ryxofw8azwvybmxDCwKmKSjQIAAADSUgAAAAxoAQcKABUMSLej9OrOXtKY-GkHgumkF5R1W1WZAtN2u6D-xbXD-xDDTy7iURYd613imqmWzK_dgASy7AzxIrqjfk_-KubdTbrk_PKGJBifdiVLwXX5nLY8-IcSly_o7oc32ftPAEo11yy3LvhQxkNn84EcDScFM5PccjPl9trpmEYJeUdietOuspZP3sscfeLhEtRYrq2rftnf4t6_t4EsXrmzseu7itlPbRfhy3LoWKk60frsvrEZH2bHmrDPjCnQT5JHmc3-3oRC-hjUSOCF-eB40gOBSlLCPgc21PA4Aal830EVUepGWPeHZQAxlRc_e5L6L5x67MOxKAW7E5twmfYIZCl0gYWWGw-sMPHJ-OJaqhkM0Xep1XXpZl32nEtP21vTGX53YwnMSypRQoX0hzrG6lXixe-W2YIDvOgNmTC635_PYe5lwEMGXpqJtoE49tHrpSEIN8SVksKKS52STbL8jIBqa3LKYWDrkKpC_cqauTTMcWTw8NaglFeDXEvwf88DlnoZg2Jc5vHT0MsRYGObcgA056o1HMXQB5yq7FTPsnk63PyJnKGiDtk2GGR3l1M5IRJdNNPfjdWBHL4qBa-QlV49r1JHWqTDz642ku77t_GVv5R0r5TkdPdqVm3qobclLXHeBf6gS_A6YqdkQX2R5mu1bpeN8Pi3lK9eKIByVxSGkxsLIfm9fmEKhaM1J1h0N-4uqsye2OeoEoUD6CuR752bDmPe8A1tFzs_4p5lOHVp25Adn7vjH2kX6Xpjch000Y-8uvvbzxR1LsE06sPdmkozrKch4asNxv4NHQyOoMxRJrMBsIb_IPc1usK3RLuWMwRzJOYkZPRt0VREMI40Pq8A55YowsVO02dhm4WwSuDE1EP99bk26X_BQjy_N2By58nFF7eamkoqDd2f5vDl3dmIJzXK_EOg5S7S2QM4iwpWDYakuhDBnim2OWWpZrl8RUiZuULF_KHxikQz_9m56fgzyF6aQFsZcFo4XaE
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 8A2C 2 KB
1 KB 55ms
19ms Script
application/x-javascript 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ0MDYwMDI5MjE5NDE5MzIxNi85Mzk5NDkxLzkxMzMzNzkvMy96Z0phajh4ZDJqUnRvQ3FQX25VdmZMaVRfUDNPMmV1R1J3eVpIcnZvNXNBLzEvMy8wLzAvMTY2Njc3Mi8zMTE4OTk1MjAwLzIyNjU4OS85ODUyNzgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80NDA2MDAyOTIxOTQxOTMyMTYvenJoLzAvMzUwMS8zMC85OTkvMi8xODUuMjMyLjIzLjAvMC4wMDAvMTYzMzMyNDcwNS8xNjMzMzM3MzA1LzMvMTU4MTI3Lw/XNhQCaW7DtIdNL9N5_JVtTspwsk&nodeid=344&group=zrh&auctionid=440600292194193216&shardkey=440600292194193216&sid=9133379&cid=9399491&price=0.267088&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.144&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%3D%3D_url%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: d2dabe099eb555c4a047798adb53797e023b83840d8566858fb13e6c28cb2472

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1633324705
Last-Modified: Mon, 04 Oct 2021 05:18:25 GMT
Server: MMBD/3.206.0
x-mm-latency: 5 (2)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x65, zrh-bidder-x45
Connection: close
Expires: Mon, 04 Oct 2021 05:18:27 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 101ms
101ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:28 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame AF28 2 KB
1 KB 43ms
15ms Script
application/x-javascript 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTEwNTA4MjQ0NDIxMjIwNzYvOTM5OTQ5Mi85MTMzMzc5LzMvemdKYWo4eGQyalJ0b0NxUF9uVXZmQjlCbEVhSEtwQXZRS2NlOUUwWVU4QS8xLzMvMC8wLzE2NjY3NzIvMzExODk5NTIwMC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODUxMTA1MDgyNDQ0MjEyMjA3Ni96cmgvMC8zNTAxLzMwLzk5OS8yLzE4NS4yMzIuMjMuMC8wLjAwMC8xNjMzMzI0NzA1LzE2MzMzMzczMDUvMy8xNTgxMjcv/lozZCxLAjy-Vfzk8x6cTl7dl9gw&nodeid=344&group=zrh&auctionid=8511050824442122076&shardkey=8511050824442122076&sid=9133379&cid=9399492&price=0.263501&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.98&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: 8b4f7b1fbc6798d9fdb1704728d74fb7c5b3f3c8e8976d4d9f434ea4df9436c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1633324705
Last-Modified: Mon, 04 Oct 2021 05:18:25 GMT
Server: MMBD/3.206.0
x-mm-latency: 2 (1)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x35, zrh-bidder-x45
Connection: close
Expires: Mon, 04 Oct 2021 05:18:27 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 101ms
101ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:28 GMT

GET
H/1.1 200
OK b2chijg1xki1 Show response
hal9000.redintelligence.net/zone/ Frame 8A2C 10 KB
3 KB 45ms
13ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/b2chijg1xki1?subid=&gdpr=0&gdpr_consent=&rnd=440600292194193216&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:pub&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D440600292194193216%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%253D%253D_url%253D%26redirect%3D
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 713b670ac191be64a1f7e1ef97d24463b753583ebbf5ab573226c129165c9fd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3133
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 8A2C 43 B
373 B 40ms
39ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=3&v2=440600292194193216&v3=985278&v4=9133379&v5=9399491&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ0MDYwMDI5MjE5NDE5MzIxNi85Mzk5NDkxLzkxMzMzNzkvMy96Z0phajh4ZDJqUnRvQ3FQX25VdmZMaVRfUDNPMmV1R1J3eVpIcnZvNXNBLzEvMy8wLzAvMTY2Njc3Mi8zMTE4OTk1MjAwLzIyNjU4OS85ODUyNzgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80NDA2MDAyOTIxOTQxOTMyMTYvenJoLzAvMzUwMS8zMC85OTkvMi8xODUuMjMyLjIzLjAvMC4wMDAvMTYzMzMyNDcwNS8xNjMzMzM3MzA1LzMvMTU4MTI3Lw/XNhQCaW7DtIdNL9N5_JVtTspwsk&nodeid=344&group=zrh&auctionid=440600292194193216&shardkey=440600292194193216&sid=9133379&cid=9399491&price=0.267088&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.144&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%3D%3D_url%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x29 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x29 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 8A2C 49 B
329 B 41ms
13ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=pub&bid=440600292194193216&st=9133379&time=1633324708&nodeid=344
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ0MDYwMDI5MjE5NDE5MzIxNi85Mzk5NDkxLzkxMzMzNzkvMy96Z0phajh4ZDJqUnRvQ3FQX25VdmZMaVRfUDNPMmV1R1J3eVpIcnZvNXNBLzEvMy8wLzAvMTY2Njc3Mi8zMTE4OTk1MjAwLzIyNjU4OS85ODUyNzgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80NDA2MDAyOTIxOTQxOTMyMTYvenJoLzAvMzUwMS8zMC85OTkvMi8xODUuMjMyLjIzLjAvMC4wMDAvMTYzMzMyNDcwNS8xNjMzMzM3MzA1LzMvMTU4MTI3Lw/XNhQCaW7DtIdNL9N5_JVtTspwsk&nodeid=344&group=zrh&auctionid=440600292194193216&shardkey=440600292194193216&sid=9133379&cid=9399491&price=0.267088&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.144&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%3D%3D_url%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MMBD/3.206.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x39, zrh-bidder-x45
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK js Show response
sync.mathtag.com/sync/ Frame 8A2C 1 KB
986 B 19ms
18ms Script
text/javascript 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ0MDYwMDI5MjE5NDE5MzIxNi85Mzk5NDkxLzkxMzMzNzkvMy96Z0phajh4ZDJqUnRvQ3FQX25VdmZMaVRfUDNPMmV1R1J3eVpIcnZvNXNBLzEvMy8wLzAvMTY2Njc3Mi8zMTE4OTk1MjAwLzIyNjU4OS85ODUyNzgvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80NDA2MDAyOTIxOTQxOTMyMTYvenJoLzAvMzUwMS8zMC85OTkvMi8xODUuMjMyLjIzLjAvMC4wMDAvMTYzMzMyNDcwNS8xNjMzMzM3MzA1LzMvMTU4MTI3Lw/XNhQCaW7DtIdNL9N5_JVtTspwsk&nodeid=344&group=zrh&auctionid=440600292194193216&shardkey=440600292194193216&sid=9133379&cid=9399491&price=0.267088&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.144&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%3D%3D_url%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x2 config:1.0.0 /
Resource Hash: 6f6b8baee22d33d5e994228c549bdf6eab7c50562bc5ce49d10a89727af4ed60

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
Server: MT3 3984 0e3af3b master zrh-pixel-x2 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: close
Content-Type: text/javascript
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 6063 0
260 B 57ms
14ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156631&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D1499e6f6da76f6d7%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK eifj49geg8vb Show response
hal9000.redintelligence.net/zone/ Frame AF28 10 KB
3 KB 38ms
13ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/eifj49geg8vb?subid=&gdpr=0&gdpr_consent=&rnd=8511050824442122076&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:pub&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8511050824442122076%26mt_id%3D9399492%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%253D%26redirect%3D
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 4d6ffefe7775699e279d2bfb1e5f58554ff578afb44f156887e7e885cd25591a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3129
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame AF28 43 B
373 B 30ms
29ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=3&v2=8511050824442122076&v3=985278&v4=9133379&v5=9399492&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTEwNTA4MjQ0NDIxMjIwNzYvOTM5OTQ5Mi85MTMzMzc5LzMvemdKYWo4eGQyalJ0b0NxUF9uVXZmQjlCbEVhSEtwQXZRS2NlOUUwWVU4QS8xLzMvMC8wLzE2NjY3NzIvMzExODk5NTIwMC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODUxMTA1MDgyNDQ0MjEyMjA3Ni96cmgvMC8zNTAxLzMwLzk5OS8yLzE4NS4yMzIuMjMuMC8wLjAwMC8xNjMzMzI0NzA1LzE2MzMzMzczMDUvMy8xNTgxMjcv/lozZCxLAjy-Vfzk8x6cTl7dl9gw&nodeid=344&group=zrh&auctionid=8511050824442122076&shardkey=8511050824442122076&sid=9133379&cid=9399492&price=0.263501&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.98&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x14 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x14 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame AF28 49 B
329 B 39ms
14ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=pub&bid=8511050824442122076&st=9133379&time=1633324708&nodeid=344
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTEwNTA4MjQ0NDIxMjIwNzYvOTM5OTQ5Mi85MTMzMzc5LzMvemdKYWo4eGQyalJ0b0NxUF9uVXZmQjlCbEVhSEtwQXZRS2NlOUUwWVU4QS8xLzMvMC8wLzE2NjY3NzIvMzExODk5NTIwMC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODUxMTA1MDgyNDQ0MjEyMjA3Ni96cmgvMC8zNTAxLzMwLzk5OS8yLzE4NS4yMzIuMjMuMC8wLjAwMC8xNjMzMzI0NzA1LzE2MzMzMzczMDUvMy8xNTgxMjcv/lozZCxLAjy-Vfzk8x6cTl7dl9gw&nodeid=344&group=zrh&auctionid=8511050824442122076&shardkey=8511050824442122076&sid=9133379&cid=9399492&price=0.263501&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.98&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MMBD/3.206.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x24, zrh-bidder-x45
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK js Show response
sync.mathtag.com/sync/ Frame AF28 1 KB
987 B 16ms
16ms Script
text/javascript 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=pub&s_exch=pub&id=5aW95q2jLzIzLyAvT1dGa01URXpOelF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTEwNTA4MjQ0NDIxMjIwNzYvOTM5OTQ5Mi85MTMzMzc5LzMvemdKYWo4eGQyalJ0b0NxUF9uVXZmQjlCbEVhSEtwQXZRS2NlOUUwWVU4QS8xLzMvMC8wLzE2NjY3NzIvMzExODk5NTIwMC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODUxMTA1MDgyNDQ0MjEyMjA3Ni96cmgvMC8zNTAxLzMwLzk5OS8yLzE4NS4yMzIuMjMuMC8wLjAwMC8xNjMzMzI0NzA1LzE2MzMzMzczMDUvMy8xNTgxMjcv/lozZCxLAjy-Vfzk8x6cTl7dl9gw&nodeid=344&group=zrh&auctionid=8511050824442122076&shardkey=8511050824442122076&sid=9133379&cid=9399492&price=0.263501&bp=a_cghgdc&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.98&3pck=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x26 config:1.0.0 /
Resource Hash: 6f6b8baee22d33d5e994228c549bdf6eab7c50562bc5ce49d10a89727af4ed60

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
Server: MT3 3984 0e3af3b master zrh-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: close
Content-Type: text/javascript
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1

200
OK

request.php Show response
hal90008.redintelligence.net/ Frame 8A2C
Redirect Chain

https://hal90008.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90008.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

612 B
937 B

90ms
65ms

Script
application/x-javascript

138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D440600292194193216%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%253D%253D_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=1436369749422&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fcc5b5e7de2165c1563cc3d7590b4e20eedc2a0b21b823e2877a6423a79406a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 52515000033097603168684011737008
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 331
Expires: Mon, 04 Oct 2021 06:18:28 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D440600292194193216%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%253D%253D_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=1436369749422&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 04 Oct 2021 06:18:28 +0200

GET
H/1.1

200
OK

request.php Show response
hal90008.redintelligence.net/ Frame AF28
Redirect Chain

https://hal90008.redintelligence.net/request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90008.redintelligence.net/request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

610 B
936 B

81ms
57ms

Script
application/x-javascript

138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8511050824442122076%26mt_id%3D9399492%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=4462620703245&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bea193129c30ade4d0bf896149dcca439a6284e70288aec5fd11859f46a17f22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 13807400033097503168682011737008
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 330
Expires: Mon, 04 Oct 2021 06:18:28 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8511050824442122076%26mt_id%3D9399492%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=4462620703245&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 04 Oct 2021 06:18:28 +0200

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B107 0
733 B 28ms
27ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 99ee9777-2489-470f-95ce-034ac6ed11e9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B942 0
733 B 14ms
14ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 48207edd-5871-44c0-85a0-436db3fb9480
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 78E1 0
733 B 22ms
21ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bfc20062-7835-4bf0-8e99-2472df96cc84
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D8A4 0
733 B 15ms
15ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 05:18:28 GMT
X-Proxy-Origin: 185.232.23.187; 185.232.23.187; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c0b49472-2da9-4d9b-aaf1-364d2723d136
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1280 42 B
174 B 43ms
42ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssuXkG0BgaA4afm4FYYnZXE2-ubvmO9ERoT7japoB30Tzy407Xn6frwKTElCR4RBlANT7DSJHEF7gGV6AKbYvV-bN3jwy4OsVS0L-lUsw1Uz3HJnhYyO1fekWJSuXHNm9p43DUabCJolkPj&sai=AMfl-YSnYLeEQMlGTPSUExj64qgaH90cOxsXNVEwE16ENSculohiaJTV2rW3kiTG39yD-Ub2kHimdUpBLTcg0v1nW0PcieDGPQYjMbk&sig=Cg0ArKJSzOdD9ciNCddSEAE&cid=CAASF-RoApPYV4iZ4Wj2CFrDhVwlFmJZMSSr&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211001&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=468307373&rs=2&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633324706364&rpt=913

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame 0229 7 KB
3 KB 37ms
13ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=eifj49geg8vb&nw=20&renderingType=javascript&namespace=c299ef2b0c&subid=&uid=a820d723b6a5e4a4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8511050824442122076%26mt_id%3D9399492%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9NyZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0zNjQ4NzM4NjY2ODY1NzE5MDc0JmFkU2VydmVySWQ9MjQzJmltcGlkPTZCNzU5REIzLTgyRkYtNDRBNi05RDk1LTA2MzQxMkEwQjc1RCZwYXNzYmFjaz0w_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=4462620703245&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d8f19e0e00b13abdd64a3dac23b51ab26f8ff9d546689d9ae197b358787c5ed9

Request headers

Host: hal90008.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: 8lcfmzhxc8d6_uid=9115694e4603c27a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 04 Oct 2021 06:18:28 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2308
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK iframe Show response
sync.mathtag.com/sync/ Frame 3367 629 B
716 B 19ms
19ms Document
text/html 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x13 config:1.0.0 /
Resource Hash: 048675b5bae1d7dada511b7b02c60f3fb7a02e891a3931ab3afe3ab36033ca6f

Request headers

Host: sync.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f; mt_misc=mt_bt:1; mt_mop=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Type: text/html
Connection: close
Server: MT3 3984 0e3af3b master zrh-pixel-x13 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Mon, 04 Oct 2021 05:18:27 GMT
Content-Encoding: gzip

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame DB33 38 KB
14 KB 20ms
18ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:07:52 GMT
etag: "13006b6-974e-5c4c7cb53d8cb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13946
content-type: text/html; charset=UTF-8
cache-control: public, max-age=69070
expires: Tue, 05 Oct 2021 00:29:38 GMT
date: Mon, 04 Oct 2021 05:18:28 GMT
vary: Accept-Encoding

GET
H2 200 AdDisplayTrackerServlet Show response
aktrack.pubmatic.com/AdServer/ Frame E3BB 0
61 B 48ms
18ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158127&siteId=559548&adId=2069654&adType=10&adServerId=243&kefact=0.350000&kaxefact=0.350000&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1633324705&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.263501&dcId=3&tldId=61569253&passback=0&svr=BID22499U&adsver=_381772906&adsabzcid=0&cls=BID&ekefact=oY5aYRPeCADMfCHGDEdL5gDPKCDo0P0RqeLh8b87mBUcX6w4&ekaxefact=oY5aYR3eCABrsNp1NyIzU-giQprLwQYuwaw3Lw-f9qIupfBl&ekpbmtpfact=oY5aYSXeCAAbMOA88Nt1ZKDZgls4l_0fecAwaIzxwiaMI2eZ&enpp=oY5aYS7eCAA1ytXh9bXYxkTcWIQnYPLeNYLVqJJva1GlG9SV&pfi=1&domId=13101694512103093599&dc=AMS&pubBuyId=19961&crID=9399492&lpu=johnreed.fitness&ucrid=3648738666865719074&campaignId=16735&creativeId=0&pctr=0.000000&wDSPByrId=101936&wDspId=27&wbId=1&wrId=2836648&wAdvID=1057136&wDspCampId=985278&isRTB=1&rtbId=70DED625-7A33-4639-A541-DB3C02A64340&imprId=6B759DB3-82FF-44A6-9D95-063412A0B75D&oid=6B759DB3-82FF-44A6-9D95-063412A0B75D&cntryId=58&domain=securityaffairs.co&pageURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&sec=1&pAuSt=2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: aktrack.pubmatic.com
:scheme: https
:path: /AdServer/AdDisplayTrackerServlet?operId=1&pubId=158127&siteId=559548&adId=2069654&adType=10&adServerId=243&kefact=0.350000&kaxefact=0.350000&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1633324705&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.263501&dcId=3&tldId=61569253&passback=0&svr=BID22499U&adsver=_381772906&adsabzcid=0&cls=BID&ekefact=oY5aYRPeCADMfCHGDEdL5gDPKCDo0P0RqeLh8b87mBUcX6w4&ekaxefact=oY5aYR3eCABrsNp1NyIzU-giQprLwQYuwaw3Lw-f9qIupfBl&ekpbmtpfact=oY5aYSXeCAAbMOA88Nt1ZKDZgls4l_0fecAwaIzxwiaMI2eZ&enpp=oY5aYS7eCAA1ytXh9bXYxkTcWIQnYPLeNYLVqJJva1GlG9SV&pfi=1&domId=13101694512103093599&dc=AMS&pubBuyId=19961&crID=9399492&lpu=johnreed.fitness&ucrid=3648738666865719074&campaignId=16735&creativeId=0&pctr=0.000000&wDSPByrId=101936&wDspId=27&wbId=1&wrId=2836648&wAdvID=1057136&wDspCampId=985278&isRTB=1&rtbId=70DED625-7A33-4639-A541-DB3C02A64340&imprId=6B759DB3-82FF-44A6-9D95-063412A0B75D&oid=6B759DB3-82FF-44A6-9D95-063412A0B75D&cntryId=58&domain=securityaffairs.co&pageURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&sec=1&pAuSt=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

content-type: text/html
content-length: 0
date: Mon, 04 Oct 2021 05:18:28 GMT

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame AF28 43 B
518 B 15ms
15ms Image
image/gif 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x26 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame E118 4 KB
2 KB 35ms
12ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=52515000033097603168684011737008&a=b3898670
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=f7710d749f&subid=&uid=b95f68f341dea68e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Apub&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D440600292194193216%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D3%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_cid%3Dadfb615a-8ea1-4e00-8abc-ca40c5b9609f%26mt_3pck%3Dhttps%253A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%253FclickData%253DJnB1YklkPTE1ODEyNyZzaXRlSWQ9NTU5NTQ4JmFkSWQ9MjA2OTY1NCZrYWRzaXplaWQ9OSZ0bGRJZD02MTU2OTI1MyZjYW1wYWlnbklkPTE2NzM1JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xMTE5OTgzNzY1ODMyNzc0MjMzOSZhZFNlcnZlcklkPTI0MyZpbXBpZD0yMkE1N0VFRC0wN0I2LTRGQjItOTBFOS01RTdEQjRCOTNFOEUmcGFzc2JhY2s9MA%253D%253D_url%253D%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=1436369749422&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2b78e767cf284bd813db0cb440553cb62184725227b0d15690ca3b783541551e

Request headers

Host: hal90008.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: 8lcfmzhxc8d6_uid=9115694e4603c27a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 04 Oct 2021 06:18:28 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK iframe Show response
sync.mathtag.com/sync/ Frame 78F1 629 B
715 B 26ms
15ms Document
text/html 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x5 config:1.0.0 /
Resource Hash: 048675b5bae1d7dada511b7b02c60f3fb7a02e891a3931ab3afe3ab36033ca6f

Request headers

Host: sync.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f; mt_misc=mt_bt:1; mt_mop=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Type: text/html
Connection: close
Server: MT3 3984 0e3af3b master zrh-pixel-x5 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Mon, 04 Oct 2021 05:18:27 GMT
Content-Encoding: gzip

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame C10A 38 KB
14 KB 19ms
19ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:07:52 GMT
etag: "13006b6-974e-5c4c7cb53d8cb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13946
content-type: text/html; charset=UTF-8
cache-control: public, max-age=69070
expires: Tue, 05 Oct 2021 00:29:38 GMT
date: Mon, 04 Oct 2021 05:18:28 GMT
vary: Accept-Encoding

GET
H2 200 AdDisplayTrackerServlet Show response
aktrack.pubmatic.com/AdServer/ Frame 82FE 0
61 B 41ms
20ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158127&siteId=559548&adId=2069654&adType=10&adServerId=243&kefact=0.350000&kaxefact=0.350000&kadNetFrequecy=0&kadwidth=300&kadheight=250&kadsizeid=9&kltstamp=1633324705&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.267088&dcId=3&tldId=61569253&passback=0&svr=BID22418U&adsver=_381772906&adsabzcid=0&cls=BID&ekefact=oY5aYa0qCQBDvG9plHFRw6gmYOjDMP3ZXjX6PVXAuN9qrqw6&ekaxefact=oY5aYcYqCQAUS8jVeJbPwUQ4HeCv6GyHqGs8g3rKiQQaYtTg&ekpbmtpfact=oY5aYQMrCQB9UKp0J8-FA-WLGDZVf1HcWE-6HEM_p55LqYwQ&enpp=oY5aYSIrCQA8ZdEAyXDwUFJJwOIoJ4JDcMdZY3WCotJcMK6n&pfi=1&domId=13101694512103093599&dc=AMS&pubBuyId=19961&crID=9399491&lpu=johnreed.fitness&ucrid=11199837658327742339&campaignId=16735&creativeId=0&pctr=0.000000&wDSPByrId=101936&wDspId=27&wbId=1&wrId=2836648&wAdvID=1057136&wDspCampId=985278&isRTB=1&rtbId=E1C42D8E-1902-4748-9EF8-C3D806622026&imprId=22A57EED-07B6-4FB2-90E9-5E7DB4B93E8E&oid=22A57EED-07B6-4FB2-90E9-5E7DB4B93E8E&cntryId=58&domain=securityaffairs.co&pageURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&sec=1&pAuSt=2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: aktrack.pubmatic.com
:scheme: https
:path: /AdServer/AdDisplayTrackerServlet?operId=1&pubId=158127&siteId=559548&adId=2069654&adType=10&adServerId=243&kefact=0.350000&kaxefact=0.350000&kadNetFrequecy=0&kadwidth=300&kadheight=250&kadsizeid=9&kltstamp=1633324705&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.267088&dcId=3&tldId=61569253&passback=0&svr=BID22418U&adsver=_381772906&adsabzcid=0&cls=BID&ekefact=oY5aYa0qCQBDvG9plHFRw6gmYOjDMP3ZXjX6PVXAuN9qrqw6&ekaxefact=oY5aYcYqCQAUS8jVeJbPwUQ4HeCv6GyHqGs8g3rKiQQaYtTg&ekpbmtpfact=oY5aYQMrCQB9UKp0J8-FA-WLGDZVf1HcWE-6HEM_p55LqYwQ&enpp=oY5aYSIrCQA8ZdEAyXDwUFJJwOIoJ4JDcMdZY3WCotJcMK6n&pfi=1&domId=13101694512103093599&dc=AMS&pubBuyId=19961&crID=9399491&lpu=johnreed.fitness&ucrid=11199837658327742339&campaignId=16735&creativeId=0&pctr=0.000000&wDSPByrId=101936&wDspId=27&wbId=1&wrId=2836648&wAdvID=1057136&wDspCampId=985278&isRTB=1&rtbId=E1C42D8E-1902-4748-9EF8-C3D806622026&imprId=22A57EED-07B6-4FB2-90E9-5E7DB4B93E8E&oid=22A57EED-07B6-4FB2-90E9-5E7DB4B93E8E&cntryId=58&domain=securityaffairs.co&pageURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F122875%2Fmalware%2Fta544-ursnif-campaigns-italy.html&sec=1&pAuSt=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; chkChromeAb67Sec=1; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; SyncRTB3=1634169600%3A63%7C1635897600%3A203%7C1634601600%3A35%7C1634515200%3A81_88_165_56_176_7_54_231_22_234_222_13_161_8_55_230_220_71_99_189_21_166_3_204%7C1633910400%3A223_15_2; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

content-type: text/html
content-length: 0
date: Mon, 04 Oct 2021 05:18:28 GMT

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame 8A2C 43 B
518 B 40ms
15ms Image
image/gif 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame DB33 980 B
1 KB 20ms
19ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=87025091&p=158127&s=559548&a=0&ptask=DSP&np=0&fp=1&mpc=10&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: d8c74fee3fb8f3173612b3e08e7e81c8b8f228c27d4c63d9af2c944a9ee4ef72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:27 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 980
content-type: text/html; charset=UTF-8

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 0229 89 KB
90 KB 43ms
9ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 00:35:43 GMT
x-content-type-options: nosniff
age: 16965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91556
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Tue, 04 Oct 2022 00:35:43 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 0229 740 B
856 B 108ms
21ms Script
text/javascript 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=49615356;click=https%3A%2F%2Fhal90008.redintelligence.net%2Fc%2Fpbkwp7wsflgr1nh%3Ftprde%3D

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ab05c2c2fceba76c53f7598fb162eb2312c109764cad98e68abb1055c8a3c2e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 541
expires: -1

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame E118 740 B
855 B 108ms
22ms Script
text/javascript 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=49615355;click=https%3A%2F%2Fhal90008.redintelligence.net%2Fc%2Fp1turos0yji8gl4%3Ftprde%3D

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=52515000033097603168684011737008&a=b3898670

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

20060ebc25c6aa5d960675c21826a2db884e7b5903da04808fdcc8069e38f942

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 541
expires: -1

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame E118 0
150 B 42ms
12ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=52515000033097603168684011737008&a=69065bb7&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=52515000033097603168684011737008&a=b3898670
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=52515000033097603168684011737008&a=b3898670
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame 3367 43 B
518 B 18ms
17ms Image
image/gif 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame 78F1 43 B
517 B 15ms
15ms Image
image/gif 185.29.132.241
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master zrh-pixel-x9 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.mathtag.com/sync/iframe?mt_uuid=adfb615a-8ea1-4e00-8abc-ca40c5b9609f&no_iframe=1&mt_lim=2&type=1,2&source=bidder
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x9 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Mon, 04 Oct 2021 05:18:27 GMT

GET
H/1.1 200
OK usersync Show response
match.bnmla.com/ Frame 67D9 0
114 B 309ms
102ms Document
text/plain 38.27.122.126
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.126 Chestertown, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: match.bnmla.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 04 Oct 2021 05:18:28 GMT
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 30BE
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:gPDRsrbz1MxgmS5&gdpr=0&gdpr_consent=

42 B
367 B

19ms
19ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:gPDRsrbz1MxgmS5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:gPDRsrbz1MxgmS5&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; PugT=1633324706; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707; chkChromeAb67Sec=2; SyncRTB3=1634515200%3A165_231_220_189_57_81_22_234_161_71_204_5_222_21_3_104_88_56_55_99_176_54_230_233_7_13_8_166%7C1633910400%3A223_15_2%7C1634601600%3A35%7C1634169600%3A63%7C1635897600%3A203%7C1638489600%3A69
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:28 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_107=1471-uid:gPDRsrbz1MxgmS5; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:28 GMT; path=/ PugT=1633324708; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:28 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:28 GMT; path=/
x-lat: lhrpug003:0:451
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Cache-Control: no-cache, must-revalidate
Date: Mon, 04 Oct 2021 05:18:28 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:gPDRsrbz1MxgmS5&gdpr=0&gdpr_consent=
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma: no-cache
Server: PingMatch/8a430fa#rel-ec2-master i-0f1a9d8b7eed06fb2@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=gPDRsrbz1MxgmS5; Domain=.w55c.net; Expires=Fri, 04-Nov-2022 05:18:28 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Wed, 03-Nov-2021 05:18:28 GMT; Path=/; SameSite=None; Secure
Strict-Transport-Security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 84DF
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:8B7CD86430D54DCA94C333B4F5F8B338

1 B
68 B

19ms
18ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:8B7CD86430D54DCA94C333B4F5F8B338
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:8B7CD86430D54DCA94C333B4F5F8B338
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707; chkChromeAb67Sec=2; SyncRTB3=1634515200%3A165_231_220_189_57_81_22_234_161_71_204_5_222_21_3_104_88_56_55_99_176_54_230_233_7_13_8_166%7C1633910400%3A223_15_2%7C1634601600%3A35%7C1634169600%3A63%7C1635897600%3A203%7C1638489600%3A69; KRTBCOOKIE_107=1471-uid:gPDRsrbz1MxgmS5; PugT=1633324708
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:28 GMT
content-type: text/html; charset=utf-8
content-length: 1
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:28 GMT; path=/
x-lat: lhrpug006:0:400
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Mon, 04 Oct 2021 05:18:28 GMT
content-type: text/html
content-length: 142
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:8B7CD86430D54DCA94C333B4F5F8B338
expires: Sun, 03 Oct 2021 05:18:28 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9C26
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=BwpziBUFTvh5eDdgXBEoNbnoF7s

42 B
374 B

19ms
19ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=BwpziBUFTvh5eDdgXBEoNbnoF7s
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=BwpziBUFTvh5eDdgXBEoNbnoF7s
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=45F6F188-76D0-4A54-A484-5B43058467E9; DPSync3=1633392000%3A174%7C1634515200%3A201_197_219; KRTBCOOKIE_409=22966-rjaiPUFD7dLJKfpVBHkrXlr-; PUBMDCID=3; KRTBCOOKIE_80=22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw; KRTBCOOKIE_57=22776-7101365080612594597; KRTBCOOKIE_336=5844-2946499760491409008; KRTBCOOKIE_27=16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f; KRTBCOOKIE_377=6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861; KRTBCOOKIE_594=17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003; KRTBCOOKIE_188=3189-no-consent; KRTBCOOKIE_1101=23040-7015076196023859353; KRTBCOOKIE_391=22924-8434512423503908270&KRTB&23263-8434512423503908270; KRTBCOOKIE_22=14911-8098457199015951012; KRTBCOOKIE_466=16530-31ba348f-e282-4377-8dde-51ff007e8204; KRTBCOOKIE_153=19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU; SPugT=1633324707; chkChromeAb67Sec=2; SyncRTB3=1634515200%3A165_231_220_189_57_81_22_234_161_71_204_5_222_21_3_104_88_56_55_99_176_54_230_233_7_13_8_166%7C1633910400%3A223_15_2%7C1634601600%3A35%7C1634169600%3A63%7C1635897600%3A203%7C1638489600%3A69; KRTBCOOKIE_107=1471-uid:gPDRsrbz1MxgmS5; PugT=1633324708
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 04 Oct 2021 05:18:29 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_860=16335-BwpziBUFTvh5eDdgXBEoNbnoF7s; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:29 GMT; path=/ PugT=1633324709; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 05:18:29 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 02-Jan-2022 05:18:29 GMT; path=/
x-lat: lhrpug010:0:486
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Mon, 04 Oct 2021 05:18:29 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=BwpziBUFTvh5eDdgXBEoNbnoF7s
Set-Cookie: sa-user-id=s%3A0-070a7388-1505-4ef8-7978-37605c112835.%2Bd%2BUCrXruYQr7bHFEQFEuVB3hQjoq21zWQlA3tlr8eA; Max-Age=31536000; Secure; SameSite=None sa-user-id-v2=s%3A0-070a7388-1505-4ef8-7978-37605c112835%24ip%24185.232.23.187.meoZjsKae4ampFTkTJqltA9XSo8y%2FAx9rFVXakje0DM; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None
Content-Length: 159
Connection: keep-alive

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DB33
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=82665815-24d2-11ec-94f9-95e76888ac45&gdpr=0&gdpr_consent=

1 B
217 B

19ms
18ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=82665815-24d2-11ec-94f9-95e76888ac45&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug009:0:475
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=82665815-24d2-11ec-94f9-95e76888ac45&gdpr=0&gdpr_consent=
Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 82665816-24d2-11ec-94f9-95e76888ac45

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame 0229 0
150 B 46ms
14ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=13807400033097503168682011737008&a=8332a466&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 0229 33 KB
16 KB 111ms
33ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=49615356;click=https%3A%2F%2Fhal90008.redintelligence.net%2Fc%2Fpbkwp7wsflgr1nh%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:28 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 05 Oct 2021 08:56:57 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame E118 33 KB
16 KB 115ms
37ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=49615355;click=https%3A%2F%2Fhal90008.redintelligence.net%2Fc%2Fp1turos0yji8gl4%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:28 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 05 Oct 2021 08:56:57 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 0229 4 KB
2 KB 21ms
20ms Script
text/javascript 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=49615356;click=https%3A%2F%2Fhal90008.redintelligence.net%2Fc%2Fpbkwp7wsflgr1nh%3Ftprde%3D;js=1;adfxid=1x;3738;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fsecurityaffairs.co

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

09e63e517c47c5790d5db6731326af0dbdf9fcdcb90912880f91681d20be1aea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1985
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame E118 4 KB
2 KB 21ms
21ms Script
text/javascript 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=49615355;click=https%3A%2F%2Fhal90008.redintelligence.net%2Fc%2Fp1turos0yji8gl4%3Ftprde%3D;js=1;adfxid=2x;10975;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fsecurityaffairs.co

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fb85e3fbbbccd743a931c7bc95c50cf030240e3931325d14072f6136873b3e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:28 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2052
expires: -1

GET
DATA 200
OK truncated
/ Frame 0229 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame E118 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame E118 851 B
1 KB 59ms
11ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=52515000033097603168684011737008&a=b3898670
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:29 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 0229 90 KB
39 KB 26ms
26ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5d3fbe3c8d35db71a45f86f973e32aebf28c72dfdaa6a5ca75b1638048f6a85e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 05 Oct 2021 08:57:16 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame E118 90 KB
39 KB 26ms
26ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5d3fbe3c8d35db71a45f86f973e32aebf28c72dfdaa6a5ca75b1638048f6a85e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 05 Oct 2021 08:57:16 GMT

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 99ms
99ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:29 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 06 Oct 2021 05:18:29 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 0229 35 B
477 B 20ms
20ms Ping
image/gif 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=49615356&csi=pjtNX9KS6OPn3BVSIteU6ktSeIAgaTAVUTzpHHeQDcEJDwKV3Zer3N6gnxYssEM1VGNeUtANgETJHDdNniBokt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90008.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal90008.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10266106.js Show response
s1.adform.net/Banners/Elements/Files/169192/10266106/ Frame 415E 6 KB
2 KB 20ms
20ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/10266106.js?ADFassetID=10266106&bv=514

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0cdd1840f36db87a7cd50b3d1e806d4a7c7d4b49cb49dd9cc455fd1becb30c02

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: W/"6148a1dc-17cf"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

POST
H2 200 /
track.adform.net/csimpr/ Frame E118 35 B
477 B 20ms
20ms Ping
image/gif 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=49615355&csi=Y-uYmRvL7EHQKtkvVnd4tNBH935fcDoNUTzpHHeQDcEJDwKV3Zer3N6gnxYssEM1J9D9lLFmBxEbESzLYeM7T96vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90008.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal90008.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10266103.js Show response
s1.adform.net/Banners/Elements/Files/169192/10266103/ Frame 4F2C 6 KB
2 KB 20ms
19ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/10266103.js?ADFassetID=10266103&bv=514

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f11bdfabaec3862d1e1a679b6c9257c93502abc17d50e84918fc46cd7b3bebad

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: W/"6148a1d6-1734"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 415E 30 KB
13 KB 20ms
20ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:21 GMT
server: nginx
etag: W/"609e6e89-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 logo1_linie.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 1 KB
1 KB 21ms
20ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/logo1_linie.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

baa4d5e34e6e6a777dc4a6cd5eb9faf3563a0870157fe913fb760282f6fba0d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-435"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1077

GET
H2 200 logo1.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 4 KB
4 KB 21ms
21ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/logo1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

91eb7eb6478ba4d4d9d0e855e07a58606d77b0bbc0e71b12e55696b4847d8a6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-f8d"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3981

GET
H2 200 logo2.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 5 KB
5 KB 22ms
21ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/logo2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c522b742b16bf3efe11acde562f20343e5d30f5f761ea20a4e516efd86ac7834

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:39 GMT
server: nginx
etag: "6148a1db-13dc"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 5084

GET
H2 200 motiv1.jpg
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 11 KB
12 KB 22ms
20ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/motiv1.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4662c90dec7505354fe0b816632f399571eeca5d9150e9f66182ff5e295cd1ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:39 GMT
server: nginx
etag: "6148a1db-2cf6"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 11510

GET
H2 200 txt1.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 6 KB
6 KB 22ms
21ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/txt1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

527e3e131898782a6c08b3f65cbd7e3c25994bd0297bf8cc30e03b974b9e7d1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:39 GMT
server: nginx
etag: "6148a1db-160c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 5644

GET
H2 200 txt12.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 2 KB
2 KB 22ms
21ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/txt12.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

79c65b0465027f8ba33a27cc84397da1ca9aae6a2782c6e5445ad5ec5b09cfb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-856"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2134

GET
H2 200 txt2.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 5 KB
5 KB 23ms
21ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/txt2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b331819eebe42190694cc65de4796dd32ccfa7d0c754e505df359af3fc0518a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-13bb"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 5051

GET
H2 200 motiv2.jpg
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 8 KB
8 KB 23ms
22ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/motiv2.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3faa6f011a9809f43af1cc04b74bbb154f48f3819f7872ca52d94243081a9dfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-201a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 8218

GET
H2 200 unten.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 1 KB
2 KB 24ms
23ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/unten.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7649d2f4a0b20a657ff6b89a33b94ea8acc8c5daee72935e3eb5aa24284c6e51

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-51c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1308

GET
H2 200 txt4.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 2 KB
3 KB 24ms
23ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/txt4.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fed98a851574b242046faa9be575bfdf7a9982c1e43f887f723e2e1010dc741e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-8e6"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2278

GET
H2 200 motiv3.jpg
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 16 KB
16 KB 24ms
23ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/motiv3.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ae15605c72965f9478f2565fd1b0ca4af8e760ef332a12afbb8787dd2133202d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:39 GMT
server: nginx
etag: "6148a1db-3ff7"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 16375

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/ Frame 415E 4 KB
4 KB 25ms
24ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266106/bvpath_514/images/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

80e0d7afcd7ab86890b3f92902f7279fefafed9c2a883b3d16b3817d9a565098

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:40 GMT
server: nginx
etag: "6148a1dc-e82"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3714

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 4F2C 30 KB
13 KB 35ms
23ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:21 GMT
server: nginx
etag: W/"609e6e89-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 logo1_linie.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 128 B
424 B 35ms
23ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/logo1_linie.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e03cf26b650a6c1052cded32b05ea62a881ca97176f9768610d6851d580cb305

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:38 GMT
server: nginx
etag: "6148a1da-80"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 128

GET
H2 200 logo1.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 7 KB
7 KB 35ms
24ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/logo1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

764eeb60237503651e47fe9c91b2eb64f6c295e91be8f1ab43661b0d5bfb9153

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:38 GMT
server: nginx
etag: "6148a1da-1bf2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7154

GET
H2 200 logo2.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 3 KB
4 KB 35ms
24ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/logo2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

04d1a12d4f74027df393c50083fe441453361a2bb2c2446f89f439e641b11ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-da3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3491

GET
H2 200 motiv1.jpg
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 11 KB
12 KB 35ms
25ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/motiv1.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f679427e2eb7299c10a69bb7e4438018313f9a1f2276546d1db46294b70936c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-2d40"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 11584

GET
H2 200 txt1.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 5 KB
5 KB 36ms
25ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/txt1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

27b770039999c2b072b572c8d424bba92178fa6b15675da293118f47cf3e8862

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:38 GMT
server: nginx
etag: "6148a1da-1229"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4649

GET
H2 200 txt12.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 965 B
1 KB 36ms
26ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/txt12.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3702083fb2f5e20e0b04aca6996045660832d19135ad7d102e7178d7018da604

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-3c5"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 965

GET
H2 200 txt2.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 4 KB
4 KB 32ms
26ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/txt2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f5392240b17a6fd3e3b2a8cfdd5460bf031ddd3bf708a239b737649366ec3d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-efd"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3837

GET
H2 200 motiv2.jpg
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 33 KB
33 KB 32ms
27ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/motiv2.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

72e9dedad5ae1d6fc10bc3d710107804132b2f5848a034c7daf968d1dc53ac1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:38 GMT
server: nginx
etag: "6148a1da-825a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 33370

GET
H2 200 unten.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 388 B
684 B 33ms
29ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/unten.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

de179e4170de586abf6c3934f291f1a7aa904b38920fb8fde6c38cb33f128fce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-184"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 388

GET
H2 200 txt4.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 814 B
1 KB 34ms
29ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/txt4.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

049e856551a42d1fbd2474d86aa75381d97296faf40c139b116545551539ae14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-32e"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 814

GET
H2 200 motiv3.jpg
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 32 KB
33 KB 35ms
31ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/motiv3.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0c599132d05d8cca269a3f76478c23cc879cc7cd7aa2c24403c3674ea3e181ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-813c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 33084

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/ Frame 4F2C 3 KB
3 KB 36ms
32ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266103/bvpath_514/images/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

74d3670d23e0bfd7571d066cb1f2a803c955b1933ad3ef55e6cf984229616599

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-b07"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2823

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame 0229 0
150 B 36ms
12ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=13807400033097503168682011737008&a=8332a466&vb=v
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=13807400033097503168682011737008&a=07af9bbe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:29 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 /
track.adform.net/serving/unload/ Frame 0229 35 B
468 B 80ms
79ms Ping
image/gif 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=8434512423503908270@@49615356,2075814877715129122,100|1200|0|0|0|0|0|0|0||41|1|||||1|0|0|7WUJSg8jeu3xBx_RTJEBJ62iTrNgSBfCwio1N3MmmCWLtm671NbJ0Im3nyX34Xgm0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90008.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal90008.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame DB33 0
128 B 15ms
15ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:29 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame C10A 47 B
166 B 19ms
19ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=64881807&p=158127&s=559548&a=0&ptask=DSP&np=0&fp=1&mpc=10&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 47
content-type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Domain: dmp.brand-display.com
URL: https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

154 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ebayadservices.com/marketingtracking/v1	1970-01-19 23:51:40	Name: adguid Value: d5137af273c34a2682efdb8e1c3ff3a9
.media.net/	1970-01-20 02:08:28	Name: gdpr_status Value: 1
securityaffairs.co/	1970-01-20 06:27:40	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.co/	1970-01-20 06:27:40	Name: cookielawinfo-checkbox-non-necessary Value: yes
.securityaffairs.co/	1970-01-20 15:13:16	Name: _ga Value: GA1.2.1226984708.1633324705
.securityaffairs.co/	1970-01-19 21:43:31	Name: _gid Value: GA1.2.921298451.1633324705
.securityaffairs.co/	1970-01-19 21:42:04	Name: _gat_gtag_UA_59069958_1 Value: 1
.securityaffairs.co/	1970-01-19 21:42:04	Name: _gat Value: 1
securityaffairs.co/	1970-01-19 21:42:06	Name: session_depth Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D1
securityaffairs.co/	1970-01-19 22:25:16	Name: _pbjs_userid_consent_data Value: 3524755945110770
securityaffairs.co/	1970-01-19 21:42:08	Name: _lr_retry_request Value: true
securityaffairs.co/	1970-01-19 22:25:16	Name: _lr_env_src_ats Value: false
.adnxs.com/	1970-01-19 23:51:40	Name: uuid2 Value: 7101365080612594597
.adsrvr.org/	1970-01-20 06:27:40	Name: TDID Value: 61af09cb-dd21-4f9d-9184-bbdba37c3861
.adnxs.com/	1970-01-19 23:51:40	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>8k=R@y!]tbP6j2F-XstGt!@DW($f/2k
securityaffairs.co/	1970-01-19 23:08:28	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%2261af09cb-dd21-4f9d-9184-bbdba37c3861%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-10-04T05%3A18%3A25%22%7D
.openx.net/	1970-01-20 06:27:40	Name: i Value: 95b8cd5c-79ed-4111-a837-49907834dac7\|1633324705
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|AIfsdBUO++vuGxiryvY4NyLqsLINffPD0ndRTZPwOWBzr4eVPwTuL9+eZLvlgeCkRh3C4GjGYWrGRQSWDHOtFAT+ngdUyQJYykllPZjhEHJw9y7GDs9f
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5A Value: s56129\|YVqOp
securityaffairs.co/	1970-01-20 07:03:40	Name: cto_bidid Value: S6ubD19rcFRISHJZYThhdzlQd2hoUDNXdXBPNCUyRktVREVSMW9qZEJpR2xQY0NxSU1TMnJqclRkVDFQYkozMGZveE41NzlVSVFjQkJUNloxRTF0UHp5UHZrSGJBJTNEJTNE
securityaffairs.co/	1970-01-20 07:03:40	Name: cto_bundle Value: kZ85tV9sRGFOZ2doMmxqRVIyQjVDbFljZWdDJTJCOGtOJTJCMllYd2d2dVIlMkZuQ2dJT1hNeElDUnpWYjM2QXgxJTJGS1VtUzFkckE0ODlRdyUyRjRKSXZXeUpEMGUlMkJYQWNqdklqUVVuZThBdUdESGVTaHU4RndBQ0hhaXd3bE9GclpzQW42Qkl5MzZXYg
.adnxs.com/	1970-01-19 23:51:40	Name: icu Value: ChgI3sJXEAoYASABKAEwoZ3qigY4AUABSAEQoZ3qigYYAA..
.rubiconproject.com/	1970-01-20 06:27:40	Name: khaos Value: KUC7CWLQ-8-5CFW
.rubiconproject.com/	1970-01-20 06:27:40	Name: audit Value: 1\|hLZGFuTafB0ctMvC8Udn4wlE2IyiwyordnwCfVF8zn4qxomP/o7qYhPx+QOC0BlCzYmEmZ/QEGXIxIvkAgQ2rTOZUHL6E73cMj20TaXysiPQD5U7tEfUTQ==
ads.us.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-22 11:01:16	Name: E Value: AGqYWGPljfJO7od9
eus.rubiconproject.com/	1970-01-19 23:51:40	Name: pux Value: 1512%3D103061%262249%3D103061%262307%3D103061%262974%3D103061%263778%3D103061%26goog%3D103061%262249-DV360-Hosted%3D103061%26brx%3D103061%26
.yahoo.com/	1970-01-20 06:28:02	Name: A3 Value: d=AQABBKKOWmECELIKfbxPTbVXiIU9XlYqDNcFEgEBAQHgW2FkYQAAAAAA_eMAAA&S=AQAAAmWJeyYAtPa6yZSYf8-_yk8
.casalemedia.com/	1970-01-20 06:27:40	Name: CMID Value: YVqOomglqcq9MacdpjW8DAAA
.casalemedia.com/	1970-01-19 23:51:40	Name: CMPS Value: 5209
.zeotap.com/	1970-01-20 06:27:40	Name: zc Value: 9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d
.casalemedia.com/	1970-01-19 23:51:40	Name: CMPRO Value: 1215
.pubmatic.com/	1970-01-19 23:51:40	Name: KADUSERCOOKIE Value: 45F6F188-76D0-4A54-A484-5B43058467E9
.pubmatic.com/	1970-01-19 23:51:40	Name: DPSync3 Value: 1633392000%3A174%7C1634515200%3A201_197_219
.richaudience.com/	1970-01-19 23:51:40	Name: avcid-zeo-uid Value: 9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d
.agkn.com/	1970-01-20 06:27:40	Name: ab Value: 0001%3AZCG7%2BSrAO05dbJKGhqoTe0cRqByhYypo
.tapad.com/	1970-01-19 23:08:28	Name: TapAd_TS Value: 1633324706097
.tapad.com/	1970-01-19 23:08:28	Name: TapAd_DID Value: 95aeeaf2-5205-42ae-b575-4a7bd4e38e02
.taboola.com/	1970-01-20 06:27:40	Name: t_gid Value: 1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422
.weborama.fr/	1970-01-20 07:13:45	Name: AFFICHE_W Value: 5l9iLm98oXHm46
.tapad.com/	1970-01-19 23:08:28	Name: TapAd_3WAY_SYNCS Value:
.doubleclick.net/	1970-01-20 07:03:40	Name: IDE Value: AHWqTUky6wmsUS8yhBPd4GBD4HO9Jb94KY75ddE03TDl0SGcb1OotS2Ln0yJCPUllAo
.mathtag.com/	1970-01-20 07:07:59	Name: uuid Value: adfb615a-8ea1-4e00-8abc-ca40c5b9609f
.bidswitch.net/	1970-01-20 06:27:40	Name: tuuid Value: 31ba348f-e282-4377-8dde-51ff007e8204
.bidswitch.net/	1970-01-20 06:27:40	Name: c Value: 1633324706
.bidswitch.net/	1970-01-20 06:27:40	Name: tuuid_lu Value: 1633324706
.erne.co/	1970-01-20 06:27:40	Name: u Value: rjaiPUFD7dLJKfpVBHkrXlr-
.onaudience.com/	1970-01-20 06:27:40	Name: cookie Value: fe3fa19725ad8b7a
.onaudience.com/	1970-01-19 21:43:31	Name: done_redirects104 Value: 1
.adform.net/	1970-01-19 22:26:43	Name: C Value: 1
.de17a.com/	1970-01-20 06:20:28	Name: guid2 Value: 1.2946499760491409008
.simpli.fi/	1970-01-20 06:29:07	Name: suid Value: 8B7CD86430D54DCA94C333B4F5F8B338
.demdex.net/	1970-01-20 02:01:16	Name: demdex Value: 43376781923549376120860843583883158010
.adform.net/	1970-01-19 23:08:32	Name: uid Value: 8434512423503908270
.admanmedia.com/	1970-01-20 06:27:40	Name: admtr Value: 5bb3c833b178c58539bd8e86c821d09d4ee71010
.theadex.com/	1970-01-19 23:51:40	Name: axd Value: 4273518020416601194
.theadex.com/	1970-01-19 23:51:40	Name: tis Value: EP175%3A2948
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_409 Value: 22966-rjaiPUFD7dLJKfpVBHkrXlr-
.pubmatic.com/	1970-01-19 23:51:40	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_80 Value: 22987-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&16514-CAESEEj2fSSFWrUTYm-RZawbQLw&KRTB&23025-CAESEEj2fSSFWrUTYm-RZawbQLw
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_57 Value: 22776-7101365080612594597
.tidaltv.com/	1970-01-20 06:27:40	Name: tidal_ttid Value: d2f53369-ea37-4e66-87b0-9f0a242fbc97
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_336 Value: 5844-2946499760491409008
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_27 Value: 16735-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&16736-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23019-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f&KRTB&23114-uid:adfb615a-8ea1-4e00-8abc-ca40c5b9609f
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_377 Value: 6810-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&22918-61af09cb-dd21-4f9d-9184-bbdba37c3861&KRTB&23031-61af09cb-dd21-4f9d-9184-bbdba37c3861
.bidr.io/	1970-01-20 07:10:38	Name: bito Value: AAQuDU7CtR0AADIf2wQhiA
.bidr.io/	1970-01-20 07:10:38	Name: bitoIsSecure Value: ok
.adsby.bidtheatre.com/	1970-01-19 21:52:09	Name: __kuid Value: a4778579-b97f-4882-827a-599cff13ad07.402538706
ads.playground.xyz/	1970-01-19 21:52:06	Name: connect.sid Value: s%3AmPZDxJq-xemyyqk-pR58iYCz_Mnrx-zk.j%2B5uma65m1wR052R2lejRFUP59YR6slMWRy2qpzWams
.targeting.unrulymedia.com/	1970-01-20 06:27:40	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003%22%7D
.turn.com/	1970-01-20 02:01:16	Name: uid Value: 8098457199015951012
.retargetly.com/	1970-01-20 02:01:16	Name: _rlid Value: 261ac543-2adb-46bf-9c41-9941b3f94d90
.dpm.demdex.net/	1970-01-20 02:01:16	Name: dpm Value: 43376781923549376120860843583883158010
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_594 Value: 17105-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003&KRTB&17107-RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_188 Value: 3189-no-consent
.tidaltv.com/	1970-01-20 06:27:40	Name: sync-his Value: "H4sIAAAAAAAAADM0srA0tTK0MAIAgGTkrAkAAAA="
.krxd.net/	1970-01-20 02:01:16	Name: _kuid_ Value: OZm9ajX9
.everesttech.net/	1970-01-20 06:27:40	Name: everest_g_v2 Value: g_surferid~YVqOogAAAdGMFQAT
.adfarm1.adition.com/	1970-01-19 23:51:40	Name: UserID1 Value: 7015076196023859353
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_1101 Value: 23040-7015076196023859353
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_391 Value: 22924-8434512423503908270&KRTB&23263-8434512423503908270
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_22 Value: 14911-8098457199015951012
.crwdcntrl.net/	1970-01-20 04:10:52	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 04:10:52	Name: _cc_id Value: b949f7e4d7350faae4343e1e4eda5704
.crwdcntrl.net/	1970-01-20 04:10:52	Name: _cc_cc Value: "ACZ4XmNQSLI0sUwzTzVJMTc2NUhLTEw1MTYxTjVMNUlNSTQ1NzBhAILEqL5FIBoKAF%2BlCwE%3D"
.crwdcntrl.net/	1970-01-20 04:10:52	Name: _cc_aud Value: "ABR4XmNgYGBIjOpbBKSgAAAXkAHs"
.scoota.co/	1970-01-20 15:13:16	Name: tuuid Value: 43085f65-9c54-44c0-b968-2e70d833898f
.scoota.co/	1970-01-20 15:13:16	Name: c Value: 1633324706
.scoota.co/	1970-01-20 15:13:16	Name: tuuid_lu Value: 1633324706
.onaudience.com/	1970-01-19 21:43:31	Name: done_redirects147 Value: 1
.fwmrm.net/	1970-01-20 02:01:16	Name: _uid Value: "e9398_7015076196019271134"
.securityaffairs.co/	1970-01-20 07:03:40	Name: __gads Value: ID=fa515e9c5b17085e-2282a796e5ca0052:T=1633324706:RT=1633324706:S=ALNI_MbcuGZ8OGmUGJEKskE6MIMHqoh68w
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_466 Value: 16530-31ba348f-e282-4377-8dde-51ff007e8204
.onaudience.com/	1970-01-19 21:43:31	Name: done_redirects219 Value: 1
.adsrvr.org/	1970-01-20 06:27:40	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwiK-ILSjcCDOhAFGAEgASgCMgsI6tvmgqTAgzoQBTgBWgc4M2k5OHk0YAI.
.mathtag.com/	1970-01-19 22:25:16	Name: mt_misc Value: mt_bt:1
.zeotap.com/	1970-01-19 21:43:31	Name: zsc Value: %1F%F9%F80%A8%A0Y%AC%BA%92h%FF%11%EAXj%AC%97+%85%12%7B%FD%7FA%86%9D%12%08%1E%B8%EF%E08%96%AF%A4%1C%5C%B2%88%25%81%09%DB%95%CB%0F%1F%8B%CA.%E2%8B%8A%97%B1%02%FC%23_%BB%82%E0%F1b%D5%0Ac%07%AC%A9%82X%BC%FAI%15e%12%BE%D44%2B%03%7D%9B%CE%2B%C6%266%0B%29%13%F5%84%CD%B8%C7%A8H%86%FD%1F%06%873%F0%11%9F%A4%EA%F3T%0AGF0%9C%95t%D4%A7%8A%7D%90%A0%0F%FE%EBY30%10%ABh%24%88%25P%3E%25Vyy%E9P%1A%2F%21v3%7D%A0%DA%88%21%3B%8E%09%D7%86%F8%BF%B4%A2%BE
.quantumdex.io/	1970-01-19 22:10:52	Name: uid Value: b72d222b-8bd9-4151-95f1-5330b07b5ed7
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 4c0405ec3a37596e
.id5-sync.com/	1970-01-19 21:42:05	Name: cf Value:
.id5-sync.com/	1970-01-19 21:42:05	Name: cip Value:
.id5-sync.com/	1970-01-19 21:42:05	Name: cnac Value:
.id5-sync.com/	1970-01-19 21:42:05	Name: car Value:
.id5-sync.com/	1970-01-19 21:42:05	Name: gdpr Value:
.t.tailtarget.com/	1970-01-20 06:27:40	Name: u Value: fwAAAWFajqKOkgazQ7sUAgB=
.t.tailtarget.com/	1970-01-19 21:44:57	Name: _ssc Value: y
.smartadserver.com/	1970-01-20 07:12:19	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 07:12:19	Name: pbw Value: %24b%3d16930%3b%24o%3d11100
.mathtag.com/	1970-01-19 22:25:16	Name: mt_mop Value:
.id5-sync.com/	1970-01-19 23:51:40	Name: id5 Value: 253ab2d0-cd43-48e7-8229-7e54168440c0#1633324700481#2
.id5-sync.com/	1970-01-19 23:51:40	Name: 3pi Value:
.id5-sync.com/	1970-01-19 21:42:05	Name: callback Value:
.sharethrough.com/	1970-01-20 06:27:40	Name: stx_user_id Value: 5a87adb4-72b5-4191-8de1-10d1bcdcbc71
.smartadserver.com/	1970-01-20 07:12:19	Name: pid Value: 6385152086188523229
.smartadserver.com/	1970-01-20 07:12:19	Name: pdomid Value: 22
prebidserver.pixfuture.com/	1970-01-19 23:51:40	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQUdxWVdHUGxqZkpPN29kOSIsImV4cGlyZXMiOiIyMDIxLTEwLTE4VDA1OjE4OjI2LjY3NDY0MDAxNloifX0sImJkYXkiOiIyMDIxLTEwLTA0VDA1OjE4OjI2LjY3NDYwNzg1OFoifQ==
.w55c.net/	1970-01-20 07:12:19	Name: wfivefivec Value: gPDRsrbz1MxgmS5
.w55c.net/	1970-01-19 22:25:16	Name: matchcasale Value: 5
.sportradarserving.com/	1970-01-20 06:27:40	Name: zuuid Value: 6898545c-24c1-4abe-baea-debb19a058d5
.sportradarserving.com/	1970-01-20 06:27:40	Name: c Value: 1633324706
.sportradarserving.com/	1970-01-20 06:27:40	Name: zuuid_lu Value: 1633324706
.groovinads.com/	1970-01-20 04:54:04	Name: GRV_IDU Value: 1633324711508889
.groovinads.com/	1970-01-19 21:56:28	Name: GRV_RT Value: 261ac543-2adb-46bf-9c41-9941b3f94d90
.sportradarserving.com/	1970-01-20 06:27:40	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 06:27:40	Name: zuuid_k_lu Value: 1633324706
.1rx.io/	1970-01-20 06:27:40	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-efc3ff48-edad-484b-b7b5-b038c1c16661-003%22%7D
.t.tailtarget.com/	1970-01-19 22:25:16	Name: ttbprf Value: _frankfurt am main_hesse_de_1633324706845_3118995387
.t.tailtarget.com/	1970-01-19 21:42:06	Name: ttc Value: 1
.t.tailtarget.com/	1970-01-19 22:25:16	Name: ttnprf Value:
.analytics.yahoo.com/	1970-01-20 06:29:07	Name: IDSYNC Value: "192m~20rh:18z8~20rh:192w~20rh:18yx~20rh"
.tt-10759-0.seg.t.tailtarget.com/	1970-01-19 21:42:08	Name: ttca Value: _1633324706
.openx.net/	1970-01-19 22:03:40	Name: pd Value: v2\|1633324707\|gekin0vNiygu
rt.idx.lat/	1970-01-20 06:29:07	Name: _idx3p Value: {"ridx":"7c0dca6c632b74a60588265e85ebba9ec3f797f7de8d69860415e920421127ce"}
.quantserve.com/	1970-01-20 07:12:19	Name: mc Value: 615a8ea3-32d9b-e2248-61d35
.quantserve.com/	1970-01-19 23:51:40	Name: d Value: EE8BDwGzJIEPisMA
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_153 Value: 19420-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU&KRTB&22979-dguMxHhf2JZtCYvBeViUwHIIjZ1tDIjBcw_bxYxU
.casalemedia.com/	1970-01-19 21:43:31	Name: CMST Value: YVqOomFajqMA
.casalemedia.com/	1970-01-20 06:27:40	Name: CMRUM3 Value: e6615a8ea22760&2e615a8ea205a0&ce615a8ea205a0&49615a8ea205a0&58615a8ea205a0&41615a8ea205a0&2f615a8ea22760gPDRsrbz1MxgmS5&f1615a8ea205a0&bf615a8ea205a0&03615a8ea22760adfb615a-8ea1-4e00-8abc-ca40c5b9609f&27615a8ea20b40&b0615a8ea205a00&51615a8ea32760VlKqq1gG_vlNUK2uV1qyqwJRp6tNWq2sUFKFPHW9&40615a8ea22760no-consent&2d615a8ea22760CAESEMmWm5KYbMeF7H36PP3Rqrs
.t.tailtarget.com/	1970-01-19 22:25:16	Name: n Value: 1633324707
.tribalfusion.com/	1970-01-19 23:51:40	Name: ANON_ID Value: aanvfMx2eNkSE0U7b9foy0N4vvvvNse6D33FuKjEgKEVjZdXBvNXq4Q6AyXmLRpoIYD8mvPDHxo3Oee1nAqAV3Xnw4oZdT1I6U06qbnLYSvu0iFhUaEIsZc
.retargetly.com/	1970-01-20 02:01:16	Name: _rlmp1 Value: 2\|7101365080612594597\|1633324706&&9\|$_BK_UUID\|1633324706&&10\|adfb615a-8ea1-4e00-8abc-ca40c5b9609f\|1633324706&&11\|\|1633324706&&13\|61af09cb-dd21-4f9d-9184-bbdba37c3861\|1633324706&&14\|45F6F188-76D0-4A54-A484-5B43058467E9\|1633324706&&15\|\|1633324706&&22\|\|1633324706&&23\|\|1633324706&&24\|\|1633324706&&27\|\|1633324706&&39\|1c252a14-566d-4df8-99fb-a175bb2b87be-tuct8541422\|1633324706&&51\|261ac543-2adb-46bf-9c41-9941b3f94d90\|1633324706&&63\|\|1633324706
.redintelligence.net/	1970-01-19 23:51:40	Name: 8lcfmzhxc8d6_uid Value: 9115694e4603c27a
.pubmatic.com/	1970-01-19 23:51:40	Name: chkChromeAb67Sec Value: 2
.pubmatic.com/	1970-01-19 23:51:40	Name: SyncRTB3 Value: 1634515200%3A165_231_220_189_57_81_22_234_161_71_204_5_222_21_3_104_88_56_55_99_176_54_230_233_7_13_8_166%7C1633910400%3A223_15_2%7C1634601600%3A35%7C1634169600%3A63%7C1635897600%3A203%7C1638489600%3A69
.w55c.net/	1970-01-19 22:25:16	Name: matchpubmatic Value: 5
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_107 Value: 1471-uid:gPDRsrbz1MxgmS5
.adform.net/	1970-01-19 21:52:09	Name: TPC Value: 1633324708964
sync.srv.stackadapt.com/	1970-01-20 06:27:40	Name: sa-user-id Value: s%3A0-070a7388-1505-4ef8-7978-37605c112835.%2Bd%2BUCrXruYQr7bHFEQFEuVB3hQjoq21zWQlA3tlr8eA
.srv.stackadapt.com/	1970-01-20 06:27:40	Name: sa-user-id-v2 Value: s%3A0-070a7388-1505-4ef8-7978-37605c112835%24ip%24185.232.23.187.meoZjsKae4ampFTkTJqltA9XSo8y%2FAx9rFVXakje0DM
.ipredictive.com/	1970-01-20 06:27:40	Name: cu Value: 82665815-24d2-11ec-94f9-95e76888ac45\|1633324709112
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_860 Value: 16335-BwpziBUFTvh5eDdgXBEoNbnoF7s
.pubmatic.com/	1970-01-19 22:25:16	Name: PugT Value: 1633324709
.pubmatic.com/	1970-01-19 22:25:16	Name: KRTBCOOKIE_279 Value: 22890-82665815-24d2-11ec-94f9-95e76888ac45&KRTB&23011-82665815-24d2-11ec-94f9-95e76888ac45
.pubmatic.com/	1970-01-19 22:25:16	Name: SPugT Value: 1633324709

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html(Line 511) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html(Line 512) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html(Line 513) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html(Line 514) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://aa.agkn.com/adscores/r.js?sid=9112309848 Message: Failed to load resource: the server responded with a status of 400 ()
javascript	error	URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9860dca4-d3f0-4fb7-4dbf-6780b7e36e3d&reqId=b67e3d70-5b0d-4f4d-4af7-d3f27be6185e&zdid=1361 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.sportradarserving.com
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
ads01.groovinads.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
aktrack.pubmatic.com
ap.lijit.com
apex.go.sonobi.com
api.retargetly.com
api.rlcdn.com
app.retargetly.com
b.t.tailtarget.com
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c.eu1.dyntrk.com
c1.adform.net
c2shb.ssp.yahoo.com
casale-match.dotomi.com
cdn.contentspread.net
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
connect.facebook.net
contextual.media.net
cs.admanmedia.com
csync.loopme.me
d.tailtarget.com
d5p.de17a.com
dis.criteo.com
dmp.adform.net
dmp.brand-display.com
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
graph.facebook.com
green.erne.co
gum.criteo.com
hal9000.redintelligence.net
hal90008.redintelligence.net
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
navvy.media.net
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebidserver.pixfuture.com
pubmatic-match.dotomi.com
r.scoota.co
resources-rt.idx.lat
rt.idx.lat
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.openx.net
s.amazon-adsystem.com
s.e-planning.net
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
secureir.ebaystatic.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.e-planning.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.quantumdex.io
sync.richaudience.com
sync.smartadserver.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync.tidaltv.com
t.tailtarget.com
tags.bluekai.com
tags.crwdcntrl.net
tags.mathtag.com
tags.t.tailtarget.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
trc.taboola.com
tt-10759-0.seg.t.tailtarget.com
u-ams02.e-planning.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
ws.sharethis.com
www.ebayadservices.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
api.rlcdn.com
dmp.brand-display.com
fonts.googleapis.com
pagead2.googlesyndication.com
104.109.78.125
104.111.215.191
104.111.242.245
104.22.34.177
104.84.57.51
13.32.99.22
135.125.160.160
138.201.63.149
138.201.63.150
142.250.181.226
142.250.185.226
151.1.205.165
151.101.129.108
151.101.129.44
151.101.66.49
157.245.94.128
159.65.196.12
162.55.6.212
168.119.146.39
169.197.150.7
169.50.137.190
178.162.133.149
178.162.133.150
178.250.2.146
178.250.2.151
18.156.157.131
18.169.90.17
18.194.125.59
18.197.46.208
18.198.109.212
18.66.97.9
185.29.132.241
185.29.132.242
185.33.221.14
185.33.223.178
185.64.189.110
185.64.189.112
185.64.189.114
185.64.190.78
185.64.190.80
185.64.190.81
185.86.138.142
192.0.76.3
192.0.77.2
198.148.27.139
2.18.233.180
2.18.233.201
2.18.234.21
2.18.235.93
2.19.35.65
2001:678:cb4:bbbb::11
2001:8d8:100f:f000::289
208.100.17.175
209.140.129.82
212.129.3.113
212.82.100.182
213.155.156.180
213.19.147.44
2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4
2600:9000:223c:be00:c:abe:f440:93a1
2600:9000:225e:2600:3:c04e:c780:93a1
2602:803:c004:200::143
2606:4700:10::6816:118d
2606:4700:10::6816:1857
2606:4700:10::ac43:1cda
2606:4700:10::ac43:2ac6
2606:4700:20::681a:ad1
2606:4700:20::681a:b9c
2606:4700::6812:bcf
2606:4700::6812:c05
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1288:110:c305::8000
2a00:1288:80:800::7000
2a00:1450:4001:802::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:813::2006
2a00:1450:4001:827::2002
2a00:1450:4001:829::2004
2a00:1450:4001:829::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a02:2638:1::13
2a02:fa8:8806:12::1370
2a03:2880:f01c:20e:face:b00c:0:2
2a03:2880:f01c:216:face:b00c:0:3
2a04:4e42:200::300
2a04:fa87:fffe::c000:4902
2a05:d018:24:b001:6cd5:9d52:6dd6:6c58
3.126.175.244
3.126.56.137
3.213.248.174
34.102.149.62
34.102.185.99
34.149.20.76
34.98.107.212
34.98.67.61
35.157.168.25
35.157.246.167
35.201.123.184
35.201.81.244
35.227.248.159
35.227.252.103
35.244.159.8
37.157.3.30
37.157.4.23
37.157.4.40
37.157.6.236
38.27.122.126
5.178.65.246
5.178.65.252
51.210.112.236
51.89.9.254
52.17.35.107
52.209.129.133
52.46.130.91
52.48.175.241
52.49.107.116
52.49.238.187
52.95.126.160
54.159.94.231
54.194.226.253
54.209.16.83
54.229.245.122
54.36.109.46
54.78.254.47
54.81.39.163
54.90.48.240
63.251.14.14
63.251.232.170
63.34.189.248
66.155.71.149
66.155.71.150
68.183.31.14
69.173.144.139
69.173.144.165
76.223.111.131
85.114.159.118
87.98.128.108
88.214.206.247
88.99.70.21
89.163.159.109
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
01db2a041002b9966fb510e92121ae32cd82a292273e111526ec30aacc9b158a
048675b5bae1d7dada511b7b02c60f3fb7a02e891a3931ab3afe3ab36033ca6f
049e856551a42d1fbd2474d86aa75381d97296faf40c139b116545551539ae14
04d082f9878466f1bc9482a4d668c9f74f8c83d192eb0173116e66704c085946
04d1a12d4f74027df393c50083fe441453361a2bb2c2446f89f439e641b11ffe
0503a4c7c694a6185935b181a6cb19bdc36889f0a312b5bb51819e3494f51b87
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
08b9e6b8e9aa6fff0bb7a49e808dbdcee0fad27f535ccb6b0f426ca71f4dc221
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651
09e63e517c47c5790d5db6731326af0dbdf9fcdcb90912880f91681d20be1aea
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0c599132d05d8cca269a3f76478c23cc879cc7cd7aa2c24403c3674ea3e181ee
0cdd1840f36db87a7cd50b3d1e806d4a7c7d4b49cb49dd9cc455fd1becb30c02
0dbd6403c5a3cd65b34063741db8d791fd9eb988159a990c75169b2c7f36f4ff
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f6bbb7e286f1f3ad2aadaa4794d4f1ce8d2a1a262f1a9b8851533edbd41ae79
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1022c493b64eeba14864943cd46e28c99a150fb23cba0010d5f11fde92ef2b95
1267fc6c8805b7f508e04bc8da776509420413adb25e197f12c9f9405c74ac6d
1326c88d831faec75944c75ab8fb61c5e5c18ade4c6a3fa2de16baafdc64ec97
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1af78a755de343aa7a79d32b2de537efb743110b830775509ff2426ec22fde97
1b11f2c81cddaa0d12147ff5fbecdec023a921b64088411da37f81915b8b4b40
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1e9a9ba24042f2effe58a5d585f70a7bc4b917e60ddcb9a780ad03817a78381f
20060ebc25c6aa5d960675c21826a2db884e7b5903da04808fdcc8069e38f942
201cce4a2f86cbab05172b1bb2c7c3594773d926104e745c7bd03ed43e666745
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
21fb6669831f4b29de40526b1fd433592bb04de5bb2553a2ba6377c428515dd0
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
270be58b040d0b59d87a4deea0ca09e1b49916b84858005cd3e3e1f2d302ba32
27b770039999c2b072b572c8d424bba92178fa6b15675da293118f47cf3e8862
28557d00a82cd139b8e346448c20a6e0fc477113a22e9f81f3a0e5f4cd3b4bf1
2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6
2afdb318f6136bd11db38bfb6c17b62b397de340f660c090f5d165a517c5bb82
2b78e767cf284bd813db0cb440553cb62184725227b0d15690ca3b783541551e
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
332faa7b54a06c6a10c3247e5038c9d28b526c433eaee3e971f5af1b0c6ccd0c
3341d250a4897f99c4d130e59a6e91a3eec31c6bb1e404e965b417bb19251c21
341fa05752a25195efd1210ffb0fb2b85c6d053898f5fcb27554e9e8b4214e8c
34c65b37a9af0658e776fc7a70a2a9413d104389ead21b4862e92f29b4c11969
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3702083fb2f5e20e0b04aca6996045660832d19135ad7d102e7178d7018da604
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3a88a3954683c0882744f7ab6f5942541102329a40e89ae8f350d52b7d25180d
3bb4febc533f6089d5dcf591746ac95a803d56895b17601256ce5ff3d7094f1a
3c14962e90d8f2af3e337786fd6d4ea6b1681d7c14e55cf85f14686fe3c3f036
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e08fe4af64033bcd0a528f726a205c87c3c7995bc25e5204468f76dd5cc0347
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3faa6f011a9809f43af1cc04b74bbb154f48f3819f7872ca52d94243081a9dfa
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
4662c90dec7505354fe0b816632f399571eeca5d9150e9f66182ff5e295cd1ca
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4c22ce63c1d32630eecac6a1662273f02e3447d9c6d4a7b8f1e7914d60735910
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4c76d4e8981d7f5c3cc0a34a16e4ecac8bf0103b815753e9856ca9c274f0e526
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4d6ffefe7775699e279d2bfb1e5f58554ff578afb44f156887e7e885cd25591a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e26b2bf49c3c05e12708aceeb4729cc737c841b853b97a22e46a14e51a0e1bd
4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
527e3e131898782a6c08b3f65cbd7e3c25994bd0297bf8cc30e03b974b9e7d1e
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54930f8d5930ea73a5643b6e7cd4f3e5142609ed371fd9d1969ad38dba591ab4
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55728c56d7f3a28396cc2c32b96e3e266e5ddc21697ed3dc6aa4b4f734b2148d
55d44ea6bf6d34d33f6f829b63b43e6689bce015ab6ce7eab7538c7a889c49c7
56ee4779896a3cda87081643cd201b98e3902207b4593d5f2f7e31e83c927c98
5921d6b67ac6410ec8d7f6e5e62dea2337aa88ac17cfdfb6c16690dc93b39b28
5b39d119e2737c930750bf45e40b764356f7752456f087dda02da295db4dbdcb
5b673007be173eee0f493d1cf85fc6d6bec9415abc1ebfddadd9dac27b601edb
5ba942318965279bb4daa57e9eda9de03194c052701098a59d42329f177534ff
5c8bd0c2f891239145b9a187e6490a89c8af9f6b5224cea83884f6c5662d1b48
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5d3fbe3c8d35db71a45f86f973e32aebf28c72dfdaa6a5ca75b1638048f6a85e
5edeeb03f8fbbdcedb1d584d010a24de5e77d2b9866613b77daebba8d292eaa0
5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67
5efc09ad5a48e758ae377628d00834f95b7e66a96f25a47538014ad6c0b78e01
61c670d66466b3cc1f2710f83bea12ed2dcd359b99dc3d3fca2cf89c851a3990
63edd531da6839d9bbc5a196b56e04299407dfdb7245a30f3b89b0d2ed802f6b
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
64d0337238234ac7c0e7cc719c85ec7cc304664e479ac4aaedcc155c4e75e43c
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
67b40a6657ee7dc5c1c6c173e5991098a4522f5af8ca1d67ed3c36bf81d1a60b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6dfe1e05661b087111ce1b280d4f082cbfd2b786a0941224da5af2ce1b29fb75
6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122
6f6b8baee22d33d5e994228c549bdf6eab7c50562bc5ce49d10a89727af4ed60
7044348fa5a2245fc25fdec5804f0201ff34001468141e4e5d59552d0f6042c8
70c7de95ea7b8177b26053832937670fa1e20ce098a9adbc302b7c8c59c880bd
713b670ac191be64a1f7e1ef97d24463b753583ebbf5ab573226c129165c9fd7
718c820f565e8ec3c9519b18a609223422cdcfa8d8de97294e762a7f81b12247
71f33fbdf52cde5ccd310865b5272b92f95714750cd2b66062ca30b7c8e8b2d5
72e9dedad5ae1d6fc10bc3d710107804132b2f5848a034c7daf968d1dc53ac1d
73c6f67924440e537bf7df79a8a765e0d9c78a0c69a559d12b436fe8431341b4
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
73e343266a31228959d5c096229f1582db31af8c51ff04e624ec4bf3c598416e
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
74d3670d23e0bfd7571d066cb1f2a803c955b1933ad3ef55e6cf984229616599
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
760d7525a654b1ac6b2da0bf30a513870bf2b1e39c93bc7802406685d0f9a3be
7649d2f4a0b20a657ff6b89a33b94ea8acc8c5daee72935e3eb5aa24284c6e51
764eeb60237503651e47fe9c91b2eb64f6c295e91be8f1ab43661b0d5bfb9153
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433
77cd617eb529280c3449c3d436b19146ca9e7b2a376e6750f5282a5548f0e017
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
79c65b0465027f8ba33a27cc84397da1ca9aae6a2782c6e5445ad5ec5b09cfb1
7ce4f4e6fadd6c2dd61dc08e11163c6dba3e41bf01e636d53fae87e3ed42cc77
807d569a0269641cf846ccde02931d975c6d3172cdb9df78f436a325f14a5b98
80b47c89ad12957e2f936f5b0dcbb4590c359cbc89e5050da3493f24604f7632
80c5c6025695fa6899d1c7d0b4d7d9816da8c1d5d694d9714c6c196340602263
80e0d7afcd7ab86890b3f92902f7279fefafed9c2a883b3d16b3817d9a565098
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86377b80827686f76d68e3cad5aa584040b8d69e0b17172e8f4c7b2eb5653cd2
867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8abd8abb88a920036a92c78b5f15e775365e4b59b43268a95b74eb3e0b5be725
8b4f7b1fbc6798d9fdb1704728d74fb7c5b3f3c8e8976d4d9f434ea4df9436c9
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8
903c143e96b69858fbbf1827094da475e5e5f36b2b6a005a665a944d45ebbdaf
91eb7eb6478ba4d4d9d0e855e07a58606d77b0bbc0e71b12e55696b4847d8a6f
92d27b7003b6713c05a135a723416d2676d213ff31a60af4f088b02556624633
93326772c35f1eb84dce912da5bf0934aee2d22abdd94c35786bf4cc7e472822
980e81c9c89ff9c2db93bcbe5411886b3cfeae0b4d24df3d443469b4ba829105
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9d01ec96f06c6e44d9ff438de7f550e0f79ebe844bd137dd419d21127f312b76
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a2e2946f7c7250d2fcd49dc2e9f58c26fd64a837d358d21778888119857e7449
a41492dbca955d5303c86aab7e60af2af2bde50acb573d8492b600cf3a318e60
a43679ef47d0fa04890f4af0765213fda6c4f40af1fb47b670839bf8493e8f6a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6bbe603756885c9620ae02a349548044dc9170f0c47227f83ebfed9f4388a0a
a6ddc606a5f92ca03f0ba41bc12275db3d2854546069c7ea5cba3e825c47f484
a913544a3a6e1174f8c6771047b6ea6eb5c14615b4b5ddec3a6c13ca5c7447fd
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ab05c2c2fceba76c53f7598fb162eb2312c109764cad98e68abb1055c8a3c2e4
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ae15605c72965f9478f2565fd1b0ca4af8e760ef332a12afbb8787dd2133202d
af90e1420d540cacc9dbe6df01efcfd660b70cf1dbc3c3fda37755ab5eb1a56b
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499
b123414eeb90d7b0ab2f16c13adc7358e6472e873d15f6709c4cd7f2075f7c00
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b331819eebe42190694cc65de4796dd32ccfa7d0c754e505df359af3fc0518a6
b3c77bee344231abc64c92f5d453e1def424cd3eeefc7ca5bccfa0e4933e379e
b4bd1ca758f1edc2476ab9f6b5d1ee6122c4544931a0ca0ce2099fa4aa99b153
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
b58849a9a49aac3edc65a710bfa7efbea1b997fb97e20474d3c174b212733ee0
b5d5ec66284c16042a63fce69599d2bcb60e2fe187b3f608d00d7ba051eb22d8
b5e437e858684489065e8c849c2f635fbbe77d45665b69985e9929a1746baab7
b61e33b27c79244c6121e22eb8887dd61d2d17833ae22d8a3524cce56f54fbd4
b6a6c5954b3ded44b34412778aa9112112fd05b51a643ba68e3a473c91b77870
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7a5e3e39b58a244eeafae673509c534d45231161f91dfd367f13d5dc24806f8
b7c2309c6e08de495b618ca1d7325a767ce1f1921447efad9eb29fb42824d611
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
baa4d5e34e6e6a777dc4a6cd5eb9faf3563a0870157fe913fb760282f6fba0d5
bb31b904dbeee641950494649724a1883b489e2698318a41512319174d50fa6c
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bea193129c30ade4d0bf896149dcca439a6284e70288aec5fd11859f46a17f22
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bfefa9fdba5c9075a1c2ccb53a3a402d33a46a6f6b4145fb66224c16b4cbaa3c
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c494afaf6d0abca5aa11af1e415a27b09967b79cea7e8b5b9e92908fe673deeb
c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9
c522b742b16bf3efe11acde562f20343e5d30f5f761ea20a4e516efd86ac7834
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c81ec9ce98dd2562702657a24118bfbfbd4c18bbbc38dd84b0a9022155dc6fe8
cbf1a9489083789521cb679dc2a8aa50b5e385e320455234f497e90f83bc1f48
cce39de614a5c43a7f42c2e59c3572f68beff1a3d98fae5cc5f28cf9c9e0027a
cd1aa1b17ad107887c38eedf2e24ab209a184dfd3abdae3484d36e10d74cbbb2
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
cec1a8e1fd706debcbf04f84699a6ba787d9ac4c9c1e29d10f5b77c0efdfd8c4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d22884064f4d7b34e4a0c7ef2767d21363923c795416100088d9d910a32a63c5
d2dabe099eb555c4a047798adb53797e023b83840d8566858fb13e6c28cb2472
d2e1117e3dd8100eda4042bb9d2970303e6772f25611fb5b1b14eddb11ee83d4
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d8718c22fb7db0cd1fba4e724360f1c0ce2daa683c4ca0e67eb3d6c4f2a9f37b
d8c74fee3fb8f3173612b3e08e7e81c8b8f228c27d4c63d9af2c944a9ee4ef72
d8f19e0e00b13abdd64a3dac23b51ab26f8ff9d546689d9ae197b358787c5ed9
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7
de179e4170de586abf6c3934f291f1a7aa904b38920fb8fde6c38cb33f128fce
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e03cf26b650a6c1052cded32b05ea62a881ca97176f9768610d6851d580cb305
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e50aedab618d4ce833383a2840f2941634b34220858847eef5ff5ba8871aa471
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e71394d47d07efdf4b98d4300ba8be85f1b807907b4739f9b82cd1e8bb458d62
e7c043afd47d2ec49eeea5bac2de40d01df271069e33c1ebf590250c9f38f7c3
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
ece2f1e49029966317aca28a7ef0c89f3149eb3a5aad1b279d84f14002511cff
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f11bdfabaec3862d1e1a679b6c9257c93502abc17d50e84918fc46cd7b3bebad
f13151645b6849a2f885f9bc857a491071a0fba0b965aa46fa510ee5620aa5bc
f13fcfbc4f3ab557e9e4380a0bb2ba9418fb6ee25deb1582c3930ba11ff20de2
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3d70165d1438b13b94b2aebf55f853777b6f44c8ca0b3473728bfefa90b115f
f5392240b17a6fd3e3b2a8cfdd5460bf031ddd3bf708a239b737649366ec3d30
f6577ee303658159e42e5066ce2d0d276a3b95a91f6eb7c1fed2eca4e753094f
f679427e2eb7299c10a69bb7e4438018313f9a1f2276546d1db46294b70936c1
f7267b4c4becc62e48231ebdb1007abfeffa9cd4f5f88771f2b25f15992dfe2b
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b
f9405730533352ece60dc4c23d8cb6dd16158fdcdc419343bda3c55a7573ba65
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
fb85e3fbbbccd743a931c7bc95c50cf030240e3931325d14072f6136873b3e5f
fcc5b5e7de2165c1563cc3d7590b4e20eedc2a0b21b823e2877a6423a79406a0
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fed98a851574b242046faa9be575bfdf7a9982c1e43f887f723e2e1010dc741e

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

526 Requests

99 %HTTPS

26 %IPv6

101 Domains

175 Subdomains

115 IPs

11 Countries

4127 kBTransfer

6815 kBSize

154 Cookies

19 Outgoing links

Redirected requests

526 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

526
Requests

99 %
HTTPS

26 %
IPv6

101
Domains

175
Subdomains

115
IPs

11
Countries

4127 kB
Transfer

6815 kB
Size

154
Cookies

526 HTTP transactions
12 data transactions